Solved Trojan.Maljavagen23 & various PUBs

[glhglh]

inorder to post the above, I rebooted, opened techstop, and it took three times to post. the only way
I get to post is to have my left hand ready to paste, and the mouse on the post reply button, and post it right away.

this is strange.

 

[glhglh]

is there a program to see if the network or router has been hacked, and someone is using it to send things out?

when I find that one of the computers' connection has been changed from domain.local to public network #2, and look at the local area connection status, the "sent" activity is higher by a factor of 10 then the received. different than when it is right.

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[glhglh]

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-08-07 15:02:41 Run:1
Running from E:\
==============================================

The operation completed successfully.
The operation completed successfully.
==== End of Fixlog ====

 

[glhglh]

15:10:45.0254 2756 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:10:45.0332 2756 ============================================================
15:10:45.0332 2756 Current date / time: 2012/08/07 15:10:45.0332
15:10:45.0332 2756 SystemInfo:
15:10:45.0332 2756
15:10:45.0332 2756 OS Version: 6.0.6002 ServicePack: 2.0
15:10:45.0332 2756 Product type: Workstation
15:10:45.0332 2756 ComputerName: BEN-DEL
15:10:45.0332 2756 UserName: Benjamin
15:10:45.0332 2756 Windows directory: C:\Windows
15:10:45.0332 2756 System windows directory: C:\Windows
15:10:45.0332 2756 Processor architecture: Intel x86
15:10:45.0332 2756 Number of processors: 2
15:10:45.0332 2756 Page size: 0x1000
15:10:45.0332 2756 Boot type: Normal boot
15:10:45.0332 2756 ============================================================
15:10:47.0438 2756 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:47.0453 2756 Drive \Device\Harddisk1\DR1 - Size: 0x3BA800000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:10:47.0453 2756 ============================================================
15:10:47.0453 2756 \Device\Harddisk0\DR0:
15:10:47.0453 2756 MBR partitions:
15:10:47.0453 2756 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A18800
15:10:47.0453 2756 \Device\Harddisk1\DR1:
15:10:47.0453 2756 MBR partitions:
15:10:47.0453 2756 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0x1DD2080
15:10:47.0453 2756 ============================================================
15:10:47.0516 2756 C: <-> \Device\Harddisk0\DR0\Partition0
15:10:47.0516 2756 ============================================================
15:10:47.0516 2756 Initialize success
15:10:47.0516 2756 ============================================================
15:10:57.0235 2148 ============================================================
15:10:57.0250 2148 Scan started
15:10:57.0250 2148 Mode: Manual;
15:10:57.0250 2148 ============================================================
15:10:58.0030 2148 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:10:58.0046 2148 ACPI - ok
15:10:58.0249 2148 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:10:58.0373 2148 AdobeFlashPlayerUpdateSvc - ok
15:10:58.0483 2148 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:10:58.0498 2148 adp94xx - ok
15:10:58.0654 2148 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:10:58.0670 2148 adpahci - ok
15:10:58.0701 2148 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:10:58.0717 2148 adpu160m - ok
15:10:58.0763 2148 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:10:58.0779 2148 adpu320 - ok
15:10:58.0841 2148 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:10:58.0841 2148 AeLookupSvc - ok
15:10:58.0904 2148 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:10:58.0919 2148 AFD - ok
15:10:58.0966 2148 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:10:58.0966 2148 agp440 - ok
15:10:59.0013 2148 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:10:59.0013 2148 aic78xx - ok
15:10:59.0029 2148 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:10:59.0044 2148 ALG - ok
15:10:59.0060 2148 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:10:59.0075 2148 aliide - ok
15:10:59.0122 2148 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:10:59.0122 2148 amdagp - ok
15:10:59.0169 2148 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:10:59.0169 2148 amdide - ok
15:10:59.0263 2148 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:10:59.0263 2148 AmdK7 - ok
15:10:59.0278 2148 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:10:59.0294 2148 AmdK8 - ok
15:10:59.0341 2148 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:10:59.0341 2148 Appinfo - ok
15:10:59.0403 2148 AppMgmt (0fe769cae5855b53c90e23f85e7e89ff) C:\Windows\System32\appmgmts.dll
15:10:59.0419 2148 AppMgmt - ok
15:10:59.0450 2148 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:10:59.0450 2148 arc - ok
15:10:59.0497 2148 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:10:59.0497 2148 arcsas - ok
15:10:59.0528 2148 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:10:59.0528 2148 AsyncMac - ok
15:10:59.0575 2148 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:10:59.0575 2148 atapi - ok
15:10:59.0668 2148 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:10:59.0684 2148 AudioEndpointBuilder - ok
15:10:59.0699 2148 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:10:59.0699 2148 Audiosrv - ok
15:10:59.0793 2148 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:10:59.0809 2148 b57nd60x - ok
15:10:59.0871 2148 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:10:59.0871 2148 Beep - ok
15:10:59.0965 2148 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:10:59.0980 2148 BFE - ok
15:11:00.0448 2148 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120711.012\BHDrvx86.sys
15:11:00.0464 2148 BHDrvx86 - ok
15:11:00.0573 2148 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:11:00.0604 2148 BITS - ok
15:11:00.0667 2148 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:11:00.0667 2148 blbdrive - ok
15:11:00.0713 2148 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:11:00.0713 2148 bowser - ok
15:11:00.0791 2148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:11:00.0791 2148 BrFiltLo - ok
15:11:00.0823 2148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:11:00.0838 2148 BrFiltUp - ok
15:11:00.0916 2148 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:11:00.0916 2148 Browser - ok
15:11:00.0994 2148 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:11:00.0994 2148 Brserid - ok
15:11:01.0010 2148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:11:01.0025 2148 BrSerWdm - ok
15:11:01.0041 2148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:11:01.0041 2148 BrUsbMdm - ok
15:11:01.0072 2148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:11:01.0088 2148 BrUsbSer - ok
15:11:01.0119 2148 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:11:01.0119 2148 BTHMODEM - ok
15:11:01.0587 2148 catchme - ok
15:11:01.0634 2148 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:11:01.0634 2148 cdfs - ok
15:11:01.0727 2148 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:11:01.0727 2148 cdrom - ok
15:11:01.0790 2148 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:11:01.0790 2148 CertPropSvc - ok
15:11:01.0868 2148 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:11:01.0868 2148 circlass - ok
15:11:01.0930 2148 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:11:01.0946 2148 CLFS - ok
15:11:02.0039 2148 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:11:02.0039 2148 clr_optimization_v2.0.50727_32 - ok
15:11:02.0117 2148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:11:02.0117 2148 clr_optimization_v4.0.30319_32 - ok
15:11:02.0195 2148 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:11:02.0195 2148 CmBatt - ok
15:11:02.0320 2148 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:11:02.0320 2148 cmdide - ok
15:11:02.0351 2148 COH_Mon - ok
15:11:02.0383 2148 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:11:02.0383 2148 Compbatt - ok
15:11:02.0398 2148 COMSysApp - ok
15:11:02.0414 2148 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:11:02.0414 2148 crcdisk - ok
15:11:02.0461 2148 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:11:02.0461 2148 Crusoe - ok
15:11:02.0523 2148 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:11:02.0523 2148 CryptSvc - ok
15:11:02.0648 2148 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
15:11:02.0663 2148 CSC - ok
15:11:02.0741 2148 CscService (0a2095f92f6ae4fe6484d911b0c21e95) C:\Windows\System32\cscsvc.dll
15:11:02.0741 2148 CscService - ok
15:11:02.0866 2148 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:11:02.0975 2148 DcomLaunch - ok
15:11:03.0100 2148 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:11:03.0116 2148 DfsC - ok
15:11:03.0724 2148 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:11:03.0802 2148 DFSR - ok
15:11:04.0442 2148 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:11:04.0442 2148 Dhcp - ok
15:11:04.0551 2148 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:11:04.0551 2148 disk - ok
15:11:04.0582 2148 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:11:04.0582 2148 Dnscache - ok
15:11:04.0769 2148 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:11:04.0801 2148 dot3svc - ok
15:11:04.0863 2148 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:11:04.0863 2148 DPS - ok
15:11:04.0941 2148 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:11:04.0941 2148 drmkaud - ok
15:11:05.0113 2148 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:11:05.0128 2148 DXGKrnl - ok
15:11:05.0191 2148 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:11:05.0191 2148 E1G60 - ok
15:11:05.0331 2148 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:11:05.0331 2148 EapHost - ok
15:11:05.0409 2148 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:11:05.0409 2148 Ecache - ok
15:11:05.0643 2148 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:11:05.0643 2148 eeCtrl - ok
15:11:05.0737 2148 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:11:05.0752 2148 elxstor - ok
15:11:06.0142 2148 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:11:06.0205 2148 EMDMgmt - ok
15:11:06.0376 2148 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:11:06.0376 2148 EraserUtilRebootDrv - ok
15:11:06.0439 2148 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:11:06.0439 2148 ErrDev - ok
15:11:06.0548 2148 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:11:06.0548 2148 EventSystem - ok
15:11:06.0626 2148 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:11:06.0626 2148 exfat - ok
15:11:06.0782 2148 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:11:06.0782 2148 fastfat - ok
15:11:06.0875 2148 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
15:11:06.0891 2148 Fax - ok
15:11:06.0938 2148 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:11:06.0938 2148 fdc - ok
15:11:07.0016 2148 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:11:07.0016 2148 fdPHost - ok
15:11:07.0047 2148 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:11:07.0047 2148 FDResPub - ok
15:11:07.0063 2148 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:11:07.0063 2148 FileInfo - ok
15:11:07.0109 2148 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:11:07.0109 2148 Filetrace - ok
15:11:07.0125 2148 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:11:07.0125 2148 flpydisk - ok
15:11:07.0172 2148 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:11:07.0172 2148 FltMgr - ok
15:11:07.0312 2148 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:11:07.0343 2148 FontCache - ok
15:11:07.0484 2148 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:11:07.0484 2148 FontCache3.0.0.0 - ok
15:11:07.0515 2148 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:11:07.0515 2148 Fs_Rec - ok
15:11:07.0562 2148 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:11:07.0562 2148 gagp30kx - ok
15:11:07.0671 2148 Giraffic - ok
15:11:07.0952 2148 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:11:07.0967 2148 gpsvc - ok
15:11:08.0061 2148 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:11:08.0092 2148 HdAudAddService - ok
15:11:08.0186 2148 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:11:08.0217 2148 HDAudBus - ok
15:11:08.0264 2148 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:11:08.0279 2148 HidBth - ok
15:11:08.0326 2148 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:11:08.0342 2148 HidIr - ok
15:11:08.0389 2148 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
15:11:08.0389 2148 hidserv - ok
15:11:08.0451 2148 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:11:08.0451 2148 HidUsb - ok
15:11:08.0482 2148 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:11:08.0482 2148 hkmsvc - ok
15:11:08.0513 2148 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:11:08.0529 2148 HpCISSs - ok
15:11:08.0607 2148 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
15:11:08.0607 2148 HSFHWAZL - ok
15:11:08.0716 2148 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
15:11:08.0779 2148 HSF_DPV - ok
15:11:08.0903 2148 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:11:08.0919 2148 HTTP - ok
15:11:08.0966 2148 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:11:08.0981 2148 i2omp - ok
15:11:09.0059 2148 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:11:09.0059 2148 i8042prt - ok
15:11:09.0278 2148 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:11:09.0309 2148 iaStorV - ok
15:11:09.0902 2148 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:11:09.0949 2148 idsvc - ok
15:11:10.0261 2148 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120801.001\IDSvix86.sys
15:11:10.0276 2148 IDSVix86 - ok
15:11:11.0899 2148 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:11:11.0914 2148 iirsp - ok
15:11:12.0398 2148 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:11:12.0491 2148 IKEEXT - ok
15:11:12.0647 2148 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:11:12.0647 2148 intelide - ok
15:11:12.0725 2148 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:11:12.0725 2148 intelppm - ok
15:11:12.0866 2148 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:11:12.0866 2148 IPBusEnum - ok
15:11:12.0944 2148 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:11:12.0959 2148 IpFilterDriver - ok
15:11:13.0318 2148 iphlpsvc (7f83b06a929a981bc001b2ea304d2036) C:\Windows\System32\iphlpsvc.dll
15:11:13.0443 2148 iphlpsvc - ok
15:11:13.0459 2148 IpInIp - ok
15:11:13.0599 2148 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:11:13.0615 2148 IPMIDRV - ok
15:11:13.0646 2148 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:11:13.0677 2148 IPNAT - ok
15:11:13.0755 2148 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:11:13.0771 2148 IRENUM - ok
15:11:13.0802 2148 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:11:13.0817 2148 isapnp - ok
15:11:14.0051 2148 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:11:14.0067 2148 iScsiPrt - ok
15:11:14.0114 2148 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:11:14.0129 2148 iteatapi - ok
15:11:14.0176 2148 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:11:14.0192 2148 iteraid - ok
15:11:14.0223 2148 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:11:14.0223 2148 kbdclass - ok
15:11:14.0285 2148 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:11:14.0285 2148 kbdhid - ok
15:11:14.0410 2148 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:14.0410 2148 KeyIso - ok
15:11:14.0894 2148 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:11:15.0065 2148 KSecDD - ok
15:11:15.0752 2148 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:11:15.0783 2148 KtmRm - ok
15:11:15.0877 2148 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
15:11:15.0892 2148 LanmanServer - ok
15:11:16.0048 2148 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:11:16.0048 2148 LanmanWorkstation - ok
15:11:16.0173 2148 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:11:16.0173 2148 lltdio - ok
15:11:16.0501 2148 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:11:16.0594 2148 lltdsvc - ok
15:11:16.0641 2148 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:11:16.0641 2148 lmhosts - ok
15:11:16.0844 2148 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:11:16.0891 2148 LSI_FC - ok
15:11:16.0969 2148 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:11:17.0000 2148 LSI_SAS - ok
15:11:17.0125 2148 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:11:17.0187 2148 LSI_SCSI - ok
15:11:17.0312 2148 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:11:17.0343 2148 luafv - ok
15:11:17.0546 2148 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:11:17.0577 2148 megasas - ok
15:11:18.0825 2148 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:11:19.0043 2148 MegaSR - ok
15:11:19.0184 2148 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:11:19.0184 2148 MMCSS - ok
15:11:19.0293 2148 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:11:19.0293 2148 Modem - ok
15:11:19.0667 2148 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:11:19.0667 2148 monitor - ok
15:11:19.0886 2148 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:11:19.0886 2148 mouclass - ok
15:11:19.0964 2148 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:11:19.0979 2148 mouhid - ok
15:11:20.0213 2148 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:11:20.0229 2148 MountMgr - ok
15:11:20.0900 2148 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:11:20.0947 2148 MozillaMaintenance - ok
15:11:21.0524 2148 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:11:21.0571 2148 mpio - ok
15:11:21.0820 2148 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:11:21.0820 2148 mpsdrv - ok
15:11:22.0522 2148 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:11:22.0600 2148 MpsSvc - ok
15:11:22.0694 2148 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:11:22.0709 2148 Mraid35x - ok
15:11:23.0037 2148 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:11:23.0084 2148 MRxDAV - ok
15:11:23.0146 2148 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:11:23.0146 2148 mrxsmb - ok
15:11:23.0739 2148 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:11:23.0755 2148 mrxsmb10 - ok
15:11:24.0051 2148 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:11:24.0082 2148 mrxsmb20 - ok
15:11:24.0207 2148 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
15:11:24.0223 2148 msahci - ok
15:11:24.0410 2148 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:11:24.0503 2148 msdsm - ok
15:11:24.0675 2148 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:11:24.0722 2148 MSDTC - ok
15:11:24.0847 2148 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:11:24.0878 2148 Msfs - ok
15:11:24.0987 2148 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:11:24.0987 2148 msisadrv - ok
15:11:25.0424 2148 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:11:25.0455 2148 MSiSCSI - ok
15:11:25.0455 2148 msiserver - ok
15:11:25.0564 2148 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:11:25.0564 2148 MSKSSRV - ok
15:11:25.0627 2148 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:11:25.0658 2148 MSPCLOCK - ok
15:11:25.0720 2148 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:11:25.0736 2148 MSPQM - ok
15:11:25.0814 2148 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:11:25.0923 2148 MsRPC - ok
15:11:25.0985 2148 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:11:25.0985 2148 mssmbios - ok
15:11:26.0032 2148 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:11:26.0032 2148 MSTEE - ok
15:11:26.0219 2148 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:11:26.0235 2148 Mup - ok
15:11:26.0921 2148 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:11:27.0046 2148 napagent - ok
15:11:27.0514 2148 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

