Jump to content

flash0429

Members
  • Content Count

    90
  • Joined

  • Last visited

About flash0429

  • Rank
    Member
  • Birthday 04/29/1988

Contact Methods

  • Website URL
    http://www.facebook.com/flash0429

Profile Information

  • Gender
    Male
  • Location
    Batavia, NY

Previous Fields

  • System Specifications:
    Windows 7 Ultimate 750 GIG HD 8 GIG RAM i5 Core Processor DVD-RW/CD-RW Combo
  • Teams:
    Nothing Selected
  1. If this pain keeps up any longer then it will be an er trip for me

  2. You were my first and I will never forget that you've been through so much and will always be in our hearts and prayers forever and always we love you Rico R.I.P.

  3. doing a new thing if your PS# has the YLOD (Yellow Light of Death) Let me know $50 and i will get it back working for you again i have experience with it and have dne it multiple times already so just let me know

  4. First day missing her then I thought I would can't wait till later they say absence makes the heart grow fonder and fonder it shall

  5. [2012/12/27 02:37:36 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro [2012/12/27 02:37:36 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis [2012/12/25 21:55:27 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/12/25 14:39:34 | 000,000,000 | ---D | C] -- C:Program Files (x86)sp59755 [2012/12/25 14:01:41 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestapi64.dll [2012/12/25 13:43:31 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativedriversstwrt64.sys [2012/12/25 13:43:30 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestcplx64.dll [2012/12/25 13:43:29 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestapo64.dll [2012/12/25 13:43:21 | 000,000,000 | ---D | C] -- C:Program FilesIDT [2012/12/23 14:28:56 | 000,000,000 | ---D | C] -- C:ProgramDataAsk [2012/12/23 14:00:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRdpGroupPolicyExtension.dll [2012/12/23 14:00:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbRedirectionGroupPolicyExtension.dll [2012/12/23 14:00:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbRedirectionGroupPolicyControl.exe [2012/12/23 14:00:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversTsUsbFlt.sys [2012/12/23 14:00:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversTsUsbGD.sys [2012/12/23 14:00:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversrdpvideominiport.sys [2012/12/23 14:00:01 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstsc.exe [2012/12/23 14:00:01 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstsc.exe [2012/12/23 14:00:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewksprt.exe [2012/12/23 14:00:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaaclient.dll [2012/12/23 14:00:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64aaclient.dll [2012/12/23 14:00:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpudd.dll [2012/12/23 14:00:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpendp_winip.dll [2012/12/23 14:00:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpendp_winip.dll [2012/12/23 14:00:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTSWbPrxy.exe [2012/12/23 14:00:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeMsRdpWebAccess.dll [2012/12/23 14:00:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MsRdpWebAccess.dll [2012/12/23 14:00:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetsgqec.dll [2012/12/23 14:00:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbGDCoInstaller.dll [2012/12/23 14:00:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tsgqec.dll [2012/12/23 14:00:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewksprtPS.dll [2012/12/23 14:00:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wksprtPS.dll [2012/12/23 14:00:00 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstscax.dll [2012/12/23 14:00:00 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstscax.dll [2012/12/23 14:00:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorets.dll [2012/12/23 13:59:27 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll [2012/12/23 13:59:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativencrypt.dll [2012/12/22 03:00:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:WindowsSysNativeatmlib.dll [2012/12/22 03:00:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:WindowsSysWow64atmlib.dll [2012/12/22 03:00:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysNativeatmfd.dll [2012/12/22 03:00:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64atmfd.dll [2012/12/18 19:38:11 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingvlc [2012/12/18 19:37:09 | 000,000,000 | ---D | C] -- C:Program Files (x86)VideoLAN [2012/12/15 00:27:21 | 000,000,000 | ---D | C] -- C:UsersFlashDoctor Web [2012/12/15 00:05:29 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingIDM [2012/12/15 00:05:09 | 000,000,000 | ---D | C] -- C:Program Files (x86)Internet Download Manager [2012/12/14 19:36:31 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingMusicOasis [2012/12/14 19:34:23 | 000,000,000 | -HSD | C] -- C:WindowsSysWow64AI_RecycleBin [2012/12/14 17:19:41 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingHideIPEasy [2012/12/14 17:19:41 | 000,000,000 | ---D | C] -- C:ProgramDataHideIPEasy [2012/12/14 17:18:53 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsHide IP Easy [2012/12/14 17:18:51 | 000,000,000 | ---D | C] -- C:Program Files (x86)HideIPEasy [2012/12/14 02:52:18 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:WindowsSysNativedriversidmwfp.sys [2012/12/11 17:36:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll [2012/12/11 17:36:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll [2012/12/11 17:36:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll [2012/12/11 17:36:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl [2012/12/11 17:36:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll [2012/12/11 17:36:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll [2012/12/11 17:36:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll [2012/12/11 17:36:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe [2012/12/11 17:36:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe [2012/12/11 17:36:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll [2012/12/11 17:36:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl [2012/12/11 17:36:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll [2012/12/11 17:36:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll [2012/12/11 17:36:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll [2012/12/11 17:36:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll [2012/12/11 16:13:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll [2012/12/11 16:13:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll [2012/12/11 16:13:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll [2012/12/11 16:13:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe [2012/12/11 16:13:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll [2012/12/11 16:13:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll [2012/12/11 16:13:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe [2012/12/11 16:13:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll [2012/12/11 16:13:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll [2012/12/11 16:13:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll [2012/12/11 16:13:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe [2012/12/11 16:13:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll [2012/12/11 16:13:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll [2012/12/11 16:13:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll [2012/12/11 16:13:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll [2012/12/11 16:13:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll [2012/12/11 16:13:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll [2012/12/11 16:13:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll [2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll [2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll [2012/12/11 16:13:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll [2012/12/11 16:13:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll [2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll [2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll [2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll [2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll [2012/12/11 16:13:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe [2012/12/11 16:13:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedpnet.dll [2012/12/11 16:13:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dpnet.dll [2012/06/05 16:04:14 | 000,082,816 | ---- | C] (VSO Software) -- C:UsersFlashAppDataRoamingpcouffin.sys ========== Files - Modified Within 30 Days ========== [2013/01/09 00:50:18 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job [2013/01/09 00:48:07 | 000,000,928 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000UA.job [2013/01/09 00:43:17 | 000,001,743 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk [2013/01/09 00:32:13 | 000,040,624 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 00:32:13 | 000,040,624 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 00:28:42 | 000,001,805 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk [2013/01/09 00:16:43 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job [2013/01/09 00:13:13 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2013/01/09 00:12:46 | 1101,418,495 | -HS- | M] () -- C:hiberfil.sys [2013/01/08 23:57:31 | 1085,263,124 | ---- | M] () -- C:WindowsMEMORY.DMP [2013/01/08 19:53:00 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job [2013/01/08 16:50:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe [2013/01/08 16:50:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2013/01/08 15:47:00 | 000,000,906 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000Core.job [2013/01/06 15:41:04 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif [2013/01/06 14:38:14 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2013/01/06 00:29:28 | 000,000,774 | ---- | M] () -- C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc [2013/01/06 00:13:55 | 000,000,927 | ---- | M] () -- C:UsersFlashApplication DataMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk [2013/01/05 23:52:01 | 000,000,017 | ---- | M] () -- C:UsersFlashAppDataLocalresmon.resmoncfg [2013/01/05 23:00:58 | 005,101,944 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT [2013/01/05 20:38:31 | 000,000,850 | ---- | M] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk [2013/01/05 17:01:24 | 478,027,761 | ---- | M] () -- C:UsersFlashDesktopDownloads.rar [2013/01/03 22:30:33 | 000,876,418 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2013/01/03 22:30:33 | 000,731,010 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2013/01/03 22:30:33 | 000,147,926 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2013/01/03 22:23:19 | 000,000,332 | ---- | M] () -- C:WindowstasksHPCeeScheduleForFlash.job [2013/01/03 21:20:24 | 3224,686,592 | ---- | M] () -- C:UsersFlashDesktopGRMCPRXFRER_EN_DVD.ISO [2012/12/31 12:04:00 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativeWindowsAccessBridge-64.dll [2012/12/31 12:03:58 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe [2012/12/31 12:03:58 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe [2012/12/31 12:03:58 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejava.exe [2012/12/31 12:03:57 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll [2012/12/31 12:03:57 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll [2012/12/25 14:11:10 | 001,759,269 | ---- | M] () -- C:WindowsSysNativedriversNISx641402000.013Cat.DB [2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:WindowsSysNativeatmlib.dll [2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysNativeatmfd.dll [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64atmfd.dll [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:WindowsSysWow64atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys [2012/12/12 23:48:07 | 000,003,520 | ---- | M] () -- C:WindowsSysWow64EasyRedirect.ini [2012/12/12 23:48:07 | 000,002,040 | ---- | M] () -- C:WindowsSysWow64EasyRedirectOff.ini [2012/12/12 23:48:07 | 000,002,040 | ---- | M] () -- C:WindowsSysNativeEasyRedirectOff.ini [2012/12/11 17:41:36 | 000,000,129 | ---- | M] () -- C:WindowsSysNativeMRT.INI [2012/12/11 17:28:38 | 000,058,880 | ---- | M] () -- C:UsersFlashAppDataLocalN360 [2012/12/11 17:28:38 | 000,055,808 | ---- | M] () -- C:UsersFlashAppDataLocalNAV [2012/12/11 17:28:38 | 000,054,272 | ---- | M] () -- C:UsersFlashAppDataLocalNIS [2012/12/11 15:50:36 | 000,000,342 | ---- | M] () -- C:WindowstasksHPCeeScheduleForFLASH-HP$.job ========== Files Created - No Company Name ========== [2013/01/09 00:43:17 | 000,001,743 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk [2013/01/09 00:28:42 | 000,001,805 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk [2013/01/09 00:23:30 | 000,001,054 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAurora.lnk [2013/01/06 15:41:04 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif [2013/01/06 15:34:36 | 000,002,117 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk [2013/01/06 13:54:09 | 1085,263,124 | ---- | C] () -- C:WindowsMEMORY.DMP [2013/01/06 00:13:55 | 000,000,927 | ---- | C] () -- C:UsersFlashApplication DataMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk [2013/01/05 23:52:01 | 000,000,017 | ---- | C] () -- C:UsersFlashAppDataLocalresmon.resmoncfg [2013/01/05 22:59:26 | 005,101,944 | ---- | C] () -- C:WindowsSysNativeFNTCACHE.DAT [2013/01/05 20:38:31 | 000,000,850 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk [2013/01/05 15:39:23 | 478,027,761 | ---- | C] () -- C:UsersFlashDesktopDownloads.rar [2013/01/03 21:12:55 | 3224,686,592 | ---- | C] () -- C:UsersFlashDesktopGRMCPRXFRER_EN_DVD.ISO [2012/12/31 18:02:07 | 1101,418,495 | -HS- | C] () -- C:hiberfil.sys [2012/12/31 00:36:59 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/12/31 00:36:59 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/12/31 00:36:59 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/12/31 00:36:59 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/12/31 00:36:59 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/12/11 17:28:38 | 000,058,880 | ---- | C] () -- C:UsersFlashAppDataLocalN360 [2012/12/11 17:28:38 | 000,055,808 | ---- | C] () -- C:UsersFlashAppDataLocalNAV [2012/12/11 17:28:38 | 000,054,272 | ---- | C] () -- C:UsersFlashAppDataLocalNIS [2012/11/22 01:43:52 | 000,003,520 | ---- | C] () -- C:WindowsSysWow64EasyRedirect.ini [2012/11/22 01:43:52 | 000,002,040 | ---- | C] () -- C:WindowsSysWow64EasyRedirectOff.ini [2012/10/13 03:44:42 | 000,000,399 | ---- | C] () -- C:UsersFlash.gitconfig [2012/09/04 23:30:06 | 000,000,938 | -H-- | C] () -- C:UsersFlash.gitk [2012/09/03 23:34:14 | 000,001,287 | ---- | C] () -- C:UsersFlash_viminfo [2012/09/02 23:12:22 | 000,000,356 | ---- | C] () -- C:UsersFlash.bash_history [2012/08/14 16:15:31 | 000,053,248 | ---- | C] () -- C:WindowsSysWow64CommonDL.dll [2012/08/14 16:15:31 | 000,002,413 | ---- | C] () -- C:WindowsSysWow64lgAxconfig.ini [2012/08/14 09:28:21 | 000,004,932 | ---- | C] () -- C:ProgramDatashppvtrh.txs [2012/07/25 11:45:19 | 000,004,608 | ---- | C] () -- C:UsersFlashAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/07/25 11:44:17 | 000,598,016 | ---- | C] () -- C:WindowsSysWow64viscomqtde.dll [2012/07/25 11:44:17 | 000,262,144 | ---- | C] () -- C:WindowsSysWow64lame_enc.dll [2012/07/25 01:23:04 | 000,061,440 | ---- | C] () -- C:WindowsSysWow64GkSui18.EXE [2012/06/05 23:31:33 | 000,000,045 | ---- | C] () -- C:UsersFlashjagex_cl_runescape_LIVE1.dat [2012/06/05 22:36:12 | 000,000,044 | ---- | C] () -- C:UsersFlashjagex_cl_runescape_LIVE.dat [2012/06/05 22:36:12 | 000,000,024 | ---- | C] () -- C:UsersFlashrandom.dat [2012/06/05 16:04:14 | 000,007,859 | ---- | C] () -- C:UsersFlashAppDataRoamingpcouffin.cat [2012/06/05 16:04:14 | 000,001,167 | ---- | C] () -- C:UsersFlashAppDataRoamingpcouffin.inf [2012/05/10 00:19:03 | 000,005,034 | ---- | C] () -- C:ProgramDatatninvxyu.eyb [2012/04/10 00:23:46 | 006,990,455 | ---- | C] () -- C:UsersFlashAppDataRoamingData [2012/04/10 00:23:46 | 000,001,814 | ---- | C] () -- C:UsersFlashAppDataRoamingSchema [2012/03/15 09:40:28 | 004,826,112 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll [2012/03/14 11:29:20 | 000,013,865 | ---- | C] () -- C:ProgramDataN360BUOptions.ini [2012/02/20 18:01:26 | 000,001,456 | ---- | C] () -- C:UsersFlashAppDataLocalAdobe Save for Web 12.0 Prefs [2012/02/05 23:01:26 | 000,000,036 | ---- | C] () -- C:UsersFlash.org.eclipse.epp.usagedata.recording.userId [2012/02/01 00:40:57 | 000,000,774 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc [2012/01/30 13:25:49 | 000,005,055 | ---- | C] () -- C:ProgramDatazwbdueus.luf [2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:WindowsSysWow64unrar.dll [2011/12/17 00:45:02 | 000,892,412 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll [2011/12/02 14:38:19 | 000,000,537 | ---- | C] () -- C:WindowsFICEDULA.INI [2011/09/11 10:34:47 | 000,145,804 | ---- | C] () -- C:WindowsSysWow64igcompkrng600.bin [2011/09/11 10:30:57 | 000,000,056 | -H-- | C] () -- C:WindowsSysWow64ezsidmv.dat [2011/08/24 23:36:56 | 000,000,068 | ---- | C] () -- C:WindowsSysWow64ezdigsgn.dat [2011/04/15 18:05:52 | 000,218,304 | ---- | C] () -- C:WindowsSysWow64igfcg600m.bin [2011/04/15 18:05:50 | 000,963,116 | ---- | C] () -- C:WindowsSysWow64igkrng600.bin [2011/04/15 17:59:50 | 000,056,832 | ---- | C] () -- C:WindowsSysWow64igdde32.dll [2011/04/15 17:33:42 | 013,359,616 | ---- | C] () -- C:WindowsSysWow64ig4icd32.dll [2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:WindowshpDSTRES.DLL ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini [HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] [HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64 [HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] [HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64 "" = C:WindowsSysNativeshell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] "" = %SystemRoot%system32shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64 "" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] "" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64 "" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 211 bytes -> C:ProgramDataTemp:DDE29E40 @Alternate Data Stream - 181 bytes -> C:ProgramDataTemp:1A15E356 < End of report >
  6. here is the first log: All processes killed ========== PROCESSES ========== ========== OTL ========== Prefs.js: "WebSearch" removed from browser.search.defaultenginename Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S Prefs.js: "" removed from browser.search.defaultthis.engineName Prefs.js: "http://websearch.sof...k.info/?l=1&q=" removed from browser.search.defaulturl Prefs.js: "WebSearch" removed from browser.search.order.1 Prefs.js: S", "WebSearch" removed from browser.search.order.1,S Prefs.js: "WebSearch" removed from browser.search.selectedEngine Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S Prefs.js: "http://websearch.sof...ft-quick.info/" removed from browser.startup.homepage Prefs.js: "http://websearch.sof...k.info/?l=1&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0 not found. File C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll not found. Registry value HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found. File C:Program Files (x86)RelevantKnowledge not found. C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.comcontent folder moved successfully. C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.com folder moved successfully. HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully! Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} not found. Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} not found. HKLMSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Flash ->Temp folder emptied: 652971 bytes ->Temporary Internet Files folder emptied: 6451539 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 25774041 bytes ->Flash cache emptied: 3830 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32 (64bit) .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 53958 bytes %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 32902 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 31.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01092013_001042 FilesFolders moved on Reboot... C:UsersFlashAppDataLocalTempHP Support FrameworkHPSF_Config1.dll moved successfully. C:UsersFlashAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully. C:Windowstempfla359F.tmp moved successfully. C:Windowstempfla4210.tmp moved successfully. C:Windowstempfla804E.tmp moved successfully. FileFolder C:WindowstempflaA51E.tmp not found! C:WindowstempflaC2BD.tmp moved successfully. C:WindowstempflaD313.tmp moved successfully. File move failed. C:Windowstempgnserv.dat scheduled to be moved on reboot. File move failed. C:Windowstempspserv.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... --------------------- and here is the second log: OTL logfile created on: 1/9/2013 12:30:10 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersFlashDesktopComp fixing stuff 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.70 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 70.26% Memory free 13.40 Gb Paging File | 11.34 Gb Available in Paging File | 84.61% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 681.46 Gb Total Space | 323.56 Gb Free Space | 47.48% Space Free | Partition Type: NTFS Drive G: | 16.88 Gb Total Space | 9.04 Gb Free Space | 53.57% Space Free | Partition Type: NTFS Computer Name: FLASH-HP | User Name: Flash | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/02 23:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersFlashDesktopComp fixing stuffOTL.exe PRC - [2012/12/14 23:49:58 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIDMan.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIEMonitor.exe PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7TeamViewer.exe PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7tv_w32.exe PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:UsersFlashAppDataLocalCrossLoopCrossLoopService.exe PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:Program Files (x86)SecuniaPSIpsia.exe PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:Program Files (x86)SecuniaPSIpsi_tray.exe PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkYouCamYCMMirage.exe PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- .globalrootsystemrootsvchost.exe PRC - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe PRC - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe ========== Modules (No Company Name) ========== MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:Program FilesTortoiseSVNbinlibsasl32.