Jump to content
Sign in to follow this  
flash0429

Multiple BSOD, comp freezes and lags....... HJT LOG

Recommended Posts

here is the HJT Log:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:46:18 AM, on 12/27/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=102874&gct=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\coIEPlg.dll

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKCU\..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe

O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: HW Virtual Serial Port (single) (HW_VSP3s_Service) - Unknown owner - C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Macro Expert - Grass Software - c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Scrybe Updater (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe

O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Users\Flash\AppData\Local\CrossLoop\tvnserver.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

--

End of file - 16769 bytes

Share this post


Link to post
Share on other sites

Hi ,

 

:wp:

 

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

 

Please download DDS by sUBs from one of the following links and save it to your desktop.

  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Share this post


Link to post
Share on other sites

here is the DDS.txt and attach.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by Flash at 18:05:18 on 2012-12-30

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6862.3646 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

c:\program files (x86)\grasssoft\mouse recorder\MacroService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

c:\program files (x86)\grasssoft\mouse recorder\MacroServiceWnd.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\System32\WerFault.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\SearchIndexer.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

-netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=102874&gct=hp

uDefault_Search_URL = hxxp://www.google.com/ie

uProxyServer = hxxp=;ftp=;https=;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\coieplg.dll

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [info Center] C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

mPolicies-System: SoftwareSASGeneration = dword:3

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-00109-0002-0009-ABCDEFFEDCBC} - <orphaned>

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\445414D4F4E423031303D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\64C6163786 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\6594A594F4 : DHCPNameServer = 192.168.1.2 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\84F6473556879724162656 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\C696E6B6379737F5F475F55343537363 : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\D496C61602B457E69637 : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{F95E5F27-023F-46B2-A91E-51AFCA0379D3} : DHCPNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=8074&babsrc=adbartrp&mntrId=ba5974c600000000000064d4da5dab0f&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll

FF - plugin: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Flash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-04 16:11; {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

FF - ExtSQL: 2012-12-12 19:31; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn

FF - ExtSQL: 2012-12-12 19:45; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn

FF - ExtSQL: 2012-12-14 17:19; support@easy-hideip.com; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\support@easy-hideip.com.xpi

FF - ExtSQL: 2012-12-15 00:05; mozilla_cc@internetdownloadmanager.com; C:\Users\Flash\AppData\Roaming\IDM\idmmzcc5

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-16 56208]

R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402000.013\symds64.sys [2012-12-13 493216]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402000.013\symefa64.sys [2012-12-13 1133216]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120815.002\BHDrvx64.sys [2012-12-12 1385120]

R1 c2scsi64;c2scsi64;C:\Windows\System32\drivers\C2SCSI64.SYS [2011-7-20 167920]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys [2012-12-13 168096]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120811.001\IDSviA64.sys [2012-12-12 512672]

R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402000.013\ironx64.sys [2012-12-13 224416]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys [2012-12-13 432800]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 CrossLoopService;CrossLoop Service;C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe [2011-11-27 569072]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 HW_VSP3s_Service;HW Virtual Serial Port (single);C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe [2012-3-21 498968]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-11 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-12-14 165112]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]

R2 Macro Expert;Macro Expert;C:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe [2012-2-9 369152]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 676936]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe [2012-12-13 143928]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]

R2 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-12-27 86216]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]

R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006-8-22 316992]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-30 2673064]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-11 2656280]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-11 317440]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-24 25928]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-11 428136]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2012-3-21 32768]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-8-14 19456]

S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-8-14 27648]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-8-14 27136]

S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-8-14 34304]

S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2012-8-14 31744]

S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-8-14 29184]

S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;C:\Windows\System32\drivers\lgandnetgps64.sys [2012-8-14 28160]

S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-8-14 36352]

S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2012-8-14 93184]

S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2012-8-14 31744]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2012-3-21 67072]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2007-2-9 111616]

S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]

S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);C:\Windows\System32\drivers\ipmidi.sys [2011-5-15 23040]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-12-7 31800]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-6-30 125416]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-6-30 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-6-30 159208]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-6-30 126952]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-23 30208]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 tvnserver;TightVNC Server;C:\Users\Flash\AppData\Local\CrossLoop\tvnserver.exe [2011-11-27 814080]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-10-30 16384]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-8 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2012-12-29 10:55:00 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACA26360-D2AA-444B-9EED-0CCF9B2E22D1}\offreg.dll

2012-12-28 16:45:31 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ACA26360-D2AA-444B-9EED-0CCF9B2E22D1}\mpengine.dll