 

[glhglh]

15:11:27.0608 2148 NativeWifiP - ok
15:11:28.0497 2148 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVENG.SYS
15:11:28.0497 2148 NAVENG - ok
15:11:32.0023 2148 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120801.004\NAVEX15.SYS
15:11:32.0054 2148 NAVEX15 - ok
15:11:33.0177 2148 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:11:33.0193 2148 NDIS - ok
15:11:33.0255 2148 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:11:33.0255 2148 NdisTapi - ok
15:11:33.0271 2148 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:11:33.0286 2148 Ndisuio - ok
15:11:33.0317 2148 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:11:33.0317 2148 NdisWan - ok
15:11:33.0364 2148 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:11:33.0364 2148 NDProxy - ok
15:11:33.0395 2148 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:11:33.0395 2148 NetBIOS - ok
15:11:33.0551 2148 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:11:33.0567 2148 netbt - ok
15:11:33.0661 2148 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:33.0661 2148 Netlogon - ok
15:11:33.0848 2148 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:11:33.0863 2148 Netman - ok
15:11:33.0926 2148 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:11:33.0941 2148 netprofm - ok
15:11:34.0051 2148 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:11:34.0066 2148 NetTcpPortSharing - ok
15:11:34.0534 2148 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:11:35.0080 2148 NETw3v32 - ok
15:11:35.0860 2148 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:11:35.0860 2148 nfrd960 - ok
15:11:35.0985 2148 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:11:35.0985 2148 NlaSvc - ok
15:11:36.0094 2148 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:11:36.0094 2148 Npfs - ok
15:11:36.0188 2148 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:11:36.0188 2148 nsi - ok
15:11:36.0219 2148 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:11:36.0235 2148 nsiproxy - ok
15:11:36.0609 2148 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:11:36.0905 2148 Ntfs - ok
15:11:36.0937 2148 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:11:36.0983 2148 ntrigdigi - ok
15:11:37.0030 2148 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:11:37.0046 2148 Null - ok
15:11:38.0091 2148 nvlddmkm (cfddedc1151839dd71f78472645214a5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:11:38.0684 2148 nvlddmkm - ok
15:11:39.0542 2148 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:11:39.0557 2148 nvraid - ok
15:11:39.0604 2148 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:11:39.0604 2148 nvstor - ok
15:11:39.0776 2148 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:11:39.0776 2148 nv_agp - ok
15:11:39.0791 2148 NwlnkFlt - ok
15:11:39.0807 2148 NwlnkFwd - ok
15:11:40.0150 2148 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:11:40.0166 2148 odserv - ok
15:11:40.0228 2148 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:11:40.0228 2148 ohci1394 - ok
15:11:40.0400 2148 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:11:40.0400 2148 ose - ok
15:11:40.0696 2148 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:40.0883 2148 p2pimsvc - ok
15:11:40.0915 2148 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:40.0930 2148 p2psvc - ok
15:11:41.0008 2148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:11:41.0024 2148 Parport - ok
15:11:41.0086 2148 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:11:41.0086 2148 partmgr - ok
15:11:41.0149 2148 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:11:41.0149 2148 Parvdm - ok
15:11:41.0211 2148 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:11:41.0227 2148 PcaSvc - ok
15:11:41.0320 2148 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:11:41.0320 2148 pci - ok
15:11:41.0383 2148 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:11:41.0398 2148 pciide - ok
15:11:41.0523 2148 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:11:41.0554 2148 pcmcia - ok
15:11:41.0835 2148 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:11:42.0053 2148 PEAUTH - ok
15:11:43.0005 2148 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:11:43.0301 2148 pla - ok
15:11:43.0988 2148 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:11:44.0003 2148 PlugPlay - ok
15:11:44.0159 2148 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:44.0175 2148 PNRPAutoReg - ok
15:11:44.0206 2148 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:11:44.0222 2148 PNRPsvc - ok
15:11:44.0471 2148 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:11:44.0487 2148 PolicyAgent - ok
15:11:44.0643 2148 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:11:44.0659 2148 PptpMiniport - ok
15:11:44.0721 2148 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:11:44.0752 2148 Processor - ok
15:11:44.0877 2148 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:11:44.0877 2148 ProfSvc - ok
15:11:44.0971 2148 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:44.0971 2148 ProtectedStorage - ok
15:11:45.0049 2148 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:11:45.0064 2148 PSched - ok
15:11:45.0657 2148 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:11:46.0359 2148 ql2300 - ok
15:11:46.0702 2148 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:11:46.0749 2148 ql40xx - ok
15:11:46.0999 2148 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:11:47.0030 2148 QWAVE - ok
15:11:47.0092 2148 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:11:47.0092 2148 QWAVEdrv - ok
15:11:47.0170 2148 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:11:47.0186 2148 RasAcd - ok
15:11:47.0435 2148 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:11:47.0451 2148 RasAuto - ok
15:11:47.0638 2148 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:11:47.0716 2148 Rasl2tp - ok
15:11:48.0278 2148 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:11:48.0325 2148 RasMan - ok
15:11:48.0403 2148 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:11:48.0418 2148 RasPppoe - ok
15:11:48.0559 2148 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:11:48.0559 2148 RasSstp - ok
15:11:48.0777 2148 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:11:48.0855 2148 rdbss - ok
15:11:48.0917 2148 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:11:48.0949 2148 RDPCDD - ok
15:11:49.0307 2148 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
15:11:49.0354 2148 rdpdr - ok
15:11:49.0417 2148 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:11:49.0417 2148 RDPENCDD - ok
15:11:49.0682 2148 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:11:49.0697 2148 RDPWD - ok
15:11:49.0822 2148 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:11:49.0869 2148 RemoteAccess - ok
15:11:50.0072 2148 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:11:50.0087 2148 RemoteRegistry - ok
15:11:50.0165 2148 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:11:50.0181 2148 RpcLocator - ok
15:11:50.0977 2148 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:11:50.0992 2148 RpcSs - ok
15:11:51.0101 2148 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:11:51.0117 2148 rspndr - ok
15:11:51.0211 2148 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:11:51.0226 2148 SamSs - ok
15:11:51.0460 2148 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:11:51.0491 2148 sbp2port - ok
15:11:51.0881 2148 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:11:51.0881 2148 SCardSvr - ok
15:11:52.0739 2148 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:11:52.0880 2148 Schedule - ok
15:11:52.0989 2148 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:11:52.0989 2148 SCPolicySvc - ok
15:11:53.0114 2148 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:11:53.0129 2148 SDRSVC - ok
15:11:53.0176 2148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:11:53.0176 2148 secdrv - ok
15:11:53.0254 2148 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:11:53.0254 2148 seclogon - ok
15:11:53.0301 2148 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:11:53.0317 2148 SENS - ok
15:11:53.0769 2148 SepMasterService (7e2c360b6cc0d87b8ef38439b53dfc71) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
15:11:53.0769 2148 SepMasterService - ok
15:11:53.0847 2148 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
15:11:53.0847 2148 Serenum - ok
15:11:54.0034 2148 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
15:11:54.0050 2148 Serial - ok
15:11:54.0143 2148 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:11:54.0159 2148 sermouse - ok
15:11:54.0331 2148 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:11:54.0346 2148 SessionEnv - ok
15:11:54.0409 2148 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