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:Program Files (x86)Microsoft OfficeOffice141033GrooveIntlResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:Program FilesMicrosoft Security ClientNisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientMsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/06/14 12:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:Program FilesIntelWiMAXBinDMAgent.exe -- (DMAgent) SRV:64bit: - [2011/06/14 12:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiMAXBinAppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:WindowsSysNativehpservice.exe -- (hpsrv) SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:Program FilesIntelTurboBoostTurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:Program FilesWindows LiveMeshwlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeappmgmts.dll -- (AppMgmt) SRV - [2013/01/08 16:50:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/08 16:31:27 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler) SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice) SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:Program Files (x86)SkypeUpdaterUpdater.exe -- (SkypeUpdate) SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe -- (HPWMISVC) SRV - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) [On_Demand | Stopped] -- c:Program Files (x86)GrassSoftMouse RecorderMacroService.exe -- (Macro Expert) SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:UsersFlashAppDataLocalCrossLoopCrossLoopService.exe -- (CrossLoopService) SRV - [2011/11/24 15:43:17 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Stopped] -- C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe -- (IconMan_R) SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:Program Files (x86)SecuniaPSIpsia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:Program Files (x86)SecuniaPSIsua.exe -- (Secunia Update Agent) SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelServicesIPTjhi_service.exe -- (jhi_service) SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe -- (PassThru Service) SRV - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) [On_Demand | Stopped] -- C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe -- (FPLService) SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)SynapticsScrybeServiceScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe -- (UNS) SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe -- (LMS) SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe -- (RoxioNow Service) SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:UsersFlashAppDataLocalCrossLooptvnserver.exe -- (tvnserver) SRV - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)HW groupHW VSP3sHW_VSP3s_srv.exe -- (HW_VSP3s_Service) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService) SRV - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe -- (SentinelProtectionServer) SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe -- (SentinelKeysServer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSysNativedriversmbam.sys -- (MBAMProtector) DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversNetwsw00.sys -- (NETwNs64) DRV:64bit: - [2012/11/21 19:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativedriversidmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversNisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversrdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversTsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversTsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversGEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversusbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/06/05 16:04:14 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriverspcouffin.sys -- (pcouffin) DRV:64bit: - [2012/06/05 15:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/03/07 02:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetadb.sys -- (andnetadb) DRV:64bit: - [2012/03/06 06:17:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetndis64.sys -- (andnetndis) DRV:64bit: - [2012/03/06 06:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012/03/06 06:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012/03/06 06:04:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetgps64.sys -- (AndNetGps) DRV:64bit: - [2012/03/02 15:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandmodem64.sys -- (ANDModem) DRV:64bit: - [2012/03/02 15:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslganddiag64.sys -- (AndDiag) DRV:64bit: - [2012/03/02 15:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandgps64.sys -- (AndGps) DRV:64bit: - [2012/03/02 15:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandbus64.sys -- (Andbus) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:WindowsSysNativedriversfs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversstwrt64.sys -- (STHDA) DRV:64bit: - [2011/11/24 15:43:17 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/11/24 15:40:48 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/11/24 15:40:48 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/11/12 13:05:48 | 000,111,616 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHtcUsbMdmV64.sys -- (HtcUsbMdmV64) DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversPxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversSynTP.sys -- (SynTP) DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:WindowsSysNativedriversRsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011/08/24 23:09:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsata.sys -- (amdsata) DRV:64bit: - [2011/08/24 23:09:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:WindowsSysNativedriversamdxata.sys -- (amdxata) DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversAmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversAmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/07/20 09:50:42 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:WindowsSysNativedriversC2SCSI64.SYS -- (c2scsi64) DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversiaStor.sys -- (iaStor) DRV:64bit: - [2011/05/19 15:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpmp.sys -- (bpmp) DRV:64bit: - [2011/05/19 15:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpusb.sys -- (bpusb) DRV:64bit: - [2011/05/19 15:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpenum.sys -- (bpenum) DRV:64bit: - [2011/05/17 11:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversWDKMD.sys -- (wdkmd) DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversiwdbus.sys -- (iwdbus) DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversintelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/05/15 06:16:44 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversipmidi.sys -- (ipMIDI) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:WindowsSysNativedrivershpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversAccelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/04/15 18:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversigdkmd64.sys -- (igfx) DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversloopbe1.sys -- (LoopBeMidi1) DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativedriversTurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativedriversrmcast.sys -- (RMCAST) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriverssdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativedriversvpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversvpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversvpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversvpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativedriversvpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversHECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversIntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:WindowsSysNativedriverspsi_mf.sys -- (PSI) DRV:64bit: - [2010/08/02 15:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandadb.sys -- (androidusb) DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversclwvd.sys -- (clwvd) DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedrivershtcnprot.sys -- (htcnprot) DRV:64bit: - [2010/05/25 02:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010/05/25 02:59:24 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadserd.sys -- (ssadserd) DRV:64bit: - [2010/05/25 02:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadbus.sys -- (ssadbus) DRV:64bit: - [2010/05/25 02:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010/04/19 12:53:24 | 000,067,072 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversevserial.sys -- (evserial) DRV:64bit: - [2010/04/19 12:53:24 | 000,032,768 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversevsbc.sys -- (VSBC) DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:WindowsSysNativedriversrevoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversnetr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/30 18:50:24 | 000,118,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHtcVComV64.sys -- (HtcVCom32) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversstexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversWSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversusb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversnvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversBCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversevbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversbxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversb57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedrivershcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversmcdbus.sys -- (mcdbus) DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:WindowsSysNativedrivershardlock.sys -- (Hardlock) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:WindowsSysWOW64driverswimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysWOW64driversmcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE:64bit: - HKLM..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms} IE:64bit: - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms} IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms} IE:64bit: - HKLM..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms} IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms} IE - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF IE - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF IE - HKLM..SearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms} IE - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms} IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms} IE - HKLM..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms} IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie IE - HKCU..SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKCU..SearchScopes{00628C0F-DE35-4EF3-A359-BCB0FBA65666}: "URL" = http://fileservehome...d0ebdab57409c87 IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKCU..SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-1E458EA419B3 IE - HKCU..