2012-12-28 04:47:07 -------- d-----w- C:\ProgramData\PCPitstop

2012-12-28 04:47:07 -------- d-----w- C:\Program Files (x86)\PCPitstop

2012-12-27 07:37:36 388096 ----a-r- C:\Users\Flash\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-27 07:37:36 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-12-26 04:10:58 -------- dcsh--w- C:\$RECYCLE.BIN

2012-12-26 02:59:04 20480 ----a-w- C:\Windows\svchost.exe

2012-12-25 19:39:34 -------- d-----w- C:\Program Files (x86)\sp59755

2012-12-25 19:01:41 654336 ------w- C:\Windows\System32\stapi64.dll

2012-12-25 18:43:31 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2012-12-25 18:43:30 448512 ----a-w- C:\Windows\System32\stcplx64.dll

2012-12-25 18:43:29 1987072 ----a-w- C:\Windows\System32\stapo64.dll

2012-12-25 18:43:21 -------- d-----w- C:\Program Files\IDT

2012-12-23 19:28:56 -------- d-----w- C:\ProgramData\Ask

2012-12-23 18:59:27 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-12-23 18:59:27 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-12-23 18:59:27 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-12-23 18:59:27 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-12-23 18:59:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-12-23 18:59:27 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-12-23 18:59:27 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-12-23 18:59:27 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-12-23 18:59:27 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-12-22 08:00:28 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 08:00:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 08:00:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 08:00:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-19 00:37:09 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-12-15 05:27:21 -------- d-----w- C:\Users\Flash\Doctor Web

2012-12-15 05:05:29 -------- d-----w- C:\Users\Flash\AppData\Roaming\IDM

2012-12-15 05:05:09 -------- d-----w- C:\Program Files (x86)\Internet Download Manager

2012-12-15 00:36:31 -------- d-----w- C:\Users\Flash\AppData\Roaming\MusicOasis

2012-12-15 00:34:23 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2012-12-14 22:19:41 -------- d-----w- C:\Users\Flash\AppData\Roaming\HideIPEasy

2012-12-14 22:19:41 -------- d-----w- C:\ProgramData\HideIPEasy

2012-12-14 22:18:51 -------- d-----w- C:\Program Files (x86)\HideIPEasy

2012-12-14 07:52:18 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2012-12-13 09:50:24 493216 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\symds64.sys

2012-12-13 09:50:24 432800 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\symnets.sys

2012-12-13 09:50:24 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\srtspx64.sys

2012-12-13 09:50:24 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1402000.013\symelam.sys

2012-12-13 09:50:24 1133216 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\symefa64.sys

2012-12-13 09:50:23 776864 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\srtsp64.sys

2012-12-13 09:50:23 224416 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\ironx64.sys

2012-12-13 09:50:23 168096 ----a-w- C:\Windows\System32\drivers\NISx64\1402000.013\ccsetx64.sys

2012-12-13 09:49:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402000.013

2012-12-13 00:31:14 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-12-13 00:31:14 -------- d-----w- C:\Program Files\Symantec

2012-12-13 00:30:12 -------- d-----w- C:\Program Files (x86)\NortonInstaller

2012-12-11 23:50:23 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-12-11 21:14:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-11 21:14:18 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-11 21:14:04 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Roaming\PACE Anti-Piracy

2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Local\PACE Anti-Piracy

2012-12-09 18:07:36 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2012-12-09 17:21:50 -------- d-----w- C:\ProgramData\ALM

2012-12-09 17:16:18 -------- d-----w- C:\Users\Flash\Adobe Flash Builder 4.6

2012-12-09 17:08:33 -------- d-----w- C:\Program Files (x86)\My Company Name

2012-12-08 21:15:00 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1207010.003

.

==================== Find3M ====================

.

2012-12-11 23:50:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 23:50:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 15:33:30 539984 ----a-w- C:\Windows\System32\EasyRedirect64.dll

2012-11-14 15:33:26 380240 ----a-w- C:\Windows\SysWow64\EasyRedirect.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-18 03:05:16 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-18 03:05:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-18 03:05:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

.