 

[glhglh]

15:11:54.0424 2148 sffdisk - ok
15:11:54.0502 2148 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:11:54.0502 2148 sffp_mmc - ok
15:11:54.0596 2148 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:11:54.0611 2148 sffp_sd - ok
15:11:54.0674 2148 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:11:54.0689 2148 sfloppy - ok
15:11:55.0189 2148 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:11:55.0204 2148 SharedAccess - ok
15:11:55.0532 2148 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:11:55.0532 2148 ShellHWDetection - ok
15:11:55.0641 2148 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:11:55.0688 2148 sisagp - ok
15:11:55.0766 2148 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:11:55.0781 2148 SiSRaid2 - ok
15:11:56.0031 2148 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:11:56.0093 2148 SiSRaid4 - ok
15:11:58.0714 2148 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:11:58.0777 2148 slsvc - ok
15:11:59.0479 2148 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:11:59.0494 2148 SLUINotify - ok
15:11:59.0603 2148 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:11:59.0619 2148 Smb - ok
15:12:00.0321 2148 SmcService (9fffea13a6181f1a92edbf023cdb6efd) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
15:12:00.0352 2148 SmcService - ok
15:12:00.0633 2148 SNAC (c83d26a2f51d8887b99acf86b7299716) C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe
15:12:00.0649 2148 SNAC - ok
15:12:01.0288 2148 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:12:01.0288 2148 SNMPTRAP - ok
15:12:01.0429 2148 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:12:01.0444 2148 spldr - ok
15:12:01.0538 2148 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:12:01.0538 2148 Spooler - ok
15:12:02.0006 2148 SRTSP (d1646b3db1e401a7fce2f82547d0ce32) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSP.SYS
15:12:02.0006 2148 SRTSP - ok
15:12:02.0162 2148 SRTSPX (ab26657d755cc81f073892d833de426b) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SRTSPX.SYS
15:12:02.0177 2148 SRTSPX - ok
15:12:02.0318 2148 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:12:02.0333 2148 srv - ok
15:12:02.0505 2148 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:12:02.0536 2148 srv2 - ok
15:12:02.0567 2148 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:12:02.0567 2148 srvnet - ok
15:12:02.0708 2148 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:12:02.0723 2148 SSDPSRV - ok
15:12:02.0864 2148 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:12:02.0864 2148 SstpSvc - ok
15:12:03.0519 2148 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:12:03.0613 2148 stisvc - ok
15:12:03.0706 2148 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:12:03.0706 2148 swenum - ok
15:12:03.0940 2148 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:12:04.0003 2148 swprv - ok
15:12:04.0081 2148 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:12:04.0081 2148 Symc8xx - ok
15:12:04.0346 2148 SymDS (4f52d56310fef75249914f352dde7d13) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMDS.SYS
15:12:04.0361 2148 SymDS - ok
15:12:04.0595 2148 SymEFA (6c30d676b806ed0324124c85146b46bc) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMEFA.SYS
15:12:04.0751 2148 SymEFA - ok
15:12:04.0829 2148 SymEvent (98d28d08e68145fb550ee7670b43baf2) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:12:04.0829 2148 SymEvent - ok
15:12:04.0954 2148 SymIRON (057ac299d7a61bab2a1bdc483280ae57) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\Ironx86.SYS
15:12:04.0954 2148 SymIRON - ok
15:12:05.0235 2148 SYMTDIV (d42a7229e333af725f1445f785e4658d) C:\Windows\system32\Drivers\SEP\0C01029F\136B.105\x86\SYMTDIV.SYS
15:12:05.0703 2148 SYMTDIV - ok
15:12:05.0781 2148 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:12:05.0781 2148 Sym_hi - ok
15:12:05.0828 2148 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:12:05.0859 2148 Sym_u3 - ok
15:12:07.0466 2148 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:12:07.0700 2148 SysMain - ok
15:12:07.0918 2148 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:12:07.0918 2148 TabletInputService - ok
15:12:08.0043 2148 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:12:08.0137 2148 TapiSrv - ok
15:12:08.0277 2148 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:12:08.0277 2148 TBS - ok
15:12:11.0116 2148 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:12:11.0771 2148 Tcpip - ok
15:12:11.0818 2148 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:12:11.0834 2148 Tcpip6 - ok
15:12:11.0943 2148 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:12:11.0959 2148 tcpipreg - ok
15:12:12.0395 2148 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:12:12.0411 2148 TDPIPE - ok
15:12:12.0458 2148 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:12:12.0458 2148 TDTCP - ok
15:12:12.0629 2148 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:12:12.0629 2148 tdx - ok
15:12:13.0363 2148 Teefer2 (1734c9a8fa3b853a221a8d937e0e23b4) C:\Windows\system32\DRIVERS\Teefer.sys
15:12:13.0363 2148 Teefer2 - ok
15:12:13.0831 2148 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:12:13.0846 2148 TermDD - ok
15:12:15.0859 2148 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:12:15.0952 2148 TermService - ok
15:12:16.0061 2148 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:12:16.0077 2148 Themes - ok
15:12:16.0186 2148 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:12:16.0186 2148 THREADORDER - ok
15:12:16.0280 2148 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:12:16.0295 2148 TrkWks - ok
15:12:16.0389 2148 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:12:16.0389 2148 TrustedInstaller - ok
15:12:16.0498 2148 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:12:16.0498 2148 tssecsrv - ok
15:12:16.0592 2148 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:12:16.0623 2148 tunmp - ok
15:12:16.0685 2148 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
15:12:16.0701 2148 tunnel - ok
15:12:16.0748 2148 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:12:16.0779 2148 uagp35 - ok
15:12:16.0873 2148 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:12:16.0888 2148 udfs - ok
15:12:16.0966 2148 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:12:16.0982 2148 UI0Detect - ok
15:12:17.0029 2148 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:12:17.0044 2148 uliagpkx - ok
15:12:17.0122 2148 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:12:17.0122 2148 uliahci - ok
15:12:17.0325 2148 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:12:17.0325 2148 UlSata - ok
15:12:17.0731 2148 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:12:17.0731 2148 ulsata2 - ok
15:12:17.0777 2148 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:12:17.0777 2148 umbus - ok
15:12:17.0965 2148 UmRdpService (8a66360f38f81e960e2367b428cbd5d9) C:\Windows\System32\umrdp.dll
15:12:17.0965 2148 UmRdpService - ok
15:12:18.0417 2148 Updater Service for StartNow Toolbar (87d6b7229afbba2ea523e28c5137c980) C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
15:12:18.0573 2148 Updater Service for StartNow Toolbar - ok
15:12:18.0682 2148 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:12:18.0713 2148 upnphost - ok
15:12:18.0854 2148 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:12:18.0869 2148 usbaudio - ok
15:12:18.0994 2148 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:12:19.0010 2148 usbccgp - ok
15:12:19.0135 2148 USBCCID (32c068eaf37c92d7194eee1faa1e7853) C:\Windows\system32\DRIVERS\usbccid.sys
15:12:19.0135 2148 USBCCID - ok
15:12:19.0213 2148 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:12:19.0244 2148 usbcir - ok
15:12:19.0369 2148 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:12:19.0384 2148 usbehci - ok
15:12:19.0556 2148 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:12:19.0556 2148 usbhub - ok
15:12:19.0649 2148 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:12:19.0649 2148 usbohci - ok
15:12:19.0696 2148 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:12:19.0712 2148 usbprint - ok
15:12:19.0868 2148 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:12:19.0868 2148 USBSTOR - ok
15:12:19.0977 2148 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:12:19.0977 2148 usbuhci - ok
15:12:20.0055 2148 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:12:20.0055 2148 UxSms - ok
15:12:20.0180 2148 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:12:20.0211 2148 vds - ok
15:12:20.0258 2148 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:12:20.0305 2148 vga - ok
15:12:20.0383 2148 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:12:20.0398 2148 VgaSave - ok
15:12:20.0617 2148 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:12:20.0632 2148 viaagp - ok
15:12:20.0726 2148 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:12:20.0726 2148 ViaC7 - ok
15:12:20.0788 2148 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:12:20.0788 2148 viaide - ok
15:12:20.0835 2148 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:12:20.0913 2148 volmgr - ok
15:12:21.0053 2148 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:12:21.0069 2148 volmgrx - ok
15:12:21.0631 2148 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:12:22.0426 2148 volsnap - ok
15:12:22.0535 2148 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:12:22.0894 2148 vsmraid - ok
15:12:24.0563 2148 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:12:24.0595 2148 VSS - ok
15:12:25.0109 2148 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:12:25.0125 2148 W32Time - ok
15:12:25.0250 2148 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:12:25.0250 2148 WacomPen - ok
15:12:25.0390 2148 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:25.0390 2148 Wanarp - ok
15:12:25.0390 2148 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:12:25.0406 2148 Wanarpv6 - ok
15:12:25.0687 2148 wbengine (20b23332885dfb93fe0185362ee811e9) C:\Windows\system32\wbengine.exe
15:12:25.0765 2148 wbengine - ok
15:12:25.0858 2148 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:12:25.0905 2148 wcncsvc - ok
15:12:25.0999 2148 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:12:26.0014 2148 WcsPlugInService - ok
15:12:26.0170 2148 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:12:26.0170 2148 Wd - ok
15:12:26.0264 2148 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:12:26.0295 2148 Wdf01000 - ok
15:12:26.0326 2148 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:26.0342 2148 WdiServiceHost - ok
15:12:26.0357 2148 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:12:26.0357 2148 WdiSystemHost - ok
15:12:26.0716 2148 Web Assistant Updater (efb3074bdbabe0a137d89d8e58f02392) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
15:12:26.0794 2148 Web Assistant Updater - ok
15:12:26.0857 2148 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:12:26.0903 2148 WebClient - ok
15:12:27.0933 2148 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:12:28.0042 2148 Wecsvc - ok
15:12:28.0541 2148 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:12:28.0557 2148 wercplsupport - ok
15:12:28.0869 2148 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:12:28.0885 2148 WerSvc - ok
15:12:29.0212 2148 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
15:12:31.0412 2148 winachsf - ok
15:12:31.0833 2148 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:12:34.0875 2148 WinDefend - ok
15:12:34.0891 2148 WinHttpAutoProxySvc - ok
15:12:36.0965 2148 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:12:37.0012 2148 Winmgmt - ok
15:12:39.0633 2148 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:12:39.0758 2148 WinRM - ok
15:12:40.0928 2148 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:12:41.0053 2148 Wlansvc - ok
15:12:41.0131 2148 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:12:41.0131 2148 WmiAcpi - ok
15:12:41.0755 2148 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:12:41.0801 2148 wmiApSrv - ok
15:12:46.0294 2148 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:12:46.0887 2148 WMPNetworkSvc - ok
15:12:47.0449 2148 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:12:47.0464 2148 WPDBusEnum - ok
15:12:51.0380 2148 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:12:51.0427 2148 WPFFontCache_v0400 - ok
15:12:51.0661 2148 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:12:51.0661 2148 ws2ifsl - ok
15:12:51.0785 2148 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
15:12:51.0832 2148 wscsvc - ok
15:12:51.0832 2148 WSearch - ok
15:12:56.0231 2148 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:12:56.0777 2148 wuauserv - ok
15:12:58.0634 2148 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:12:58.0665 2148 WUDFRd - ok
15:12:58.0837 2148 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:12:58.0852 2148 wudfsvc - ok
15:12:58.0899 2148 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:13:00.0958 2148 \Device\Harddisk0\DR0 - ok
15:13:00.0958 2148 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
15:13:02.0596 2148 \Device\Harddisk1\DR1 - ok
15:13:02.0627 2148 Boot (0x1200) (19ed1f8a7a82eaef25a488b38142a1ca) \Device\Harddisk0\DR0\Partition0
15:13:02.0643 2148 \Device\Harddisk0\DR0\Partition0 - ok
15:13:02.0659 2148 Boot (0x1200) (219f82527275bce1d68b1f36baf336a1) \Device\Harddisk1\DR1\Partition0
15:13:02.0659 2148 \Device\Harddisk1\DR1\Partition0 - ok
15:13:02.0659 2148 ============================================================
15:13:02.0659 2148 Scan finished
15:13:02.0659 2148 ============================================================
15:13:02.0690 3184 Detected object count: 0
15:13:02.0690 3184 Actual detected object count: 0