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms} IE - HKCU..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF IE - HKCU..SearchScopes{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF IE - HKCU..SearchScopes{54D797F8-43EE-40B1-B043-D1D1569183FD}: "URL" = http://www.google.co...ie=utf8&oe=utf8 IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869 IE - HKCU..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF IE - HKCU..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms} IE - HKCU..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms} IE - HKCU..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms} IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..extensions.enabledAddons: support%40easy-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.31 FF - prefs.js..extensions.enabledAddons: fbphotozoom%40installdaddy.com:1.4 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2 FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a2 FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.10.2: C:Windowssystem32npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.10.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLMSoftwareMozillaPluginsadobe.com/AdobeAAMDetect: C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll File not found FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_5_502_146.dll () FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC) FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.) FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google) FF - HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.) FF - HKLMSoftwareMozillaPlugins@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:Program Files (x86)IntelServicesIPTnpIntelWebAPIIPT.dll (Intel Corporation) FF - HKLMSoftwareMozillaPlugins@intel-webapi.intel.com/Intel WebAPI updater: C:Program Files (x86)IntelServicesIPTnpIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3555.0308: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=15.0.4.53: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLMSoftwareMozillaPlugins@real.com/nprpplugin;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll (RealPlayer) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.) FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.) FF - HKLMSoftwareMozillaPluginsadobe.com/AdobeExManDetect: C:Program Files (x86)AdobeAdobe Extension Manager CS6npAdobeExManDetectX86.dll File not found FF - HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:UsersFlashAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINEsoftwaremozillaAurora 19.0a2extensionsComponents: C:Program Files (x86)Auroracomponents [2013/01/09 00:28:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaAurora 19.0a2extensionsPlugins: C:Program Files (x86)Auroraplugins FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsfbphotozoom@installdaddy.com: C:Program Files (x86)fbphotozoomfbphotozoom14.xpi [2012/03/17 23:06:24 | 000,102,505 | ---- | M] () FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/05/15 23:48:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/07/19 01:39:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersFlashAppDataRoamingIDMidmmzcc5 [2012/12/15 00:05:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USERsoftwaremozillaSeaMonkeyExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersFlashAppDataRoamingIDMidmmzcc5 [2012/12/15 00:05:38 | 000,000,000 | ---D | M] [2011/11/08 22:02:15 | 000,000,000 | ---D | M] (No name found) -- C:UsersFlashAppDataRoamingMozillaExtensions [2013/01/09 00:27:16 | 000,000,000 | ---D | M] (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions [2012/11/30 16:47:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2012/12/25 13:28:17 | 000,000,000 | ---D | M] (HP Detect) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012/09/05 19:24:26 | 000,005,156 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions5047ed063d883@5047ed063d8bc.info.xpi [2012/12/14 17:19:50 | 000,004,545 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionssupport@easy-hideip.com.xpi [2013/01/09 00:27:16 | 000,615,656 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionstestpilot@labs.mozilla.com.xpi [2012/12/14 17:19:21 | 000,002,578 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginsaskcom.xml [2012/12/15 00:07:18 | 000,002,531 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginssafesearch.xml [2011/11/24 12:57:19 | 000,003,915 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginssweetim.xml [2012/12/31 12:08:13 | 000,000,553 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginsWebSearch.xml [2013/01/09 00:26:43 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2011/11/08 22:50:58 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:Program Files (x86)Mozilla Firefoxextensionswebsitelogon@truesuite.com [2012/07/19 01:39:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5 [2012/03/17 23:06:24 | 000,102,505 | ---- | M] () (No name found) -- C:PROGRAM FILES (X86)FBPHOTOZOOMFBPHOTOZOOM14.XPI [2012/12/15 00:05:38 | 000,000,000 | ---D | M] (IDM CC) -- C:USERSFLASHAPPDATAROAMINGIDMIDMMZCC5 [2012/05/15 23:47:59 | 000,129,144 | ---- | M] (RealPlayer) -- C:Program Files (x86)mozilla firefoxpluginsnprpplugin.dll ========== Chrome ========== CHR - homepage: http://websearch.soft-quick.info/ O1 HOSTS File: ([2013/01/06 14:38:14 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll (Internet Download Manager, Tonec Inc.) O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation) O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:Program Files (x86)HP SimplePass 2011x64IEBHO.dll (HP) O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation) O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:Program Files (x86)HP SimplePass 2011IEBHO.dll (HP) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKCU..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation) O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation) O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..Run: [PC Pitstop PC Matic Reminder] C:Program Files (x86)PCPitstopPC MaticReminder-PCMatic.exe (PC Pitstop LLC) O4 - HKCU..Run: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe (Tonec Inc.) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: EnableShellExecuteHooks = 1 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: HideFastUserSwitching = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: SoftwareSASGeneration = 3 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableLockWorkstation = 0 O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm () O8:64bit: - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.) O8 - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm () O8 - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm () O9 - Extra Button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:Program Files (x86)Paltalk Messengerpaltalk.exe (AVM Software Inc.) O9 - Extra Button: @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EE314222-51BA-4483-9C9D-13CB37D068D6}: DhcpNameServer = 192.168.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{F95E5F27-023F-46B2-A91E-51AFCA0379D3}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18:64bit: - ProtocolHandlerms-help - No CLSID value found O18:64bit: - ProtocolHandlerskype4com - No CLSID value found O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = comfile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystemsWindows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/09 00:43:17 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes [2013/01/09 0
  7. i tried to run this twice and i got the BSOD both times
  8. here is the Combofix Log: ComboFix 13-01-05.01 - Flash 01/06/2013 14:16:59.9.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6862.4824 [GMT -5:00] Running from: c:usersFlashDesktopComp fixing stuffComboFix.exe Command switches used :: c:usersFlashDesktopComp fixing stuffCFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program files (x86)ContinueToSave c:program files (x86)ContinueToSaveuninstall.exe c:program files (x86)SoftQuick c:program files (x86)SoftQuickuninstall.exe c:programdatacontinuetosave c:programdatacontinuetosave50e1c706650d0.tlb c:programdatacontinuetosavepgjdjelpljbfoeohdfihkpjalkpglloo.crx c:programdatacontinuetosavesettings.ini c:programdatacontinuetosaveuninstall.exe c:programdataPremiumContinueToSave c:programdataPremiumContinueToSaveContinueToSave.exe c:programdataPremiumContinueToSaveDNL1.tmp{531D7ECD-DA29-4511-8E91-6FF3A122861F} c:programdataPremiumContinueToSaveprofile.ini c:windowssvchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 19:38 . 2013-01-06 19:38 -------- d-----w- c:usersPublicAppDataLocaltemp 2013-01-06 19:38 . 2013-01-06 19:38 -------- d-----w- c:usersDefaultAppDataLocaltemp 2013-01-05 04:22 . 2013-01-06 05:20 76232 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{739F38AD-C596-4616-886A-F7168F3996FF}offreg.dll 2013-01-05 04:15 . 2013-01-05 04:15 -------- d-----w- c:usersFlashAppDataRoamingCanneverbe Limited 2013-01-05 04:15 . 2013-01-05 04:15 -------- d-----w- c:programdataCanneverbe Limited 2013-01-04 20:55 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{739F38AD-C596-4616-886A-F7168F3996FF}mpengine.dll 2013-01-04 02:21 . 2013-01-04 02:21 119808 ----a-r- c:usersFlashAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe 2013-01-04 02:03 . 2013-01-04 02:03 -------- d-----w- c:programdata{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-01-03 22:04 . 2013-01-03 22:04 -------- d-----w- c:usersFlashAppDataLocalPrograms 2013-01-03 19:34 . 2013-01-03 19:34 -------- dc----w- C:_OTL 2012-12-31 17:09 . 2012-12-31 17:09 -------- d-----w- c:program files (x86)ESET 2012-12-31 17:08 . 2012-12-31 17:08 -------- d-----w- c:programdataWoW Worldwide Software LTD 2012-12-31 17:05 . 2012-12-31 17:03 308200 ----a-w- c:windowssystem32javaws.exe 2012-12-31 17:04 . 2012-12-31 17:04 108008 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll 2012-12-31 17:04 . 2012-12-31 17:03 188392 ----a-w- c:windowssystem32javaw.exe 2012-12-31 17:04 . 2012-12-31 17:03 188392 ----a-w- c:windowssystem32java.exe 2012-12-31 16:59 . 2012-11-28 15:35 95184 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll 2012-12-28 04:47 . 2013-01-06 09:26 -------- d-----w- c:programdataPCPitstop 2012-12-28 04:47 . 2012-12-28 04:47 -------- d-----w- c:program files (x86)PCPitstop 2012-12-27 07:37 . 2012-12-27 07:37 388096 ----a-r- c:usersFlashAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-12-27 07:37 . 2012-12-27 07:37 -------- d-----w- c:program files (x86)Trend Micro 2012-12-25 19:39 . 2012-12-25 19:39 -------- d-----w- c:program files (x86)sp59755 2012-12-25 19:01 . 2012-01-04 05:37 654336 ------w- c:windowssystem32stapi64.dll 2012-12-25 18:43 . 2012-01-04 05:37 535552 ----a-w- c:windowssystem32driversstwrt64.sys 2012-12-25 18:43 . 2012-01-04 05:37 448512 ----a-w- c:windowssystem32stcplx64.dll 2012-12-25 18:43 . 2012-01-04 05:37 1987072 ----a-w- c:windowssystem32stapo64.dll 2012-12-25 18:43 . 2012-12-25 18:44 -------- d-----w- c:program filesIDT 2012-12-23 19:28 . 2012-12-23 19:28 -------- d-----w- c:programdataAsk 2012-12-23 18:59 . 2012-08-24 18:13 154480 ----a-w- c:windowssystem32driversksecpkg.sys 2012-12-23 18:59 . 