============= FINISH: 18:10:37.47 ===============

attach.txt

Share this post


Link to post
Share on other sites

Let's try this:

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Edited by Tomk_

Share this post


Link to post
Share on other sites

Your Java is out of date and you have other old versions still on your computer, those old versions are now a security vulnerability:

 

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer - Version 7 update 10

Then:

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

 

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

here is the ESET log:

 

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6844

# api_version=3.0.2

# EOSSerial=ef88371cb22475449c159e6432c7fcdd

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2013-01-01 05:43:53

# local_time=2013-01-01 12:43:53 (-0500, Eastern Standard Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=3591 16777213 100 91 596804 119568818 0 0

# compatibility_mode=5893 16776573 100 94 0 108605683 0 0

# scanned=626233

# found=19

# cleaned=0

# scan_time=32640

C:androidSilent_Toggle.apk a variant of Android/Leadbolt.C application (unable to clean) C87A88C981B6D9AC3C42091977605002A94B0018 I

C:Program Files (x86)Cheat Engine 6.1cheatengine-i386.exe a variant of Win32/HackTool.CheatEngine.AB application (unable to clean) 42641E6015220DB5095B28606C82C003E2DB097B I

C:Program Files (x86)ContinueToSavesprotector.dll a variant of Win32/SProtector.A application (unable to clean) 7C8407AEECE77AA6102BDF58A4FAD397741089C0 I

C:Program Files (x86)SoftQuicksprotector.dll a variant of Win32/SProtector.A application (unable to clean) 40235157E8BA4C16F3189D522C630DB08F21E207 I

C:ProgramDatacontinuetosave50e1c706650d0.dll Win32/Adware.MultiPlug.G application (unable to clean) D4622558BA366F2F94560DA301A81C6C16F95A3C I

C:UsersAll Userscontinuetosave50e1c706650d0.dll Win32/Adware.MultiPlug.G application (unable to clean) D4622558BA366F2F94560DA301A81C6C16F95A3C I

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5C4VPJEP3search_d_soft_quick[1].exe a variant of Win32/SProtector.A application (unable to clean) 0CE1AE404D2F53E6D538474DB9C4742BE9A2DB4C I

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5H085FKAJsearch_d_continue_up[1].exe a variant of Win32/SProtector.A application (unable to clean) B15ABA4087C9211363EE29A742A0FFBC77DA16F9 I

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5OBAM3EL150e1c7067da96[1].exe Win32/Adware.MultiPlug.G application (unable to clean) 851A335FEAF6F29A583669D9284FE47303FEEF8F I

C:UsersFlashDownloadsMy Finished TorrentsNorton Internet Security 2013 20.1.1.2 FinalActivation.rar multiple threats (unable to clean) 0321DB4EFC6863A51AACF2E8C02EACAAD25742F5 I

C:UsersFlashDownloadsMy Finished TorrentsROXIO.CREATOR.2012.PRO-MAGNiTUDEm-rc2012.iso a variant of Win32/Packed.VMProtect.AAD trojan (unable to clean) 5B30BA15AEF2D1EA468B2AD729200F1DE57B3D6B I

C:UsersFlashDownloadsProgramssetup.exe Win32/InstalleRex.E.Gen application (unable to clean) 066C48B38E36892CE921FA9BB765A4691A3E4B8B I

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk a variant of Android/Leadbolt.C application (unable to clean) E30159A1EFDA52817D4DD45C6730F057BDC7D9E4 I

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unaligned a variant of Android/Leadbolt.C application (unable to clean) CBD6874A77FB87F04404F6B5AA5D718846587D4C I

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unsigned a variant of Android/Leadbolt.C application (unable to clean) C1E300B6967C2D0CDD8BC54D9B02E5149A0F7E2A I

C:WindowsSystem32controol.exe Win32/BHO.ODX trojan (unable to clean) C85700B11159F33B794772AC6496F0231964D9C5 I

C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm HTML/Iframe.B.Gen virus (unable to clean) 3E77BDF1BB7C771FD119CE4C1D7CFEA0620807AB I

C:WindowsSysWOW64controol.exe Win32/BHO.ODX trojan (unable to clean) C85700B11159F33B794772AC6496F0231964D9C5 I

C:WindowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm HTML/Iframe.B.Gen virus (unable to clean) 3E77BDF1BB7C771FD119CE4C1D7CFEA0620807AB I

Share this post


Link to post
Share on other sites

Downloading pirated files is the quickest way I know to get a serious infection. The vast majority are infected. As you can see... alot of them carry multiple infections.