Description:
A problem caused this program to stop interacting with Windows.
Files that help describe the problem:
C:\Users\garyh\AppData\Local\Temp\WER5FE1.tmp.hdmp
C:\Users\garyh\AppData\Local\Temp\WER6F8B.tmp.xml
Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

 

[Broni]

Good

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[glhglh]

Combofix made it all the way through 50 stages. deleted many many many files (some I had recognized, and disabled in the Startup, prior to comming to you), rebooted, in the "preparing Log Report", Do not run any programs untio ComboFix has Finished.
"This application has requested the runtime to terminate in an unusual way. Please contact the application's support team for more information." in the combofix box

Also, a Windows box opened. "PEV.exe has stopped working"

a proglem caused the progtram to stop working correctly. Windows will close the program and notify you if a solution is available".

Shall I close?

 

[Broni]

a Windows box opened. "PEV.exe has stopped working"

If you can simply OK that window and Combofix is still running let it run.
If not re-run Combofix from safe mode.

 

[glhglh]

ComboFix 12-08-07.03 - Benjamin 08/07/2012 16:36:34.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.1241 [GMT -7:00]
Running from: c:\users\Benjamin\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Symantec Endpoint Protection *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bflixtoolbar
c:\program files\bflixtoolbar\chrome\content\lib\about.xml
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanel.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxpanelwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxprefwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxtransparentwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\dtxwin.xul
c:\program files\bflixtoolbar\chrome\content\lib\emailnotifierproviders.xml
c:\program files\bflixtoolbar\chrome\content\lib\external.js
c:\program files\bflixtoolbar\chrome\content\lib\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\lib\nsDragAndDrop.js
c:\program files\bflixtoolbar\chrome\content\lib\rsspreview.html
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xml
c:\program files\bflixtoolbar\chrome\content\lib\rsswin.xsl
c:\program files\bflixtoolbar\chrome\content\lib\vmncode.js
c:\program files\bflixtoolbar\chrome\content\lib\wmpstreamer.html
c:\program files\bflixtoolbar\chrome\content\modules\datastore.jsm
c:\program files\bflixtoolbar\chrome\content\neterror.xhtml
c:\program files\bflixtoolbar\chrome\content\newtab\images\btn_search.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\bullet.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\field_bg.gif
c:\program files\bflixtoolbar\chrome\content\newtab\images\powered_by_yahoo.gif
c:\program files\bflixtoolbar\chrome\content\newtab\newtab.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_mystart.html
c:\program files\bflixtoolbar\chrome\content\newtab\newtab_yahoo.html
c:\program files\bflixtoolbar\chrome\content\preferences.xml
c:\program files\bflixtoolbar\chrome\content\toolbar.htm
c:\program files\bflixtoolbar\chrome\content\toolbar.xul
c:\program files\bflixtoolbar\chrome\content\vmncode.js
c:\program files\bflixtoolbar\chrome\content\vmnrsswin.xml
c:\program files\bflixtoolbar\chrome\data\dynamicElements\vmntoolbar.xsl
c:\program files\bflixtoolbar\chrome\data\product.xml
c:\program files\bflixtoolbar\chrome\data\rss\rss.xml
c:\program files\bflixtoolbar\chrome\data\search\engines.xml
c:\program files\bflixtoolbar\chrome\data\search\search.xsl
c:\program files\bflixtoolbar\chrome\data\weather\icons.xml
c:\program files\bflixtoolbar\chrome\skin\1x1_png
c:\program files\bflixtoolbar\chrome\skin\1x1_white_png
c:\program files\bflixtoolbar\chrome\skin\about.gif
c:\program files\bflixtoolbar\chrome\skin\about_logo.png
c:\program files\bflixtoolbar\chrome\skin\arcade_png
c:\program files\bflixtoolbar\chrome\skin\babylon_logo.png
c:\program files\bflixtoolbar\chrome\skin\bflix_logo_png
c:\program files\bflixtoolbar\chrome\skin\blank_png
c:\program files\bflixtoolbar\chrome\skin\bluelite.gif
c:\program files\bflixtoolbar\chrome\skin\bluesky.gif
c:\program files\bflixtoolbar\chrome\skin\btn-search-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-settings.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\btn_settings.png
c:\program files\bflixtoolbar\chrome\skin\ca.png
c:\program files\bflixtoolbar\chrome\skin\dictionary.png
c:\program files\bflixtoolbar\chrome\skin\divider.png
c:\program files\bflixtoolbar\chrome\skin\downloadcom.png
c:\program files\bflixtoolbar\chrome\skin\dtxlogo.png
c:\program files\bflixtoolbar\chrome\skin\email.png
c:\program files\bflixtoolbar\chrome\skin\email_on.png
c:\program files\bflixtoolbar\chrome\skin\facebook.png
c:\program files\bflixtoolbar\chrome\skin\facebook_png
c:\program files\bflixtoolbar\chrome\skin\games.png
c:\program files\bflixtoolbar\chrome\skin\Games_png
c:\program files\bflixtoolbar\chrome\skin\graphna.png
c:\program files\bflixtoolbar\chrome\skin\graphred0.png
c:\program files\bflixtoolbar\chrome\skin\graphred0_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred1.png
c:\program files\bflixtoolbar\chrome\skin\graphred1_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred2.png
c:\program files\bflixtoolbar\chrome\skin\graphred2_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred3.png
c:\program files\bflixtoolbar\chrome\skin\graphred3_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred4.png
c:\program files\bflixtoolbar\chrome\skin\graphred4_5.png
c:\program files\bflixtoolbar\chrome\skin\graphred5.png
c:\program files\bflixtoolbar\chrome\skin\graphredna.png
c:\program files\bflixtoolbar\chrome\skin\grey.gif
c:\program files\bflixtoolbar\chrome\skin\ico-shield.png
c:\program files\bflixtoolbar\chrome\skin\images.png
c:\program files\bflixtoolbar\chrome\skin\lfg_smll_png
c:\program files\bflixtoolbar\chrome\skin\lib\add.png
c:\program files\bflixtoolbar\chrome\skin\lib\alexabutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\aol.png
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right-disabled.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-right.gif
c:\program files\bflixtoolbar\chrome\skin\lib\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btn-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-divider.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-end.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-mdl_ff.png
c:\program files\bflixtoolbar\chrome\skin\lib\bg-btnover-start.png
c:\program files\bflixtoolbar\chrome\skin\lib\blank.gif
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn-widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\btn_slider.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\btnright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\button-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\checkmark.png
c:\program files\bflixtoolbar\chrome\skin\lib\chevron.png
c:\program files\bflixtoolbar\chrome\skin\lib\collapse.png
c:\program files\bflixtoolbar\chrome\skin\lib\comcast.png
c:\program files\bflixtoolbar\chrome\skin\lib\debugbar\debug.html
c:\program files\bflixtoolbar\chrome\skin\lib\dtx-test.css
c:\program files\bflixtoolbar\chrome\skin\lib\dtx.css
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back-hot.png
c:\program files\bflixtoolbar\chrome\skin\lib\edit-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\embarq.png
c:\program files\bflixtoolbar\chrome\skin\lib\expand.png
c:\program files\bflixtoolbar\chrome\skin\lib\fast.png
c:\program files\bflixtoolbar\chrome\skin\lib\found.png
c:\program files\bflixtoolbar\chrome\skin\lib\gmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\gripper.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_blue.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_cyan.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_lime.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_magenta.png
c:\program files\bflixtoolbar\chrome\skin\lib\highlight_yellow.png
c:\program files\bflixtoolbar\chrome\skin\lib\hotmail.png
c:\program files\bflixtoolbar\chrome\skin\lib\ico-check.png
c:\program files\bflixtoolbar\chrome\skin\lib\imap.png
c:\program files\bflixtoolbar\chrome\skin\lib\lastsearch-thumb-back.gif
c:\program files\bflixtoolbar\chrome\skin\lib\launchers.css
c:\program files\bflixtoolbar\chrome\skin\lib\loadingMid.gif
c:\program files\bflixtoolbar\chrome\skin\lib\lock.png
c:\program files\bflixtoolbar\chrome\skin\lib\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\mailcom.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_bg-basic.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_bar.png
c:\program files\bflixtoolbar\chrome\skin\lib\menu_separator_white.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitem-splitter.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemback-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemleft.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-down-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\menuitemright-vista.png
c:\program files\bflixtoolbar\chrome\skin\lib\minus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\modify.png
c:\program files\bflixtoolbar\chrome\skin\lib\move.gif
c:\program files\bflixtoolbar\chrome\skin\lib\movetarget.png
c:\program files\bflixtoolbar\chrome\skin\lib\newsitem.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\panels.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupAbout.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupGames.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupRSS.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\css\popupWidgets.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\css\dialog.css
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\bg.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-search.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\btn-wide-close.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\default.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-off-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-l.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\tab-on-r.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\transparent.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\ttlbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-btm-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\images\win-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\main.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\default\scripts\defscript.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\footer.htm
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gamecategory.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameData.js
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gameList.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\games.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\gametype.xsl
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-dn.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml-drop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-sml.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrow-up.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\arrowr-bluew5.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-aboutbox.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-btnover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bg-pnl520x390.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-back.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-drag.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-mdl.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-moredetails.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-next.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-play-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-previous.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-right-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\btn-try-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\bullet-orange.gif