2012-08-24 18:09 458712 ----a-w- c:windowssystem32driverscng.sys 2012-12-23 18:59 . 2012-08-24 18:05 340992 ----a-w- c:windowssystem32schannel.dll 2012-12-23 18:59 . 2012-08-24 18:04 307200 ----a-w- c:windowssystem32ncrypt.dll 2012-12-23 18:59 . 2012-08-24 18:03 1448448 ----a-w- c:windowssystem32lsasrv.dll 2012-12-23 18:59 . 2012-08-24 16:57 247808 ----a-w- c:windowsSysWow64schannel.dll 2012-12-23 18:59 . 2012-08-24 16:57 22016 ----a-w- c:windowsSysWow64secur32.dll 2012-12-23 18:59 . 2012-08-24 16:57 220160 ----a-w- c:windowsSysWow64ncrypt.dll 2012-12-23 18:59 . 2012-08-24 16:53 96768 ----a-w- c:windowsSysWow64sspicli.dll 2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:windowssystem32atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:windowsSysWow64atmlib.dll 2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:windowssystem32atmfd.dll 2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:windowsSysWow64atmfd.dll 2012-12-19 00:38 . 2012-12-22 15:39 -------- d-----w- c:usersFlashAppDataRoamingvlc 2012-12-19 00:37 . 2012-12-24 03:01 -------- d-----w- c:program files (x86)VideoLAN 2012-12-15 05:27 . 2012-12-15 08:20 -------- d-----w- c:usersFlashDoctor Web 2012-12-15 05:05 . 2013-01-06 19:11 -------- d-----w- c:usersFlashAppDataRoamingIDM 2012-12-15 05:05 . 2012-12-15 05:05 -------- d-----w- c:program files (x86)Internet Download Manager 2012-12-15 00:36 . 2012-12-15 00:36 -------- d-----w- c:usersFlashAppDataRoamingMusicOasis 2012-12-15 00:34 . 2012-12-15 04:42 -------- d-sh--w- c:windowsSysWow64AI_RecycleBin 2012-12-14 22:19 . 2012-12-14 22:19 -------- d-----w- c:usersFlashAppDataRoamingHideIPEasy 2012-12-14 22:19 . 2012-12-14 22:19 -------- d-----w- c:programdataHideIPEasy 2012-12-14 22:18 . 2012-12-14 22:18 -------- d-----w- c:program files (x86)HideIPEasy 2012-12-14 07:52 . 2012-11-22 00:43 165112 ----a-w- c:windowssystem32driversidmwfp.sys 2012-12-13 09:49 . 2013-01-05 20:21 -------- d-----w- c:windowssystem32driversNISx641402000.013 2012-12-11 23:50 . 2012-12-11 23:50 16363960 ----a-w- c:windowsSysWow64FlashPlayerInstaller.exe 2012-12-11 21:14 . 2012-11-09 05:45 2048 ----a-w- c:windowssystem32tzres.dll 2012-12-11 21:14 . 2012-11-09 04:42 2048 ----a-w- c:windowsSysWow64tzres.dll 2012-12-11 21:14 . 2012-11-22 03:26 3149824 ----a-w- c:windowssystem32win32k.sys 2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:programdataPACE Anti-Piracy 2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:usersFlashAppDataRoamingPACE Anti-Piracy 2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:usersFlashAppDataLocalPACE Anti-Piracy 2012-12-09 17:08 . 2012-12-09 17:08 -------- d-----w- c:program files (x86)My Company Name 2012-12-08 21:15 . 2012-12-11 21:02 -------- d-----w- c:windowssystem32driversNAVx641207010.003 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-31 17:03 . 2012-01-29 20:07 1081320 ----a-w- c:windowssystem32npdeployJava1.dll 2012-12-31 17:03 . 2011-08-25 04:38 959976 ----a-w- c:windowssystem32deployJava1.dll 2012-12-14 21:49 . 2011-11-25 04:38 24176 ----a-w- c:windowssystem32driversmbam.sys 2012-12-11 23:50 . 2012-04-02 16:15 697272 ----a-w- c:windowsSysWow64FlashPlayerApp.exe 2012-12-11 23:50 . 2011-11-09 03:11 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2012-12-11 22:38 . 2011-11-09 02:12 67413224 ----a-w- c:windowssystem32MRT.exe 2012-11-19 11:46 . 2012-11-19 11:46 10 ----a-w- c:windowsFontswfonts.key 2012-11-14 15:33 . 2012-11-22 06:43 539984 ----a-w- c:windowssystem32EasyRedirect64.dll 2012-11-14 15:33 . 2012-11-22 06:43 380240 ----a-w- c:windowsSysWow64EasyRedirect.dll 2012-10-31 02:31 . 2011-12-10 16:59 165232 ---ha-w- c:usersFlashAppDataRoamingMicrosoftVirtual PCVPCKeyboard.dll 2012-10-18 03:05 . 2012-05-16 03:16 821736 ----a-w- c:windowsSysWow64npDeployJava1.dll 2012-10-18 03:05 . 2011-08-25 04:38 746984 ----a-w- c:windowsSysWow64deployJava1.dll 2012-10-16 08:38 . 2012-11-27 22:26 135168 ----a-w- c:windowsapppatchAppPatch64AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 22:26 350208 ----a-w- c:windowsapppatchAppPatch64AcLayers.dll 2012-10-16 07:39 . 2012-11-27 22:26 561664 ----a-w- c:windowsapppatchAcLayers.dll 2012-10-09 18:17 . 2012-11-15 22:37 55296 ----a-w- c:windowssystem32dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 22:37 226816 ----a-w- c:windowssystem32dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 22:37 44032 ----a-w- c:windowsSysWow64dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 22:37 193536 ----a-w- c:windowsSysWow64dhcpcore6.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2012-12-15 3541008] "ISUSPM Startup"="c:progra~2COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-08-09 221184] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "HPOSD"="c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe" [2011-01-27 318520] "PC Pitstop PC Matic Reminder"="c:program files (x86)PCPitstopPC MaticReminder-PCMatic.exe" [2012-11-15 325320] . c:programdataMicrosoftWindowsStart MenuProgramsStartup Secunia PSI Tray.lnk - c:program files (x86)SecuniaPSIpsi_tray.exe [2011-10-14 291896] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "SoftwareSASGeneration"= 3 (0x3) . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows] "RequireSignedAppInit_DLLs"=0 (0x0) "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionrun-] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" -atboottime "Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" "HP Quick Launch"=c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe "HPOSD"=c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe "HP Software Update"=c:program files (x86)HpHP Software UpdateHPWuSchd2.exe "IAStorIcon"=c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe "SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" "BCSSync"="c:program files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices "NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" "TkBellExe"="c:program files (x86)RealRealPlayerupdaterealsched.exe" -osboot "UnlockerAssistant"="c:program files (x86)UnlockerUnlockerAssistant.exe" . R0 vmci;VMware VMCI Bus Driver;c:windowssystem32DRIVERSvmci.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R2 CrossLoopService;CrossLoop Service;c:usersFlashAppDataLocalCrossLoopCrossLoopService.exe [2012-01-06 569072] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:windowssystem32DRIVERSamppal.sys [2011-08-08 299008] R3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:program filesIntelBluetoothHSBTHSAmpPalService.exe [2011-08-31 1166848] R3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32DRIVERSlgandbus64.sys [2012-03-02 19456] R3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32DRIVERSlganddiag64.sys [2012-03-02 27648] R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32DRIVERSlgandgps64.sys [2012-03-02 27136] R3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32DRIVERSlgandmodem64.sys [2012-03-02 34304] R3 andnetadb;ADB Interface DriverNet;c:windowssystem32Driverslgandnetadb.sys [2012-03-07 31744] R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32DRIVERSlgandnetdiag64.sys [2012-03-06 29184] R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32DRIVERSlgandnetgps64.sys [2012-03-06 28160] R3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32DRIVERSlgandnetmodem64.sys [2012-03-06 36352] R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32DRIVERSlgandnetndis64.sys [2012-03-06 93184] R3 androidusb;ADB Interface Driver;c:windowssystem32Driverslgandadb.sys [2010-08-02 31744] R3 BTCFilterService;USB Networking Driver Filter Service;c:windowssystem32DRIVERSmotfilt.sys [x] R3 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:program filesIntelBluetoothHSBTHSSecurityMgr.exe [2011-06-03 134928] R3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-07-28 31088] R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:windowssystem32DRIVERSevserial.sys [2010-04-19 67072] R3 ezSharedSvc;Easybits Services for Windows;c:windowsSystem32ezSharedSvcHost.exe [x] R3 FPLService;TrueSuiteService;c:program files (x86)HP SimplePass 2011TrueSuiteService.exe [2011-08-25 260424] R3 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2012-09-27 86528] R3 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-10-11 346168] R3 hpsrv;HP Service;c:windowssystem32Hpservice.exe [2011-05-13 30520] R3 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2012-03-05 35200] R3 HTCAND64;HTC Device Driver;c:windowssystem32DriversANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:windowssystem32DRIVERShtcnprot.sys [2010-06-25 36928] R3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);c:windowssystem32DRIVERSHtcUsbMdmV64.sys [2011-11-12 111616] R3 HtcVCom32;HTC Diagnostic Port;c:windowssystem32DRIVERSHtcVComV64.sys [2009-07-30 118872] R3 HW_VSP3s_Service;HW Virtual Serial Port (single);c:program files (x86)HW groupHW VSP3sHW_VSP3s_srv.exe [2010-04-20 498968] R3 IconMan_R;IconMan_R;c:program files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe [2011-11-24 2413056] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:windowssystem32driversintelaud.sys [2011-05-17 34200] R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:windowssystem32driversipmidi.sys [2011-05-15 23040] R3 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:program files (x86)IntelServicesIPTjhi_service.exe [2011-09-28 212944] R3 Macro Expert;Macro Expert;c:program files (x86)grasssoftmouse recorderMacroService.exe [2012-02-10 369152] R3 motandroidusb;Mot ADB Interface Driver;c:windowssystem32Driversmotoandroid.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:windowssystem32DRIVERSMotousbnet.sys [x] R3 PassThru Service;Internet Pass-Through Service;c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [2011-09-15 88576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-08-23 19456] R3 Revoflt;Revoflt;c:windowssystem32DRIVERSrevoflt.sys [2009-12-30 31800] R3 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-11-26 399344] R3 ScrybeUpdater;Scrybe Updater;c:program files (x86)SynapticsScrybeServiceScrybeUpdater.exe [2011-05-27 1300264] R3 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-13 160944] R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32DRIVERSssadbus.sys [2010-05-25 125416] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys [2010-05-25 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys [2010-05-25 159208] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32DRIVERSssadserd.sys [2010-05-25 126952] R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2012-08-23 30208] R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:program filesIntelTurboBoostTurboBoost.exe [2010-11-29 149504] R3 tvnserver;TightVNC Server;c:usersFlashAppDataLocalCrossLooptvnserver.exe [2010-07-21 814080] R3 UNS;Intel® Management and Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-12-22 2656280] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:windowssystem32DRIVERSVBoxNetAdp.sys [2012-06-05 147288] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:windowssystem32DRIVERSVBoxNetFlt.sys [x] R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x] R3 vpcuxd;USB Virtualization Stub Service;c:windowssystem32DRIVERSvpcuxd.sys [2010-11-20 16384] R3 VSPerfDrv100;Performance Tools Driver 10.0;c:program files (x86)Microsoft Visual Studio 10.0Team ToolsPerformance Toolsx64VSPerfDrv100.sys [2011-01-18 