 

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    File::
    C:\android\Silent_Toggle.apk
    C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe
    C:\Program Files (x86)\ContinueToSave\sprotector.dll
    C:\Program Files (x86)\SoftQuick\sprotector.dll
    C:\ProgramData\continuetosave\50e1c706650d0.dll
    C:\Users\All Users\continuetosave\50e1c706650d0.dll
    C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4VPJEP3\search_d_soft_quick[1].exe
    C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H085FKAJ\search_d_continue_up[1].exe
    C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBAM3EL1\50e1c7067da96[1].exe
    C:\Users\Flash\Downloads\My Finished Torrents\Norton Internet Security 2013 20.1.1.2 Final\Activation.rar
    C:\Users\Flash\Downloads\My Finished Torrents\ROXIO.CREATOR.2012.PRO-MAGNiTUDE\m-rc2012.iso
    C:\Users\Flash\Downloads\Programs\setup.exe
    C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk
    C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk.unaligned
    C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk.unsigned
    C:\Windows\System32\controol.exe
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO3AFUY\all-videos[1].htm
    C:\Windows\SysWOW64\controol.exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO3AFUY\all-videos[1].htm
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

Hmmm... that's interesting as I don't believe that the script is even triggered at stage 4...

 

Let's get a look with a different log.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

     

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

here is the OTL.txt:

 

OTL logfile created on: 1/3/2013 12:13:07 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Flash\Desktop\Comp fixing stuff

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.70 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 56.67% Memory free

13.40 Gb Paging File | 10.44 Gb Available in Paging File | 77.93% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 681.46 Gb Total Space | 316.94 Gb Free Space | 46.51% Space Free | Partition Type: NTFS

Drive G: | 16.88 Gb Total Space | 9.04 Gb Free Space | 53.57% Space Free | Partition Type: NTFS

 

Computer Name: FLASH-HP | User Name: Flash | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/01/02 23:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Flash\Desktop\Comp fixing stuff\OTL.exe

PRC - [2012/12/14 23:49:58 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe

PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

PRC - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccsvchst.exe

PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/09/19 09:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe

PRC - [2012/08/31 20:38:26 | 000,027,328 | ---- | M] (PC Pitstop LLC) -- C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe

PRC - [2012/02/09 21:27:34 | 000,151,552 | ---- | M] (Grass Software) -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroServiceWnd.exe

PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe

PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe

PRC - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

PRC - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe

PRC - [2011/08/25 05:30:34 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe

PRC - [2011/08/25 05:30:08 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe

PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe

PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe

PRC - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () -- C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe

PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

PRC - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/11/18 09:21:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll

MOD - [2012/11/18 09:21:37 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll

MOD - [2012/11/18 09:21:07 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll

MOD - [2012/11/18 09:20:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll

MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\wincfi39.dll

MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:\Program Files\TortoiseSVN\bin\libsasl32.dll

MOD - [2011/10/13 01:15:04 | 000,075,776 | ---- | M] () -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\mk_nt.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/06/14 12:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)

SRV:64bit: - [2011/06/14 12:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)

SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/12/15 18:07:52 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/11 18:50:28 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2012/10/10 21:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) [Auto | Running] -- c:\Program Files (x86)\GrassSoft\Mouse Recorder\MacroService.exe -- (Macro Expert)

SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe -- (CrossLoopService)

SRV - [2011/11/24 15:43:17 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)

SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)

SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)

SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Users\Flash\AppData\Local\CrossLoop\tvnserver.exe -- (tvnserver)

SRV - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe -- (HW_VSP3s_Service)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/12/12 19:31:14 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2012/11/21 19:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/10/08 20:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2012/10/03 20:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symefa64.sys -- (SymEFA)

DRV:64bit: - [2012/10/03 20:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symds64.sys -- (SymDS)

DRV:64bit: - [2012/10/03 20:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/09/06 21:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\symnets.sys -- (SymNetS)

DRV:64bit: - [2012/09/06 20:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\ironx64.sys -- (SymIRON)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/06/05 16:04:14 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2012/06/05 15:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2012/05/25 00:36:55 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1402000.013\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/03/07 02:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)

DRV:64bit: - [2012/03/06 06:17:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetndis64.sys -- (andnetndis)

DRV:64bit: - [2012/03/06 06:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)

DRV:64bit: - [2012/03/06 06:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)

DRV:64bit: - [2012/03/06 06:04:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetgps64.sys -- (AndNetGps)

DRV:64bit: - [2012/03/02 15:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)

DRV:64bit: - [2012/03/02 15:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)

DRV:64bit: - [2012/03/02 15:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)

DRV:64bit: - [2012/03/02 15:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/20 11:36:58 | 011,471,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64)

DRV:64bit: - [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/11/24 15:43:17 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/11/24 15:40:48 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/11/24 15:40:48 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/11/12 13:05:48 | 000,111,616 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)

DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)

DRV:64bit: - [2011/08/24 23:09:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/08/24 23:09:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/07/20 09:50:42 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\C2SCSI64.SYS -- (c2scsi64)

DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/19 15:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)

DRV:64bit: - [2011/05/19 15:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)

DRV:64bit: - [2011/05/19 15:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)