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\gamethumb2-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-calendar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-dollar.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-joystick24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-news24.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\ico-tags.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Add.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-download.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-Info.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-play.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\icon-shop.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgon.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\menul-bgover.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\panel-botm-noscroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg-206.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-bg.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scroll-topwin.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollb.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-disable.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\scrollt.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\star_x_orange.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-detailed-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-on.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\view-thumb-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-16px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets-square-24px.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\images\widgets.png
c:\program files\bflixtoolbar\chrome\skin\lib\panels\initHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupGames.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupHTML.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupRSS.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\popupWidgets.html
c:\program files\bflixtoolbar\chrome\skin\lib\panels\scroll.png
c:\program files\bflixtoolbar\chrome\skin\lib\plus.gif
c:\program files\bflixtoolbar\chrome\skin\lib\pop.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\manager.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\css\slider.css
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\bg-pnl.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-grey.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\btn-close-greyover.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\collapsed_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\expanded_button.gif
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-down.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation-over.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-playstation.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\images\ico-radio.png
c:\program files\bflixtoolbar\chrome\skin\lib\radio\managerpanel.html
c:\program files\bflixtoolbar\chrome\skin\lib\radio\volumeslider.html
c:\program files\bflixtoolbar\chrome\skin\lib\rank0.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank0_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank1_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank2_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank3_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank4_5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rank5.png
c:\program files\bflixtoolbar\chrome\skin\lib\rankna.png
c:\program files\bflixtoolbar\chrome\skin\lib\reload.png
c:\program files\bflixtoolbar\chrome\skin\lib\remove.png
c:\program files\bflixtoolbar\chrome\skin\lib\rename.gif
c:\program files\bflixtoolbar\chrome\skin\lib\resize-box.gif
c:\program files\bflixtoolbar\chrome\skin\lib\rss.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsschannelback.png
c:\program files\bflixtoolbar\chrome\skin\lib\RSSLogo.png
c:\program files\bflixtoolbar\chrome\skin\lib\rsstabdivider.gif
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-left.png
c:\program files\bflixtoolbar\chrome\skin\lib\scroll-right.png
c:\program files\bflixtoolbar\chrome\skin\lib\search-go.png
c:\program files\bflixtoolbar\chrome\skin\lib\search.png
c:\program files\bflixtoolbar\chrome\skin\lib\separator.png
c:\program files\bflixtoolbar\chrome\skin\lib\text-ellipsis.xml
c:\program files\bflixtoolbar\chrome\skin\lib\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\lib\toolbarsplitter.gif
c:\program files\bflixtoolbar\chrome\skin\lib\transparent_1px.gif
c:\program files\bflixtoolbar\chrome\skin\lib\weatherbutton.css
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-highrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-lowrisk.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-norating.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified-user.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verified.gif
c:\program files\bflixtoolbar\chrome\skin\lib\websiteinspector-verifying.gif
c:\program files\bflixtoolbar\chrome\skin\lib\yahoo.png
c:\program files\bflixtoolbar\chrome\skin\lichen.gif
c:\program files\bflixtoolbar\chrome\skin\Linked_in_png
c:\program files\bflixtoolbar\chrome\skin\logo-about.png
c:\program files\bflixtoolbar\chrome\skin\logo-over.png
c:\program files\bflixtoolbar\chrome\skin\logo-separator.png
c:\program files\bflixtoolbar\chrome\skin\logo.png
c:\program files\bflixtoolbar\chrome\skin\mail.png
c:\program files\bflixtoolbar\chrome\skin\menuseparatorback.gif
c:\program files\bflixtoolbar\chrome\skin\modify-save.png
c:\program files\bflixtoolbar\chrome\skin\modify.png
c:\program files\bflixtoolbar\chrome\skin\modifyhot.png
c:\program files\bflixtoolbar\chrome\skin\music.png
c:\program files\bflixtoolbar\chrome\skin\music_png
c:\program files\bflixtoolbar\chrome\skin\Myspace_png
c:\program files\bflixtoolbar\chrome\skin\namespacetoolbar.css
c:\program files\bflixtoolbar\chrome\skin\news.png
c:\program files\bflixtoolbar\chrome\skin\options-main.png
c:\program files\bflixtoolbar\chrome\skin\options-search.png
c:\program files\bflixtoolbar\chrome\skin\orange.gif
c:\program files\bflixtoolbar\chrome\skin\p_yahoo.png
c:\program files\bflixtoolbar\chrome\skin\pixsy.png
c:\program files\bflixtoolbar\chrome\skin\ppcbully.png
c:\program files\bflixtoolbar\chrome\skin\protect-id.png
c:\program files\bflixtoolbar\chrome\skin\relatedlinks.png
c:\program files\bflixtoolbar\chrome\skin\rss-collapse.png
c:\program files\bflixtoolbar\chrome\skin\rss-delete.png
c:\program files\bflixtoolbar\chrome\skin\rss-expand.png
c:\program files\bflixtoolbar\chrome\skin\rss-feed.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-remove.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder-rename.png
c:\program files\bflixtoolbar\chrome\skin\rss-folder.png
c:\program files\bflixtoolbar\chrome\skin\rss-found.png
c:\program files\bflixtoolbar\chrome\skin\rss-reload.png
c:\program files\bflixtoolbar\chrome\skin\rss-subscribe.png
c:\program files\bflixtoolbar\chrome\skin\rss.png
c:\program files\bflixtoolbar\chrome\skin\rssback.gif
c:\program files\bflixtoolbar\chrome\skin\rsstopback.gif
c:\program files\bflixtoolbar\chrome\skin\search-over.png
c:\program files\bflixtoolbar\chrome\skin\search.png
c:\program files\bflixtoolbar\chrome\skin\settings.png
c:\program files\bflixtoolbar\chrome\skin\shopping.png
c:\program files\bflixtoolbar\chrome\skin\siteinfo.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluelite.png
c:\program files\bflixtoolbar\chrome\skin\skin-bluesky.png
c:\program files\bflixtoolbar\chrome\skin\skin-grey.png
c:\program files\bflixtoolbar\chrome\skin\skin-lichen.png
c:\program files\bflixtoolbar\chrome\skin\skin-orange.png
c:\program files\bflixtoolbar\chrome\skin\skin-yellow.png
c:\program files\bflixtoolbar\chrome\skin\skin.xml
c:\program files\bflixtoolbar\chrome\skin\technorati.png
c:\program files\bflixtoolbar\chrome\skin\throbber.gif
c:\program files\bflixtoolbar\chrome\skin\toolbarsplitter.png
c:\program files\bflixtoolbar\chrome\skin\translate.png
c:\program files\bflixtoolbar\chrome\skin\TRUSTe_about.png
c:\program files\bflixtoolbar\chrome\skin\tv_png
c:\program files\bflixtoolbar\chrome\skin\twitter_png
c:\program files\bflixtoolbar\chrome\skin\vmn.css
c:\program files\bflixtoolbar\chrome\skin\vmn.png
c:\program files\bflixtoolbar\chrome\skin\Weather_png
c:\program files\bflixtoolbar\chrome\skin\web.png
c:\program files\bflixtoolbar\chrome\skin\websearch.png
c:\program files\bflixtoolbar\chrome\skin\wikipedia.png
c:\program files\bflixtoolbar\chrome\skin\yahoosearch.png
c:\program files\bflixtoolbar\chrome\skin\yellow.gif
c:\program files\bflixtoolbar\chrome\skin\youtube.png
c:\program files\bflixtoolbar\chrome\skin\zoom.png
c:\program files\bflixtoolbar\install.ico
c:\program files\bflixtoolbar\manifest.xml
c:\program files\bflixtoolbar\partner.xml
c:\program files\bflixtoolbar\uninstall.exe
c:\program files\bflixtoolbar\vmntemplate.dll
c:\program files\bflixtoolbar\vmntemplateX.dll
c:\program files\FREEzeFrog
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.11.14\inCRedibartlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files\QuestScan
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Reactivate.exe
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\Resources\images\btn-msn.png
c:\program files\StartNow Toolbar\Resources\images\chevronButton.png
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\separator.png
c:\program files\StartNow Toolbar\Resources\images\splitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\search_protect.exe
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\program files\StartNow Toolbar\XBrowser.dll
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\QuestScan
c:\users\Benjamin\AppData\Roaming\app
c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Benjamin\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\injection_button.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\popups.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\printerExternalAccessFF.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome.manifest
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\background.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\browser.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossrider.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\crossriderapi.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\dialog.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\options.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\search_dialog.xul
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\chrome\content\update.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\defaults\preferences\prefs.js
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\locale\en-US\translations.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button1.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button2.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button3.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button4.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\button5.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\crossrider_statusbar.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon24.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\icon48.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\panelarrow-up.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\popup_binding.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\skin.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\firefox-production\skin\update.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\install.rdf
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions\crossriderapp435@crossrider.com\skin\update.css
c:\users\Benjamin\Desktop\System Fix.lnk