68440] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-11-09 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2009-07-22 61976] R4 RsFx0105;RsFx0105 Driver;c:windowssystem32DRIVERSRsFx0105.sys [2011-09-23 311144] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnSQLAGENT.EXE [2011-09-23 431464] R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184] S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2011-11-03 56208] S1 c2scsi64;c2scsi64;c:windowssystem32DRIVERSc2scsi64.sys [2011-07-20 167920] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:program filesIntelWiMAXBinDMAgent.exe [2011-06-14 498688] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592] S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys [2012-11-22 165112] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:program files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe [2012-08-23 13672] S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-12-14 682344] S2 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-11-15 86216] S2 Secunia PSI Agent;Secunia PSI Agent;c:program files (x86)SecuniaPSIPSIA.exe [2011-10-14 994360] S2 SentinelKeysServer;Sentinel Keys Server;c:program files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe [2006-08-22 316992] S2 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2012-07-16 2673064] S2 TurboB;Turbo Boost UI Monitor driver;c:windowssystem32DRIVERSTurboB.sys [2010-11-29 16120] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:program filesIntelWiMAXBinAppSrv.exe [2011-06-14 986112] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:windowssystem32DRIVERSAMPPAL.sys [2011-08-08 299008] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:windowssystem32DRIVERSbpenum.sys [2011-05-19 84480] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:windowssystem32DRIVERSbpmp.sys [2011-05-19 182272] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:windowssystem32Driversbpusb.sys [2011-05-19 83968] S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:windowssystem32DRIVERSiwdbus.sys [2011-05-17 25496] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-12-14 24176] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:windowssystem32DRIVERSnusb3hub.sys [2011-11-24 91648] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:windowssystem32DRIVERSnusb3xhc.sys [2011-11-24 208896] S3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2012-06-05 82816] S3 PSI;PSI;c:windowssystem32DRIVERSpsi_mf.sys [2010-09-01 17976] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:windowssystem32DRIVERSRtsPStor.sys [2011-11-24 338536] S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-02-17 428136] S3 Secunia Update Agent;Secunia Update Agent;c:program files (x86)SecuniaPSIsua.exe [2011-10-14 399416] S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:windowssystem32DRIVERSevsbc.sys [2010-04-19 32768] S3 wdkmd;Intel WiDi KMD;c:windowssystem32DRIVERSWDKMD.sys [2011-05-17 42392] . . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:windowsTasksAdobe Flash Player Updater.job - c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-02 23:50] . 2013-01-05 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000Core.job - c:usersFlashAppDataLocalFacebookUpdateFacebookUpdate.exe [2011-12-03 19:42] . 2013-01-06 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000UA.job - c:usersFlashAppDataLocalFacebookUpdateFacebookUpdate.exe [2011-12-03 19:42] . 2013-01-06 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-12-20 09:57] . 2013-01-06 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-12-20 09:57] . 2012-12-11 c:windowsTasksHPCeeScheduleForFLASH-HP$.job - c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15] . 2013-01-04 c:windowsTasksHPCeeScheduleForFlash.job - c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}] 2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 23496 ----a-w- c:program files (x86)Internet Download ManagerIDMShellExt64.dll . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2011-10-14 2837288] "SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2012-01-04 1425408] "IgfxTray"="c:windowssystem32igfxtray.exe" [2011-04-15 168216] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://websearch.soft-quick.info/ mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyServer = http=;ftp=;https=; uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: Download all links with IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm IE: Download with IDM - c:program files (x86)Internet Download ManagerIEExt.htm IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105 TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.default FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q= FF - prefs.js: browser.search.selectedEngine - WebSearch FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/ FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q= FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2012-12-14 17:19; support@easy-hideip.com; c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionssupport@easy-hideip.com.xpi FF - ExtSQL: 2012-12-15 00:05; mozilla_cc@internetdownloadmanager.com; c:usersFlashAppDataRoamingIDMidmmzcc5 FF - ExtSQL: 2012-12-31 12:10; 50e1c70664f41@50e1c70664f7a.com; c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.com FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-uTorrent - c:program files (x86)uTorrentuTorrent.exe AddRemove-EasyBits Magic Desktop - c:windowssystem32ezMDUninstall.exe AddRemove-SP_a8235b05 - c:program files (x86)SoftQuickuninstall.exe AddRemove-SP_e14dcdfa - c:program files (x86)ContinueToSaveuninstall.exe AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:programdatacontinuetosaveuninstall.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:program files (x86)InstallShield Installation Information{EE202411-2C26-49E8-9784-1BC1DBF7DE96}setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApproved Extensions] @Denied: (2) (LocalSystem) "{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46, 04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc "{11111111-1111-1111-1111-110011431152}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02, 15,23,5f,7f,54,6e,07,52,40,14,1d,55,46 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d, 36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0 "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83, 81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6, d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11, 5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29 . [HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:c5,e5,4a,6b,cd,9c,cd,01 . [HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{2c407552-dd87-45fc-8342-1be7ec27725e}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000ab "Therad"=dword:0000001c "SpecVersion"=dword:0000015b "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68, . [HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):79,be,d7,07,39,58,96,02,0c,14,84,83,25,5d,ff,72,9a,08,20,30,0c, f5,34,49,84,0d,2f,59,c6,5f,6e,72,1e,ca,19,30,a6,9c,f7,43,00,00,00,00,00,00, . [HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):89,fe,96,3d,99,3b,62,91,4c,af,46,ba,d1,70,4d,64,1b,11,00,a6,cf, af,58,8f,6e,74,cf,c5,9c,bb,2b,e3,58,cb,5e,ea,9f,66,02,1a,00,00,00,00,00,00, . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane30] "Key"="ActionsPane3" "Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd" . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0004AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0005AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0006AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0007AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINEsystemControlSet002ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2013-01-06 14:48:08 ComboFix-quarantined-files.txt 2013-01-06 19:48 ComboFix2.txt 2012-12-31 06:05 ComboFix3.txt 2012-12-26 02:55 . Pre-Run: 345,790,226,432 bytes free Post-Run: 346,911,227,904 bytes free . - - End Of File - - EBBD2E1998304CD690EC36ECE110FF52
  9. here is the DDS and attach log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2 Run by Flash at 23:07:31 on 2013-01-05 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6862.5127 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe -netsvcs C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\msiexec.exe c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://websearch.soft-quick.info/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://websearch.soft-quick.info/ uProxyServer = hxxp=;ftp=;https=; uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: HideFastUserSwitching = dword:0 mPolicies-System: SoftwareSASGeneration = dword:3 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab TCP: NameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6} : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\445414D4F4E423031303D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{F95E5F27-023F-46B2-A91E-51AFCA0379D3} : DHCPNameServer = 209.18.47.61 209.18.47.62 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= c:\PROGRA~2\CONTIN~1\SPROTE~1.DLL c:\PROGRA~2\SOFTQU~1\SPROTE~1.DLL SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q= FF - prefs.js: browser.search.selectedEngine - WebSearch FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/ FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q= FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Flash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - ExtSQL: 2012-12-14 17:19; support@easy-hideip.com; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\support@easy-hideip.com.xpi FF - ExtSQL: 2012-12-15 00:05; mozilla_cc@internetdownloadmanager.com; C:\Users\Flash\AppData\Roaming\IDM\idmmzcc5 FF - ExtSQL: 2012-12-31 12:10; 50e1c70664f41@50e1c70664f7a.com; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\50e1c70664f41@50e1c70664f7a.com . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-16 56208] R1 c2scsi64;c2scsi64;C:\Windows\System32\drivers\C2SCSI64.SYS [2011-7-20 167920] R2 CrossLoopService;CrossLoop Service;C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe [2011-11-27 569072] R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-11 13592] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-12-14 165112] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480] R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272] R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-11 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-24 24176] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-11 428136] R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2012-3-21 32768] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008] S3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848] S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-8-14 19456] S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-8-14 27648] S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-8-14 27136] S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-8-14 34304] S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2012-8-14 31744] S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-8-14 29184] S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;C:\Windows\System32\drivers\lgandnetgps64.sys [2012-8-14 28160] S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-8-14 36352] S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2012-8-14 93184] S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2012-8-14 31744] S3 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928] S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2012-3-21 67072] S3 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] S3 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424] S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528] S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S3 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520] S3 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2007-2-9 111616] S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872] S3 HW_VSP3s_Service;HW Virtual Serial Port (single);C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe [2012-3-21 498968] S3 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);C:\Windows\System32\drivers\ipmidi.sys [2011-5-15 23040] S3 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944] S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-12-7 31800] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-6-30 125416] S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-6-30 16872] S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-6-30 159208] S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-6-30 126952] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-23 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-10-30 16384] S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440] S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2013-01-06 04:00:49 20480 ------w- C:\Windows\svchost.exe 2013-01-05 04:22:39 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{739F38AD-C596-4616-886A-F7168F3996FF}\offreg.dll 2013-01-05 04:15:05 -------- d-----w- C:\Users\Flash\AppData\Roaming\Canneverbe Limited 2013-01-05 04:15:05 -------- d-----w- C:\ProgramData\Canneverbe Limited 2013-01-04 20:55:09 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{739F38AD-C596-4616-886A-F7168F3996FF}\mpengine.dll 2013-01-04 02:21:05 119808 ----a-r- C:\Users\Flash\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe 2013-01-04 02:03:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF} 2013-01-03 22:04:33 -------- d-----w- C:\Users\Flash\AppData\Local\Programs 2013-01-03 19:34:33 -------- dc----w- C:\_OTL 2013-01-03 00:33:10 -------- dcsh--w- C:\$RECYCLE.BIN 2013-01-03 00:20:05 -------- dcs---w- C:\ComboFix 2012-12-31 17:09:45 -------- d-----w- C:\Program Files (x86)\ESET 2012-12-31 17:08:17 -------- d-----w- C:\ProgramData\WoW Worldwide Software LTD 2012-12-31 17:08:14 -------- d-----w- C:\Program Files (x86)\SoftQuick 2012-12-31 17:07:57 -------- d-----w- C:\Program Files (x86)\ContinueToSave 2012-12-31 17:07:52 -------- d-----w- C:\ProgramData\continuetosave 2012-12-31 17:04:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-12-31 16:59:47 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-31 05:36:59 98816 ----a-w- C:\Windows\sed.exe 2012-12-31 05:36:59 256000 ----a-w- C:\Windows\PEV.exe 2012-12-31 05:36:59 208896 ----a-w- C:\Windows\MBR.exe 2012-12-28 04:47:07 -------- d-----w- C:\ProgramData\PCPitstop 2012-12-28 04:47:07 -------- d-----w- C:\Program Files (x86)\PCPitstop 2012-12-27 07:37:36 388096 ----a-r- C:\Users\Flash\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-27 07:37:36 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-12-25 19:39:34 -------- d-----w- C:\Program Files (x86)\sp59755 2012-12-25 19:01:41 654336 ------w- C:\Windows\System32\stapi64.dll 2012-12-25 18:43:31 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys 2012-12-25 18:43:30 448512 ----a-w- C:\Windows\System32\stcplx64.dll 2012-12-25 18:43:29 1987072 ----a-w- C:\Windows\System32\stapo64.dll 2012-12-25 18:43:21 -------- d-----w- C:\Program Files\IDT 2012-12-23 19:28:56 -------- d-----w- C:\ProgramData\Ask 2012-12-23 18:59:27 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-12-23 18:59:27 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-12-23 18:59:27 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-12-23 18:59:27 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-12-23 18:59:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-12-23 18:59:27 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-12-23 18:59:27 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-12-23 18:59:27 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-12-23 18:59:27 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2012-12-22 08:00:28 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 08:00:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 08:00:27 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 08:00:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-19 00:37:09 -------- d-----w- C:\Program Files (x86)\VideoLAN 2012-12-15 05:27:21 -------- d-----w- C:\Users\Flash\Doctor Web 2012-12-15 05:05:29 -------- d-----w- C:\Users\Flash\AppData\Roaming\IDM 2012-12-15 05:05:09 -------- d-----w- C:\Program Files (x86)\Internet Download Manager 2012-12-15 00:36:31 -------- d-----w- C:\Users\Flash\AppData\Roaming\MusicOasis 2012-12-15 00:34:23 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin 2012-12-14 22:19:41 -------- d-----w- C:\Users\Flash\AppData\Roaming\HideIPEasy 2012-12-14 22:19:41 -------- d-----w- C:\ProgramData\HideIPEasy 2012-12-14 22:18:51 -------- d-----w- C:\Program Files (x86)\HideIPEasy 2012-12-14 07:52:18 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2012-12-13 09:49:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402000.013 2012-12-11 23:50:23 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-12-11 21:14:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-11 21:14:18 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-11 21:14:04 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Roaming\PACE Anti-Piracy 2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Local\PACE Anti-Piracy 2012-12-09 18:07:36 -------- d-----w- C:\ProgramData\PACE Anti-Piracy 2012-12-09 17:08:33 -------- d-----w- C:\Program Files (x86)\My Company Name 2012-12-08 21:15:00 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1207010.003 . ==================== Find3M ==================== . 2012-12-31 17:03:57 959976 ----a-w- C:\Windows\System32\deployJava1.dll 2012-12-31 17:03:57 1081320 ----a-w- C:\Windows\System32\npdeployJava1.dll 2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-11 23:50:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-11 23:50:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-14 15:33:30 539984 ----a-w- C:\Windows\System32\EasyRedirect64.dll 2012-11-14 15:33:26 380240 ----a-w- C:\Windows\SysWow64\EasyRedirect.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-18 03:05:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-18 03:05:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll . ============= FINISH: 23:16:42.77 =============== attach.txt
  10. so everything seems to be a little quicker however whenever i try to put my computer to sleep or or hibernate it hangs for about 10-15 minutes then gives a BSOD the screen says DRIVER_POWER_STATE_FAILURE here is the Malwarebytes log: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.03.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Flash :: FLASH-HP [administrator] 1/3/2013 5:05:21 PM MBAM-log-2013-01-03 (19-08-44).txt Scan type: Full scan (C:|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 698561 Time elapsed: 1 hour(s), 59 minute(s), 16 second(s) Memory Processes Detected: 1 C:Windowssvchost.exe (Trojan.Agent) -> 2756 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 20 C:Program FilesAdobeAdobe After Effects CS6Support Filesamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe Bridge CS6 (64 Bit)AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe Illustrator CS6 (64 Bit)Support FilesContentsWindowsamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe Media Encoder CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe Photoshop CS6 (64 Bit)amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe Premiere Pro CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program FilesAdobeAdobe SpeedGrade CS6binamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Audition CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Bridge CS6AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Dreamweaver CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Extension Manager CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Fireworks CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Flash CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Illustrator CS6Support FilesContentsWindowsamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:Program Files (x86)AdobeAdobe Photoshop CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:UsersFlashDesktopAdobe CS6 Master Collectiona-amccs6CrackCracked amtlib.dll32-bitamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:UsersFlashDesktopAdobe CS6 Master Collectiona-amccs6CrackCracked amtlib.dll64-bitamtlib.dll (PUP.RiskwareTool.CK) -> No action taken. C:UsersFlashDownloadsMy Finished TorrentsWindows 7 Anytime Upgrade KeygenWindows 7 Anytime Upgrade Keygen.exe (PUP.RiskwareTool.CK) -> No action taken. C:_OTLMovedFiles01032013_143433C_UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5OBAM3EL150e1c7067da96[1].exe (Adware.Dropper) -> No action taken. C:Windowssvchost.exe (Trojan.Agent) -> No action taken. (end)
  11. here is the OTL log: All processes killed ========== PROCESSES ========== ========== OTL ========== Registry value HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found. File C:Program Files (x86)RelevantKnowledge not found. C:Program Files (x86)Mozilla Firefoxsearchpluginsbabylon.xml moved successfully. 64bit-Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtSearch the Web deleted successfully. Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtSearch the Web not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8AD9C840-044E-11D1-B3E9-00805F499D93} not found. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} not found. 64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} not found. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8AD9C840-044E-11D1-B3E9-00805F499D93} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found. Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found. Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully. Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully. C:WindowsSysWOW64ezUPBHook.dll moved successfully. ========== FILES ========== C:androidSilent_Toggle.apk moved successfully. C:Program Files (x86)Cheat Engine 6.1cheatengine-i386.exe moved successfully. C:Program Files (x86)ContinueToSavesprotector.dll moved successfully. C:Program Files (x86)SoftQuicksprotector.dll moved successfully. C:ProgramDatacontinuetosave50e1c706650d0.dll moved successfully. FileFolder C:UsersAll Userscontinuetosave50e1c706650d0.dll not found. C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5C4VPJEP3search_d_soft_quick[1].exe moved successfully. C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5H085FKAJsearch_d_continue_up[1].exe moved successfully. C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5OBAM3EL150e1c7067da96[1].exe moved successfully. C:UsersFlashDownloadsMy Finished TorrentsNorton Internet Security 2013 20.1.1.2 FinalActivation.rar moved successfully. C:UsersFlashDownloadsMy Finished TorrentsROXIO.CREATOR.2012.PRO-MAGNiTUDEm-rc2012.iso moved successfully. C:UsersFlashDownloadsProgramssetup.exe moved successfully. C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk moved successfully. C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unaligned moved successfully. C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unsigned moved successfully. C:WindowsSystem32controol.exe moved successfully. C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm moved successfully. FileFolder C:WindowsSysWOW64controol.exe not found. FileFolder C:WindowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Flash ->Temp folder emptied: 1609469 bytes ->Temporary Internet Files folder emptied: 8614556 bytes ->Java cache emptied: 2823287 bytes ->FireFox cache emptied: 70075555 bytes ->Flash cache emptied: 60703 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 2867 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32 (64bit) .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 42673618 bytes %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 118985 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 120.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01032013_143433 FilesFolders moved on Reboot... C:UsersFlashAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully. C:WindowstempflaC805.tmp moved successfully. File move failed. C:Windowstempgnserv.dat scheduled to be moved on reboot. File move failed. C:Windowstempspserv.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  12. here is the OTL.txt: OTL logfile created on: 1/3/2013 12:13:07 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flash\Desktop\Comp fixing stuff 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 6.70 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 56.67% Memory free 13.40 Gb Paging File | 10.44 Gb Available in Paging File | 77.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 681.46 Gb Total Space | 316.94 Gb Free Space | 46.51% Space Free | Partition Type: NTFS Drive G: | 16.88 Gb Total Space | 9.04 Gb Free Space | 53.57% Space Free | Partition Type: NTFS Computer Name: FLASH-HP | User Name: Flash | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/02 23:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flash\Desktop\Comp fixing stuff\OTL.exe PRC - [2012/12/14 23:49:58 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe PRC - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/19 09:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe PRC - [2012/08/31 20:38:26 | 000,027,328 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe PRC - [2012/02/09 21:27:34 | 000,151,552 | ---- | M] (Grass Software) -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroServiceWnd.exe PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe PRC - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe PRC - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe PRC - [2011/08/25 05:30:34 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe PRC - [2011/08/25 05:30:08 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () -- C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe PRC - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe ========== Modules (No Company Name) ========== MOD - [2012/11/18 09:21:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/18 09:21:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/18 09:21:07 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/18 09:20:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll MOD - [2011/10/13 01:15:04 | 000,075,776 | ---- | M] () -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\mk_nt.dll MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/06/14 12:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:64bit: - [2011/06/14 12:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv) SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/12/15 18:07:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/12/11 18:50:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling) SRV - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) [Auto | Running] -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe -- (Macro Expert) SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService) SRV - [2011/11/24 15:43:17 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service) SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService) SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Flash\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver) SRV - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe -- (HW_VSP3s_Service) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer) SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/12 19:31:14 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/11/21 19:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP) DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA) DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys -- (SymDS) DRV:64bit: - [2012/10/03 20:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS) DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON) DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/06/05 16:04:14 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin) DRV:64bit: - [2012/06/05 15:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2012/05/25 00:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2012/03/07 02:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb) DRV:64bit: - [2012/03/06 06:17:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis) DRV:64bit: - [2012/03/06 06:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem) DRV:64bit: - [2012/03/06 06:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag) DRV:64bit: - [2012/03/06 06:04:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetgps64.sys -- (AndNetGps) DRV:64bit: - [2012/03/02 15:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem) DRV:64bit: - [2012/03/02 15:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag) DRV:64bit: - [2012/03/02 15:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps) DRV:64bit: - [2012/03/02 15:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus) DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:64bit: - [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/11/24 15:43:17 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/11/24 15:40:48 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011/11/24 15:40:48 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2011/11/12 13:05:48 | 000,111,616 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64) DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2011/08/24 23:09:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/08/24 23:09:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/07/20 09:50:42 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64) DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/05/19 15:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) DRV:64bit: - [2011/05/19 15:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) DRV:64bit: - [2011/05/19 15:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) DRV:64bit: - [2011/05/17 11:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/05/15 06:16:44 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI) DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt) DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer) DRV:64bit: - [2011/04/15 18:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1) DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST) DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd) DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI) DRV:64bit: - [2010/08/02 15:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb) DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/05/25 02:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm) DRV:64bit: - [2010/05/25 02:59:24 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd) DRV:64bit: - [2010/05/25 02:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) DRV:64bit: - [2010/05/25 02:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) DRV:64bit: - [2010/04/19 12:53:24 | 000,067,072 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evserial.sys -- (evserial) DRV:64bit: - [2010/04/19 12:53:24 | 000,032,768 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evsbc.sys -- (VSBC) DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt) DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2009/07/30 18:50:24 | 000,118,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock) DRV - [2012/08/18 04:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120818.001\EX64.SYS -- (NAVEX15) DRV - [2012/08/18 04:00:00 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120818.001\ENG64.SYS -- (NAVENG) DRV - [2012/08/10 20:34:04 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120811.001\IDSviA64.sys -- (IDSVia64) DRV - [2012/08/10 20:28:34 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120815.002\BHDrvx64.sys -- (BHDrvx64) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/ IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms} IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKCU\..\SearchScopes\{00628C0F-DE35-4EF3-A359-BCB0FBA65666}: "URL" = http://fileservehome.com/?tmp=toolbar_FileServe_results&prt=fileservetb01ie&Keywords={searchTerms}&clid=b3b1f0482c1b45cdad0ebdab57409c87 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=8074&babsrc=SP_ss&mntrId=ba5974c600000000000064d4da5dab0f IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102874&src=kw&q={searchTerms}&locale=&apn_ptnrs=^6E&apn_dtid=^YYYYYY^YY^US&apn_uid=3c44dc2a-e5b4-4587-b32a-f1dd59c64437&apn_sauid=FF313CD1-4067-4466-AEF5-1E458EA419B3 IE - HKCU\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF IE - HKCU\..\SearchScopes\{54D797F8-43EE-40B1-B043-D1D1569183FD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&pc=ZUGO&form=ZGAIDF IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms} IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "WebSearch" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "http://websearch.soft-quick.info/?l=1&q=" FF - prefs.js..browser.search.order.1: "WebSearch" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "WebSearch" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.startup.homepage: "http://websearch.soft-quick.info/" FF - prefs.js..extensions.enabledAddons: support%40easy-hideip.com:1.0 FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4 FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.31 FF - prefs.js..extensions.enabledAddons: fbphotozoom%40installdaddy.com:1.4 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://websearch.soft-quick.info/?l=1&q=" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "*.local,192.168.*.*" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Flash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HK
  13. i tried to run this script 2 different times and both time when it reached stage 4 i recieved a BSOD
  14. this is so cool ad it really works not a joke your birth year has a name to itsimply take your birth year and type it like this as a status@[####:]when you do and post it as a status it actually changes to a name so coolMine---Jen Ringel

×
×
  • Create New...