DRV:64bit: - [2011/05/17 11:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/05/15 06:16:44 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipmidi.sys -- (ipMIDI)

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/04/15 18:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\loopbe1.sys -- (LoopBeMidi1)

DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)

DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)

DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)

DRV:64bit: - [2010/08/02 15:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandadb.sys -- (androidusb)

DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/05/25 02:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2010/05/25 02:59:24 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)

DRV:64bit: - [2010/05/25 02:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)

DRV:64bit: - [2010/05/25 02:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2010/04/19 12:53:24 | 000,067,072 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evserial.sys -- (evserial)

DRV:64bit: - [2010/04/19 12:53:24 | 000,032,768 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\evsbc.sys -- (VSBC)

DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/30 18:50:24 | 000,118,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)

DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)

DRV - [2012/08/18 04:00:00 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120818.001\EX64.SYS -- (NAVEX15)

DRV - [2012/08/18 04:00:00 | 000,125,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20120818.001\ENG64.SYS -- (NAVENG)

DRV - [2012/08/10 20:34:04 | 000,512,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20120811.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/08/10 20:28:34 | 001,385,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20120815.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.soft-quick.info/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKCU\..\SearchScopes\{00628C0F-DE35-4EF3-A359-BCB0FBA65666}: "URL" = http://fileservehome.com/?tmp=toolbar_FileServe_results&prt=fileservetb01ie&Keywords={searchTerms}&clid=b3b1f0482c1b45cdad0ebdab57409c87

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=8074&babsrc=SP_ss&mntrId=ba5974c600000000000064d4da5dab0f

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=HIP&o=102874&src=kw&q={searchTerms}&locale=&apn_ptnrs=^6E&apn_dtid=^YYYYYY^YY^US&apn_uid=3c44dc2a-e5b4-4587-b32a-f1dd59c64437&apn_sauid=FF313CD1-4067-4466-AEF5-1E458EA419B3

IE - HKCU\..\SearchScopes\{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF

IE - HKCU\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\..\SearchScopes\{54D797F8-43EE-40B1-B043-D1D1569183FD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&pc=ZUGO&form=ZGAIDF

IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.soft-quick.info/?l=1&q={searchTerms}

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\..\SearchScopes\{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "WebSearch"

FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"

FF - prefs.js..browser.search.defaultthis.engineName: ""

FF - prefs.js..browser.search.defaulturl: "http://websearch.soft-quick.info/?l=1&q="

FF - prefs.js..browser.search.order.1: "WebSearch"

FF - prefs.js..browser.search.order.1,S: S", "WebSearch"

FF - prefs.js..browser.search.selectedEngine: "WebSearch"

FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"

FF - prefs.js..browser.startup.homepage: "http://websearch.soft-quick.info/"

FF - prefs.js..extensions.enabledAddons: support%40easy-hideip.com:1.0

FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.31

FF - prefs.js..extensions.enabledAddons: fbphotozoom%40installdaddy.com:1.4

FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145

FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1

FF - prefs.js..keyword.URL: "http://websearch.soft-quick.info/?l=1&q="

FF - prefs.js..network.proxy.gopher: ""

FF - prefs.js..network.proxy.gopher_port: 0

FF - prefs.js..network.proxy.no_proxies_on: "*.local,192.168.*.*"

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.type: 0

FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""

FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""

FF - prefs.js..browser.startup.homepage: ""

FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""

 

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Flash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

 

FF - HK

Share this post


Link to post
Share on other sites

Double click on OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
[2011/11/24 13:05:35 | 000,002,308 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

:Files
C:\android\Silent_Toggle.apk
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe
C:\Program Files (x86)\ContinueToSave\sprotector.dll
C:\Program Files (x86)\SoftQuick\sprotector.dll
C:\ProgramData\continuetosave\50e1c706650d0.dll
C:\Users\All Users\continuetosave\50e1c706650d0.dll
C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4VPJEP3\search_d_soft_quick[1].exe
C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H085FKAJ\search_d_continue_up[1].exe
C:\Users\Flash\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OBAM3EL1\50e1c7067da96[1].exe
C:\Users\Flash\Downloads\My Finished Torrents\Norton Internet Security 2013 20.1.1.2 Final\Activation.rar
C:\Users\Flash\Downloads\My Finished Torrents\ROXIO.CREATOR.2012.PRO-MAGNiTUDE\m-rc2012.iso
C:\Users\Flash\Downloads\Programs\setup.exe
C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk
C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk.unaligned
C:\Users\Flash\Flash-Productions\Silent-Toggle\Silent_Toggle\out\production\Silent_Toggle\Silent_Toggle.apk.unsigned
C:\Windows\System32\controol.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO3AFUY\all-videos[1].htm
C:\Windows\SysWOW64\controol.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CNO3AFUY\all-videos[1].htm

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

Share this post


Link to post
Share on other sites

here is the OTL log:

 

All processes killed

========== PROCESSES ==========

========== OTL ==========

Registry value HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found.