 

[glhglh]

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-07 23:55 . 2012-08-08 00:01 -------- d-----w- c:\users\Benjamin\AppData\Local\temp
2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 23:55 . 2012-08-07 23:55 -------- d-----w- c:\users\glh\AppData\Local\temp
2012-08-05 16:53 . 2012-08-05 16:53 -------- d-----w- C:\tdsskiller
2012-08-04 20:15 . 2012-08-04 20:15 -------- d-----w- C:\FRST
2012-08-04 05:06 . 2012-08-04 05:13 -------- d-----w- C:\sewf8374ljk
2012-07-18 02:12 . 2012-07-18 02:12 -------- d-----w- c:\users\Benjamin\AppData\Local\Proxure
2012-07-18 02:11 . 2012-07-18 02:11 -------- d-----w- c:\programdata\ClubSanDisk
2012-07-17 21:53 . 2012-07-17 21:53 -------- d-----w- c:\program files\Oracle
2012-07-17 21:52 . 2012-07-06 05:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-17 21:47 . 2012-07-17 21:47 -------- d-----w- c:\programdata\McAfee
2012-07-13 23:47 . 2012-08-07 23:53 -------- d-----w- c:\program files\Web Assistant
2012-07-13 23:46 . 2012-07-13 23:46 -------- d-----w- c:\users\Benjamin\AppData\Local\Codec-V
2012-07-13 23:45 . 2012-08-01 20:04 -------- d-----w- c:\program files\Codec-V
2012-07-13 01:46 . 2012-07-13 01:46 -------- d-----w- c:\programdata\Graboid Inc
2012-07-12 14:51 . 2012-07-31 23:51 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-11 10:22 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:33 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-10 21:33 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 21:33 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 21:33 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 21:33 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 21:33 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-31 23:51 . 2012-04-04 15:33 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-31 23:51 . 2011-06-06 22:21 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:06 . 2011-04-11 20:13 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 22:19 . 2012-06-22 19:07 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 19:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 19:08 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 19:07 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 19:07 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 19:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 19:08 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 19:07 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-22 19:07 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-07-20 00:58 . 2011-09-02 05:46 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CrossRiderPlugin]
2011-05-15 22:01 478720 ----a-w- c:\program files\CrossriderWebApps\Crossrider.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]
2012-01-17 03:38 326776 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-06-23 06:11 116648 ----atw- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2011-06-30 10:11 2648184 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:51]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
- c:\users\Benjamin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-23 06:11]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8yUwZmOv&&I=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8yUwZmOv&loc=IB_TB&I=26&search=
FF - user.js: extensions.incredibar_i.id - b6c58df10000000000000019d2c91e5d
FF - user.js: extensions.incredibar_i.instlDay - 15534
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8yUwZmOv
FF - user.js: extensions.incredibar_i.upn2n - 92824700789347371
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 169%5F2
.
- - - - ORPHANS REMOVED - - - -
.
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll
SafeBoot-ccEvtMgr
SafeBoot-ccSetMgr
SafeBoot-Symantec Antivirus
SafeBoot-Symantec Antvirus
MSConfigStartUp-StartNow Search Protect - c:\program files\StartNow Toolbar\search_protect.exe
MSConfigStartUp-XeroxRegistation - c:\users\Benjamin\AppData\Local\Temp\Xerox\EReg\EReg.exe
AddRemove-bflixtoolbar - c:\program files\bflixtoolbar\uninstall.exe
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-07 17:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-08-07 17:32:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 00:32
.
Pre-Run: 93,118,554,112 bytes free
Post-Run: 99,949,010,944 bytes free
.
- - End Of File - - 4A0A7BFFF991F4CAD8059F484D0D49A0

 

[Broni]

Looks good

How is computer doing?

==================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[glhglh]

Working much better. The screen (this is a notbook), still goes blank after about 2 seconds. This may be a hardware problems, or just need updated drivers. I'll follow the next directions.

 

[glhglh]

mbam won't load. error, host not found. mouse is floating all over. rebooting. try again to load? or go on to otl?

 

[Broni]

You need to give me more details.
What EXACTLY happens?
Use more than few words since I'm not there.

 

[glhglh]

Basically, I rebooted several times. Then have been busy. When I first tryed to load Mbam, there was a message that it couldn't be loaded, because it was marked to be deleted. I tried to delete it, then rebooted, but still a problem. Then used windows "program &.." to delete it, rebooted a couple of times, and was able to reinstall. Then the updating became a problem, but was able to connect to the internet again on that machine to update.

Ran Mbam, here is scan :

alwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.09.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Benjamin :: BEN-DEL [administrator]
8/9/2012 12:31:27 PM
mbam-log-2012-08-09 (12-31-27).txt
Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 310699
Time elapsed: 1 hour(s), 40 minute(s), 45 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

 

[glhglh]

Here is the otl (we should not be using a proxie, I don't think):

OTL logfile created on: 8/9/2012 3:01:33 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Benjamin\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.49% Memory free
4.23 Gb Paging File | 3.29 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 95.39 Gb Free Space | 64.00% Space Free | Partition Type: NTFS
Drive E: | 14.91 Gb Total Space | 14.74 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

Computer Name: BEN-DEL | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/09 12:50:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
PRC - [2011/08/26 20:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe
PRC - [2011/08/26 20:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
PRC - [2011/05/15 15:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files\CrossriderWebApps\Crossrider.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2012/08/09 12:51:53 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 17:58:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/02 08:25:14 | 002,232,504 | ---- | M] (Giraffic) [Disabled | Stopped] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2011/08/26 20:26:54 | 000,280,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\snac.exe -- (SNAC)
SRV - [2011/08/26 20:26:50 | 001,664,744 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe -- (SmcService)
SRV - [2011/08/26 20:23:32 | 000,137,224 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe -- (SepMasterService)
SRV - [2008/01/20 19:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\COH_Mon.sys -- (COH_Mon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/08/09 11:41:23 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20120808.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/09 11:38:19 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120808.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/09 11:38:19 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 11:38:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/08/09 11:38:19 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20120808.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/06/21 00:09:23 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20120803.011\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/05/30 23:11:19 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/08/26 20:50:20 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/08/26 20:29:38 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\symtdiv.sys -- (SYMTDIV)
DRV - [2011/08/26 20:29:34 | 000,756,856 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymEFA.sys -- (SymEFA)
DRV - [2011/08/26 20:29:32 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\SymDS.sys -- (SymDS)
DRV - [2011/08/26 20:29:28 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtsp.sys -- (SRTSP)
DRV - [2011/08/26 20:29:28 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\srtspx.sys -- (SRTSPX)
DRV - [2011/08/26 20:29:26 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SEP\0C01029F\136B.105\x86\Ironx86.sys -- (SymIRON)
DRV - [2011/08/26 20:27:34 | 000,050,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\Teefer.sys -- (Teefer2)
DRV - [2009/04/10 21:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/01/20 19:23:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/10/13 20:04:33 | 004,422,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DD 6E A8 22 AC 13 CC 01 [binary data]
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes,DefaultScope = {2C9E0EE4-2610-B903-9AF4-523D61CB8099}
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{2C9E0EE4-2610-B903-9AF4-523D61CB8099}: "URL" = http://www.startnow.com/s/?q={searc...89ec&browser=IE&os=win&os_version=6.0-x86-SP2
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{539CCC96-9A5D-429F-8413-00914CB14C4A}: "URL" = http://mp3tubetoolbar.com/?tmp=tool...hTerms}&clid=c6c601be169a43b88e27bf413cc8cd38
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{C2FCC1C2-AB2D-22B1-04E5-91AD1ADD53D1}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8yUwZmOv&I=26
IE - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pin...8e27bf413cc8cd38&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8yUwZmOv&&I=26&search="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/06/20 05:11:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\IPSFFPlgn\ [2012/08/09 09:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/27 23:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/13 16:47:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 17:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 14:52:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 17:58:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 14:52:54 | 000,000,000 | ---D | M]

[2011/09/01 22:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Extensions
[2012/08/07 16:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\extensions
[2012/07/13 16:47:07 | 000,002,203 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\Mozilla\Firefox\Profiles\9h19osde.default\searchplugins\MyStart Search.xml
[2012/04/25 08:54:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/27 23:55:46 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/07/13 16:47:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2012/08/09 09:42:08 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\SYMANTEC\SYMANTEC ENDPOINT PROTECTION\12.1.671.4971.105\DATA\IPSFFPLGN
[2012/07/13 20:05:45 | 000,087,148 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\{24CEA704-946D-11DA-A72B-0800200C9A66}.XPI
File not found (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
File not found (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\CROSSRIDERAPP435@CROSSRIDER.COM
[2012/07/13 20:05:45 | 000,004,429 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\STTR@MASTERADA.HU.XPI
[2012/07/13 20:05:45 | 000,057,439 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\TABSCOPE@XULDEV.ORG.XPI
[2012/07/13 20:05:45 | 000,097,687 | ---- | M] () (No name found) -- C:\USERS\BENJAMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9H19OSDE.DEFAULT\EXTENSIONS\TABUTILS@ITHINC.CN.XPI
[2012/07/19 17:58:14 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/13 12:11:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/13 12:11:47 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: MyStart Search (Enabled)
CHR - default_search_provider: search_url = http://mystart.incredibar.com/mb139/?loc=IB_DS&search={searchTerms}&a=6R8yUwZmOv&I=26
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Benjamin\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Web Assistant = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.439_0\
CHR - Extension: StartNow Search = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: Codec-V = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.18.51_0\crossrider
CHR - Extension: Codec-V = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.18.51_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/07 17:00:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CrossRider) - {A876E312-7D08-401a-B7A6-FAFC5DC2F292} - C:\Program Files\CrossriderWebApps\Crossrider.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001..\Run: [CrossRiderPlugin] C:\Program Files\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hedrick.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF28EE6-3C75-4D48-86E6-272DABB84CB2}: DhcpNameServer = 192.168.1.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/09 14:13:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012/08/09 09:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/09 09:39:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/09 09:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/07 17:32:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/07 17:07:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/07 16:55:53 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\temp
[2012/08/07 15:09:39 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\tdsskiller
[2012/08/06 18:12:35 | 000,892,822 | ---- | C] (Farbar) -- C:\Users\Benjamin\Desktop\FRST.exe
[2012/08/06 10:44:23 | 000,306,999 | ---- | C] (Farbar) -- C:\Users\Benjamin\Desktop\ListParts.exe
[2012/08/06 10:05:42 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\GETxPUD
[2012/08/05 09:53:34 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/03 22:06:53 | 000,000,000 | ---D | C] -- C:\sewf8374ljk
[2012/08/01 19:24:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/01 19:24:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/01 19:24:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/01 19:17:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/01 19:16:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/01 17:44:34 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\RK_Quarantine
[2012/07/31 19:28:17 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\Ben Virus scans
[2012/07/31 19:26:40 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\Desktop\1 GLH new HP Desktop Virus Programs
[2012/07/17 19:12:15 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Proxure
[2012/07/17 19:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ClubSanDisk
[2012/07/17 14:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/17 14:52:54 | 000,772,544 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/07/17 14:52:54 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/17 14:51:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/17 14:51:32 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/17 14:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/07/13 16:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012/07/13 16:46:22 | 000,000,000 | ---D | C] -- C:\Users\Benjamin\AppData\Local\Codec-V
[2012/07/13 16:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\Codec-V
[2012/07/12 18:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Graboid Inc
[2012/07/11 03:22:35 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/11 03:06:10 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/11 03:06:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/11 03:06:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/11 03:06:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/11 03:06:04 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/11 03:06:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/11 03:06:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/09 14:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/09 14:22:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001UA.job
[2012/08/09 13:42:05 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 13:42:05 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/09 12:51:49 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/09 12:51:49 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/09 12:50:13 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Benjamin\Desktop\OTL.exe
[2012/08/09 12:29:38 | 000,000,965 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/09 09:46:33 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/09 09:46:32 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/09 09:41:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/09 09:41:44 | 2145,513,472 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/09 09:40:17 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 23:22:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3175613772-2373492689-2895465435-1001Core.job
[2012/08/07 17:00:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/07 15:56:37 | 000,264,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/07 15:22:44 | 000,002,651 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/08/06 10:23:40 | 000,306,999 | ---- | M] (Farbar) -- C:\Users\Benjamin\Desktop\ListParts.exe
[2012/08/06 10:12:12 | 067,108,864 | ---- | M] () -- C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
[2012/08/06 09:59:18 | 000,497,272 | ---- | M] () -- C:\Users\Benjamin\Desktop\GETxPUD.exe
[2012/08/04 11:22:10 | 000,892,822 | ---- | M] (Farbar) -- C:\Users\Benjamin\Desktop\FRST.exe
[2012/08/03 21:53:51 | 000,001,356 | ---- | M] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2012/08/01 10:59:33 | 000,000,076 | ---- | M] () -- C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
[2012/07/23 19:18:21 | 273,275,364 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/17 14:49:37 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/17 14:49:36 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/11 12:29:18 | 000,002,054 | ---- | M] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/11 12:29:17 | 000,002,092 | ---- | M] () -- C:\Users\Benjamin\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/09 09:40:17 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/09 09:39:48 | 000,000,965 | ---- | C] () -- C:\Users\Benjamin\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/08/06 18:15:27 | 2145,513,472 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/06 10:11:15 | 067,108,864 | ---- | C] () -- C:\Users\Benjamin\Desktop\xpud-0.9.2.iso
[2012/08/06 10:05:14 | 000,497,272 | ---- | C] () -- C:\Users\Benjamin\Desktop\GETxPUD.exe
[2012/08/01 19:24:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/01 19:24:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/01 19:24:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/01 19:24:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/01 19:24:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/01 10:59:33 | 000,000,076 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\mbam.context.scan
[2011/12/13 00:25:39 | 000,001,356 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\d3d9caps.dat
[2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28
[2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r
[2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28
[2011/11/11 16:12:00 | 000,001,052 | ---- | C] () -- C:\Users\Benjamin\XrxWm.ini
[2011/11/05 12:55:06 | 000,000,032 | ---- | C] () -- C:\Users\Benjamin\jagex_cl_runescape_LIVE.dat
[2011/04/18 16:21:58 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_4
[2011/04/14 11:45:40 | 000,005,632 | ---- | C] () -- C:\Users\Benjamin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/03 14:20:19 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_3
[2011/04/02 23:32:21 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_1
[2011/04/02 22:49:45 | 000,000,173 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\D2Info0
[2011/04/02 22:49:45 | 000,000,008 | ---- | C] () -- C:\Users\Benjamin\AppData\Roaming\DofusAppId0_2
[2011/04/01 08:08:06 | 000,000,129 | ---- | C] () -- C:\Users\Benjamin\jagex_runescape_preferences2.dat
[2011/04/01 08:03:47 | 000,000,035 | ---- | C] () -- C:\Users\Benjamin\jagex_runescape_preferences.dat
[2011/04/01 08:03:15 | 000,000,024 | ---- | C] () -- C:\Users\Benjamin\jagexappletviewer.preferences
[2011/03/31 12:36:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/31 12:36:21 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/31 12:35:47 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/31 11:02:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/31 09:54:53 | 000,055,472 | RHS- | C] () -- C:\ProgramData\ntuser.pol
< End of report >
Still several s to delete.

 

[glhglh]

and here is the extras log:

OTL Extras logfile created on: 8/9/2012 3:01:33 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Benjamin\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.49% Memory free
4.23 Gb Paging File | 3.29 Gb Available in Paging File | 77.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 95.39 Gb Free Space | 64.00% Space Free | Partition Type: NTFS
Drive E: | 14.91 Gb Total Space | 14.74 Gb Free Space | 98.84% Space Free | Partition Type: NTFS