File C:Program Files (x86)RelevantKnowledge not found.

C:Program Files (x86)Mozilla Firefoxsearchpluginsbabylon.xml moved successfully.

64bit-Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtSearch the Web deleted successfully.

Registry key HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExtSearch the Web not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{8AD9C840-044E-11D1-B3E9-00805F499D93} not found.

Starting removal of ActiveX control {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{E54729E8-BB3D-4270-9D49-7389EA579090} deleted successfully.

C:WindowsSysWOW64ezUPBHook.dll moved successfully.

========== FILES ==========

C:androidSilent_Toggle.apk moved successfully.

C:Program Files (x86)Cheat Engine 6.1cheatengine-i386.exe moved successfully.

C:Program Files (x86)ContinueToSavesprotector.dll moved successfully.

C:Program Files (x86)SoftQuicksprotector.dll moved successfully.

C:ProgramDatacontinuetosave50e1c706650d0.dll moved successfully.

FileFolder C:UsersAll Userscontinuetosave50e1c706650d0.dll not found.

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5C4VPJEP3search_d_soft_quick[1].exe moved successfully.

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5H085FKAJsearch_d_continue_up[1].exe moved successfully.

C:UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5OBAM3EL150e1c7067da96[1].exe moved successfully.

C:UsersFlashDownloadsMy Finished TorrentsNorton Internet Security 2013 20.1.1.2 FinalActivation.rar moved successfully.

C:UsersFlashDownloadsMy Finished TorrentsROXIO.CREATOR.2012.PRO-MAGNiTUDEm-rc2012.iso moved successfully.

C:UsersFlashDownloadsProgramssetup.exe moved successfully.

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk moved successfully.

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unaligned moved successfully.

C:UsersFlashFlash-ProductionsSilent-ToggleSilent_ToggleoutproductionSilent_ToggleSilent_Toggle.apk.unsigned moved successfully.

C:WindowsSystem32controol.exe moved successfully.

C:WindowsSystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm moved successfully.

FileFolder C:WindowsSysWOW64controol.exe not found.

FileFolder C:WindowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5CNO3AFUYall-videos[1].htm not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Flash

->Temp folder emptied: 1609469 bytes

->Temporary Internet Files folder emptied: 8614556 bytes

->Java cache emptied: 2823287 bytes

->FireFox cache emptied: 70075555 bytes

->Flash cache emptied: 60703 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 2867 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 42673618 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 118985 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 120.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01032013_143433

 

FilesFolders moved on Reboot...

C:UsersFlashAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

C:WindowstempflaC805.tmp moved successfully.

File move failed. C:Windowstempgnserv.dat scheduled to be moved on reboot.

File move failed. C:Windowstempspserv.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Please run a malwarebytes scan (after updating) and post the log if it finds anything. Also, please let me know how things seem to be running now.

Share this post


Link to post
Share on other sites

so everything seems to be a little quicker however whenever i try to put my computer to sleep or or hibernate it hangs for about 10-15 minutes then gives a BSOD the screen says DRIVER_POWER_STATE_FAILURE

 

here is the Malwarebytes log:

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.01.03.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Flash :: FLASH-HP [administrator]

 

1/3/2013 5:05:21 PM

MBAM-log-2013-01-03 (19-08-44).txt

 

Scan type: Full scan (C:|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 698561

Time elapsed: 1 hour(s), 59 minute(s), 16 second(s)

 

Memory Processes Detected: 1

C:Windowssvchost.exe (Trojan.Agent) -> 2756 -> No action taken.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 20

C:Program FilesAdobeAdobe After Effects CS6Support Filesamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe Bridge CS6 (64 Bit)AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe Illustrator CS6 (64 Bit)Support FilesContentsWindowsamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe Media Encoder CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe Photoshop CS6 (64 Bit)amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe Premiere Pro CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program FilesAdobeAdobe SpeedGrade CS6binamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Audition CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Bridge CS6AMTLib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Dreamweaver CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Extension Manager CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Fireworks CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Flash CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Illustrator CS6Support FilesContentsWindowsamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:Program Files (x86)AdobeAdobe Photoshop CS6amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:UsersFlashDesktopAdobe CS6 Master Collectiona-amccs6CrackCracked amtlib.dll32-bitamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:UsersFlashDesktopAdobe CS6 Master Collectiona-amccs6CrackCracked amtlib.dll64-bitamtlib.dll (PUP.RiskwareTool.CK) -> No action taken.

C:UsersFlashDownloadsMy Finished TorrentsWindows 7 Anytime Upgrade KeygenWindows 7 Anytime Upgrade Keygen.exe (PUP.RiskwareTool.CK) -> No action taken.

C:_OTLMovedFiles01032013_143433C_UsersFlashAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5OBAM3EL150e1c7067da96[1].exe (Adware.Dropper) -> No action taken.

C:Windowssvchost.exe (Trojan.Agent) -> No action taken.

 

(end)

Share this post


Link to post
Share on other sites

OK... please rerun Mbam and this time have it remove all of those. Then go ahead and uninstall all of the pirated software on your system.

 

After that... please rerun DDS and post both logs please.

Share this post


Link to post
Share on other sites

here is the DDS and attach log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2

Run by Flash at 23:07:31 on 2013-01-05

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6862.5127 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe

-netsvcs

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\msiexec.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe

C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe

C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://websearch.soft-quick.info/

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://websearch.soft-quick.info/

uProxyServer = hxxp=;ftp=;https=;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [PC Pitstop PC Matic Reminder] C:\Program Files (x86)\PCPitstop\PC Matic\Reminder-PCMatic.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: EnableShellExecuteHooks = dword:1

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: HideFastUserSwitching = dword:0

mPolicies-System: SoftwareSASGeneration = dword:3

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files (x86)\Paltalk Messenger\Paltalk.exe

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

TCP: NameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6} : DHCPNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{EE314222-51BA-4483-9C9D-13CB37D068D6}\445414D4F4E423031303D20534F5E4564777F627B6 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{F95E5F27-023F-46B2-A91E-51AFCA0379D3} : DHCPNameServer = 209.18.47.61 209.18.47.62

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\PROGRA~2\CONTIN~1\SPROTE~1.DLL c:\PROGRA~2\SOFTQU~1\SPROTE~1.DLL

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/

FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Flash\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dll

FF - plugin: C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - ExtSQL: 2012-12-14 17:19; support@easy-hideip.com; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\support@easy-hideip.com.xpi

FF - ExtSQL: 2012-12-15 00:05; mozilla_cc@internetdownloadmanager.com; C:\Users\Flash\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2012-12-31 12:10; 50e1c70664f41@50e1c70664f7a.com; C:\Users\Flash\AppData\Roaming\Mozilla\Firefox\Profiles\txknz5s1.default\extensions\50e1c70664f41@50e1c70664f7a.com

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-7-16 56208]

R1 c2scsi64;c2scsi64;C:\Windows\System32\drivers\C2SCSI64.SYS [2011-7-20 167920]

R2 CrossLoopService;CrossLoop Service;C:\Users\Flash\AppData\Local\CrossLoop\CrossLoopService.exe [2011-11-27 569072]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-11 13592]

R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-12-14 165112]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2011-5-19 84480]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2011-5-19 182272]

R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2011-5-19 83968]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-11 317440]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-24 24176]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-24 91648]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-24 208896]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-11 428136]

R3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\Windows\System32\drivers\evsbc.sys [2012-3-21 32768]

R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-5-17 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

S3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2012-8-14 19456]

S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2012-8-14 27648]

S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2012-8-14 27136]

S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2012-8-14 34304]

S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2012-8-14 31744]

S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-8-14 29184]

S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;C:\Windows\System32\drivers\lgandnetgps64.sys [2012-8-14 28160]

S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-8-14 36352]

S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2012-8-14 93184]

S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2012-8-14 31744]

S3 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

S3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]

S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\Windows\System32\drivers\evserial.sys [2012-3-21 67072]

S3 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]

S3 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]

S3 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

S3 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S3 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

S3 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2007-2-9 111616]

S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]

S3 HW_VSP3s_Service;HW Virtual Serial Port (single);C:\Program Files (x86)\HW group\HW VSP3s\HW_VSP3s_srv.exe [2012-3-21 498968]

S3 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-24 2413056]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]

S3 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

S3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);C:\Windows\System32\drivers\ipmidi.sys [2011-5-15 23040]

S3 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-9-28 212944]

S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-23 19456]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-12-7 31800]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-6-30 125416]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-6-30 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-6-30 159208]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2012-6-30 126952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-23 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-10-30 16384]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-1-18 68440]

S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-01-06 04:00:49 20480 ------w- C:\Windows\svchost.exe