Computer Name: BEN-DEL | User Name: Benjamin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]
"CoreNet-GP-LSASS-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\lsass.exe|Name=@FirewallAPI.dll,-25407|Desc=@FirewallAPI.dll,-25408|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DNS-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=53|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-25405|Desc=@FirewallAPI.dll,-25406|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Name=@FirewallAPI.dll,-25403|Desc=@FirewallAPI.dll,-25404|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-GP-NP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-25401|Desc=@FirewallAPI.dll,-25401|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IPv6-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=41|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25351|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-Teredo-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=Teredo|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25326|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25302|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-DHCP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=68|RPort=67|App=%SystemRoot%\system32\svchost.exe|Svc=dhcp|Name=@FirewallAPI.dll,-25301|Desc=@FirewallAPI.dll,-25303|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25377|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-IGMP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=2|Profile=Domain|App=System|Name=@FirewallAPI.dll,-25376|Desc=@FirewallAPI.dll,-25382|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25252|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP4-DUFRAG-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=3:4|App=System|Name=@FirewallAPI.dll,-25251|Desc=@FirewallAPI.dll,-25257|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25117|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PP-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25114|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-TE-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=3:*|App=System|Name=@FirewallAPI.dll,-25113|Desc=@FirewallAPI.dll,-25115|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25111|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-DU-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=1:*|App=System|Name=@FirewallAPI.dll,-25110|Desc=@FirewallAPI.dll,-25112|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25083|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LD-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=132:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25082|Desc=@FirewallAPI.dll,-25088|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25076|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR2-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LR-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=131:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25068|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25062|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-LQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=130:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25061|Desc=@FirewallAPI.dll,-25067|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25027|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=136:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25026|Desc=@FirewallAPI.dll,-25032|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25020|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-NDS-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=135:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25013|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RA-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=134:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25012|Desc=@FirewallAPI.dll,-25018|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-RS-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=133:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25008|Desc=@FirewallAPI.dll,-25011|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25002|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"CoreNet-ICMP6-PTB-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=2:*|App=System|Name=@FirewallAPI.dll,-25001|Desc=@FirewallAPI.dll,-25007|EmbedCtxt=@FirewallAPI.dll,-25000|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP6-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-Out" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-ICMP4-ERQ-In" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC-EPMap|RA4=LocalSubnet|RA6=LocalSubnet|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=445|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=139|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-RPCSS-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SpoolSvc-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC|App=%SystemRoot%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Datagram-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-Out-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Name-In-UDP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-SMB-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"FPS-NB_Session-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnP-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP-Active" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope-Active" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-UPnP-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-33037|Desc=@FirewallAPI.dll,-33038|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33031|Desc=@FirewallAPI.dll,-33034|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-UPnPHost-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-33027|Desc=@FirewallAPI.dll,-33030|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-Out-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33023|Desc=@FirewallAPI.dll,-33026|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-SSDPSrv-In-UDP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-33019|Desc=@FirewallAPI.dll,-33022|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-Out-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33007|Desc=@FirewallAPI.dll,-33010|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-In-TCP-EdgeScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\msra.exe|Name=@FirewallAPI.dll,-33003|Desc=@FirewallAPI.dll,-33006|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=TRUE|
"RemoteAssistance-DCOM-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|LPort=RPC-EPMap|App=%SystemRoot%\system32\svchost.exe|Svc=rpcss|Name=@FirewallAPI.dll,-33035|Desc=@FirewallAPI.dll,-33036|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-Out-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|
"RemoteAssistance-RAServer-In-TCP-NoScope" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|AutoGenIPsec=FALSE|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AC1FDD-C357-44B3-9548-4CDB865C39EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0C18DBC4-1DD2-4E64-AAD6-B2102F0ECB86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{10BDB9F1-EC1C-49B5-9846-FA75D9039283}" = lport=138 | protocol=17 | dir=in | app=system |
"{274E969C-8E9D-49A3-B855-9C4879A12F76}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{28AC0FBA-5FAE-41F0-8C4F-A2AC88BBFB7A}" = lport=137 | protocol=17 | dir=in | app=system |
"{3A82436A-CD18-4FE7-80DB-A400B2E07396}" = rport=137 | protocol=17 | dir=out | app=system |
"{4160A831-03C4-4A31-8D47-270EAAF6F9CE}" = lport=139 | protocol=6 | dir=in | app=system |
"{59847062-E57C-4437-BBD9-113FA5E1533C}" = rport=138 | protocol=17 | dir=out | app=system |
"{60B0B820-9851-4937-8B5F-B5A72EEAE064}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A2E5228-4CED-4217-8FD0-6E630031840C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{71CCF7A5-4FFE-424B-AE03-73870CBEDCA1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8ADD86FF-1C42-43D8-A19B-AEE72E91238E}" = lport=445 | protocol=6 | dir=in | app=system |
"{8FE9B2D1-5AA3-4541-BFD5-BE2B82100DA7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6B21B77-F48D-434C-BC86-71287090F551}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D2A16053-814B-47DA-93D3-99A1C147AF3F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E6F5FA60-D3D6-4C22-B7F8-109B95AAB730}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE727F7D-93E1-4138-A63A-CEA5BF1C407D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F020C4DE-B66B-4563-9A32-3FFE73C79CE1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F119442E-C967-48B3-BBCD-3CE10A80E095}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB981D-46E9-4D63-87C3-1D0E5DA3B462}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{0761990D-DE32-45BF-870D-DCD3D94E27D1}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{0E196224-C268-4966-9E77-A1F96D2951AB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{0E4D56D7-72AA-4FAF-955B-452004295569}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe |
"{1C1EC5F9-9128-4BAB-91D1-A6EA7FA8EDDB}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{2BCC2AE8-6727-454E-A1A5-32C2A107BE0B}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{43A44B77-068D-4C0A-BD69-CA481D7C541D}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{54B204ED-16A5-43FD-9BF3-E693A146DC94}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{5DF63DF5-3CEA-4DCE-800C-380F63F9CAB6}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{5F02E2F5-8D9E-4422-8D06-8225C67BE06C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7518EEFC-E772-40F4-8E88-AEA9C379C449}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\smc.exe |
"{7707F649-67A5-4379-A1C6-221D9DD0DF45}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{7C8B715A-8A9A-424B-A92E-8E1E1FFA176C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{7F73950B-9448-42A0-AEF1-5AEC15F3C0AF}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{843FDB49-3F6E-4E67-8C2A-F5A8C2A3410A}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{8D6A4657-1B47-4BBE-8FD9-2DCC32A07212}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{9C1AF421-0147-437D-A094-94D1C52B971F}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{A8310CAF-37D7-4BFB-AB68-57F81050B676}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B360030D-A289-42CC-A4F4-E6FE94797F08}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{B6F76FD9-83B3-4822-B845-3D280FD43D2A}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |
"{BBDF1030-62A9-4873-8104-64306CAB591A}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{BF1C2639-47AC-4D9E-AE95-783A027AA809}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D4E2B5DC-6DF8-45EF-87E4-9D055A508654}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\12.1.671.4971.105\bin\snac.exe |
"{EA688FC6-C823-4DF7-BDA6-ED3C3BD842DF}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{EF7FB33C-84F3-47C9-A552-23B135155FE1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F02D5E87-6BCA-4010-BC8B-A2843B34A5B1}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{FB1ADCCD-D00C-44A9-B203-7D753FB7CC12}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{4FC60BFD-8A0E-435E-B6DB-C052A11A32B4}C:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe" = protocol=6 | dir=in | app=c:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe |
"TCP Query User{9F818C18-317F-4FDA-8967-54AAD0CD5507}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{BE867B8F-2B42-4C26-95A7-C1D9BD1F0595}C:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe" = protocol=17 | dir=in | app=c:\users\benjamin\appdata\local\temp\rarsfx0\windows utilities\installer32\installationmanager.exe |
"UDP Query User{C0E9FDF8-A970-4E0F-A828-A167C90B0C96}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.439
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8}" = Symantec Endpoint Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Crossrider" = Crossrider Web Apps
"DivX Setup" = Instalação do DivX
"Giraffic" = Veoh Giraffic Video Accelerator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"STANDARDR" = Microsoft Office Standard 2007
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.0.1
"Xerox_Support_Centre" = Xerox Support Centre

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3175613772-2373492689-2895465435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"ExpressFiles" = ExpressFiles
"Google Chrome" = Google Chrome
"SwiftKit" = SwiftKit

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/7/2012 9:05:50 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
Description =

Error - 8/7/2012 9:18:48 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2012 4:11:54 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
Description =

Error - 8/8/2012 4:36:10 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
Description =

Error - 8/9/2012 12:43:16 PM | Computer Name = BEN-DEL.hedrick.local | Source = WinMgmt | ID = 10
Description =

Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
2028) Time: Thursday, August 09, 2012 11:30:30 AM

Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
2028) Time: Thursday, August 09, 2012 11:30:30 AM

Error - 8/9/2012 2:30:30 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
2028) Time: Thursday, August 09, 2012 11:30:30 AM

Error - 8/9/2012 3:30:45 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe Event Info: Open Process
ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
1168) Time: Thursday, August 09, 2012 12:30:45 PM

Error - 8/9/2012 3:30:45 PM | Computer Name = BEN-DEL.hedrick.local | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec\Symantec
Endpoint Protection\12.1.671.4971.105\Bin\Smc.exe Event Info: Open Process ActionTaken:
Logged Actor Process: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE (PID
1168) Time: Thursday, August 09, 2012 12:30:45 PM

[ System Events ]
Error - 8/8/2012 4:34:52 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/8/2012 4:35:20 PM | Computer Name = BEN-DEL.hedrick.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 8/8/2012 8:35:22 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/9/2012 12:35:47 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/9/2012 4:36:20 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/9/2012 8:51:53 AM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/9/2012 12:42:02 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5719
Description = This computer was not able to set up a secure session with a domain
controller
in domain HEDRICK due to the following: %%1311 This may lead to authentication problems.
Make sure that this computer is connected to the network. If the problem persists,
please
contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller
for the specified domain, it sets up the secure session to the primary domain controller
emulator in the specified domain. Otherwise, this computer sets up the secure session
to any domain controller in the specified domain.

Error - 8/9/2012 12:42:32 PM | Computer Name = BEN-DEL.hedrick.local | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = The processing of Group Policy failed because of lack of network connectivity
to a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for several
hours, then contact your administrator.

Error - 8/9/2012 2:31:37 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\hedcogaserver.hedrick.local for the domain HEDRICK failed because the Domain Controller
did not have an account BEN-DEL$ needed to set up the session by this computer BEN-DEL.

ADDITIONAL
DATA If this computer is a member of or a Domain Controller in the specified domain,
the aforementioned account is a computer account for this computer in the specified
domain. Otherwise, the account is an interdomain trust account with the specified
domain.

Error - 8/9/2012 2:31:58 PM | Computer Name = BEN-DEL.hedrick.local | Source = NETLOGON | ID = 5721
Description = The session setup to the Windows NT or Windows 2000 Domain Controller
\\hedcodserver for the domain HEDRICK failed because the Domain Controller did not
have an account BEN-DEL$ needed to set up the session by this computer BEN-DEL. ADDITIONAL
DATA If this computer is a member of or a Domain Controller in the specified domain,
the aforementioned account is a computer account for this computer in the specified
domain. Otherwise, the account is an interdomain trust account with the specified
domain.


< End of report >
I s

 

[Broni]

Still several s to delete.

??

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST
  [2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28
  [2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r
  [2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step run the fix from safe mode.

=====================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[glhglh]

All processes killed
Error: Unable to interpret <· :OTL> in the current context!
Error: Unable to interpret <· O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <· [2012/08/04 13:15:23 | 000,000,000 | ---D | C] -- C:\FRST> in the current context!
Error: Unable to interpret <· [2011/12/12 21:17:08 | 000,000,304 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28> in the current context!
Error: Unable to interpret <· [2011/12/12 21:17:08 | 000,000,224 | ---- | C] () -- C:\ProgramData\~otoZiP8LlaLv28r> in the current context!
Error: Unable to interpret <· [2011/12/12 21:17:04 | 000,000,456 | ---- | C] () -- C:\ProgramData\otoZiP8LlaLv28> in the current context!
Error: Unable to interpret <· > in the current context!
Error: Unable to interpret <· :Commands> in the current context!
Error: Unable to interpret <· [purity]> in the current context!
Error: Unable to interpret <· [emptytemp]> in the current context!
Error: Unable to interpret <· [emptyjava]> in the current context!
Error: Unable to interpret <· [emptyflash]> in the current context!
Error: Unable to interpret <· [Reboot]> in the current context!

OTL by OldTimer - Version 3.2.56.0 log created on 08092012_175036
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[glhglh]

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Symantec Endpoint Protection
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Adobe Flash Player 11.3.300.270
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon!
````````````````````End of Log``````````````````````

 

[Broni]

OTL fix log is incorrect.
You didn't copy my entire script.
Redo.

 

[glhglh]

Shall I do the other two again also?
All processes killed
========== OTL ==========
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\ProgramData\~otoZiP8LlaLv28 moved successfully.
C:\ProgramData\~otoZiP8LlaLv28r moved successfully.
C:\ProgramData\otoZiP8LlaLv28 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benjamin
->Temp folder emptied: 359512 bytes
->Temporary Internet Files folder emptied: 23997981 bytes
->Java cache emptied: 128105554 bytes
->FireFox cache emptied: 68279293 bytes
->Google Chrome cache emptied: 319096529 bytes
->Flash cache emptied: 57254 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: glh
->Temp folder emptied: 498528 bytes
->Temporary Internet Files folder emptied: 11712070 bytes
->Flash cache emptied: 646 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 4728030 bytes

Total Files Cleaned = 531.00 mb


[EMPTYJAVA]

User: All Users

User: Benjamin
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: glh

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Benjamin
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: glh
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08092012_183901
Files\Folders moved on Reboot...
C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FFMKXOB\ads[2].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\Benjamin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FFMKXOB\ads[2].htm not found!
Registry entries deleted on Reboot...

 

[Broni]

No, you're fine.
Go ahead with Eset.