2013-01-05 04:22:39 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{739F38AD-C596-4616-886A-F7168F3996FF}\offreg.dll

2013-01-05 04:15:05 -------- d-----w- C:\Users\Flash\AppData\Roaming\Canneverbe Limited

2013-01-05 04:15:05 -------- d-----w- C:\ProgramData\Canneverbe Limited

2013-01-04 20:55:09 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{739F38AD-C596-4616-886A-F7168F3996FF}\mpengine.dll

2013-01-04 02:21:05 119808 ----a-r- C:\Users\Flash\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe

2013-01-04 02:03:30 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-01-03 22:04:33 -------- d-----w- C:\Users\Flash\AppData\Local\Programs

2013-01-03 19:34:33 -------- dc----w- C:\_OTL

2013-01-03 00:33:10 -------- dcsh--w- C:\$RECYCLE.BIN

2013-01-03 00:20:05 -------- dcs---w- C:\ComboFix

2012-12-31 17:09:45 -------- d-----w- C:\Program Files (x86)\ESET

2012-12-31 17:08:17 -------- d-----w- C:\ProgramData\WoW Worldwide Software LTD

2012-12-31 17:08:14 -------- d-----w- C:\Program Files (x86)\SoftQuick

2012-12-31 17:07:57 -------- d-----w- C:\Program Files (x86)\ContinueToSave

2012-12-31 17:07:52 -------- d-----w- C:\ProgramData\continuetosave

2012-12-31 17:04:29 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-12-31 16:59:47 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-31 05:36:59 98816 ----a-w- C:\Windows\sed.exe

2012-12-31 05:36:59 256000 ----a-w- C:\Windows\PEV.exe

2012-12-31 05:36:59 208896 ----a-w- C:\Windows\MBR.exe

2012-12-28 04:47:07 -------- d-----w- C:\ProgramData\PCPitstop

2012-12-28 04:47:07 -------- d-----w- C:\Program Files (x86)\PCPitstop

2012-12-27 07:37:36 388096 ----a-r- C:\Users\Flash\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-12-27 07:37:36 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-12-25 19:39:34 -------- d-----w- C:\Program Files (x86)\sp59755

2012-12-25 19:01:41 654336 ------w- C:\Windows\System32\stapi64.dll

2012-12-25 18:43:31 535552 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2012-12-25 18:43:30 448512 ----a-w- C:\Windows\System32\stcplx64.dll

2012-12-25 18:43:29 1987072 ----a-w- C:\Windows\System32\stapo64.dll

2012-12-25 18:43:21 -------- d-----w- C:\Program Files\IDT

2012-12-23 19:28:56 -------- d-----w- C:\ProgramData\Ask

2012-12-23 18:59:27 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-12-23 18:59:27 458712 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-12-23 18:59:27 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-12-23 18:59:27 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-12-23 18:59:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-12-23 18:59:27 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-12-23 18:59:27 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-12-23 18:59:27 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-12-23 18:59:27 1448448 ----a-w- C:\Windows\System32\lsasrv.dll

2012-12-22 08:00:28 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-22 08:00:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-22 08:00:27 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-22 08:00:26 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-19 00:37:09 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-12-15 05:27:21 -------- d-----w- C:\Users\Flash\Doctor Web

2012-12-15 05:05:29 -------- d-----w- C:\Users\Flash\AppData\Roaming\IDM

2012-12-15 05:05:09 -------- d-----w- C:\Program Files (x86)\Internet Download Manager

2012-12-15 00:36:31 -------- d-----w- C:\Users\Flash\AppData\Roaming\MusicOasis

2012-12-15 00:34:23 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2012-12-14 22:19:41 -------- d-----w- C:\Users\Flash\AppData\Roaming\HideIPEasy

2012-12-14 22:19:41 -------- d-----w- C:\ProgramData\HideIPEasy

2012-12-14 22:18:51 -------- d-----w- C:\Program Files (x86)\HideIPEasy

2012-12-14 07:52:18 165112 ----a-w- C:\Windows\System32\drivers\idmwfp.sys

2012-12-13 09:49:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402000.013

2012-12-11 23:50:23 16363960 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-12-11 21:14:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-11 21:14:18 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-11 21:14:04 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Roaming\PACE Anti-Piracy

2012-12-09 18:07:36 -------- d-----w- C:\Users\Flash\AppData\Local\PACE Anti-Piracy

2012-12-09 18:07:36 -------- d-----w- C:\ProgramData\PACE Anti-Piracy

2012-12-09 17:08:33 -------- d-----w- C:\Program Files (x86)\My Company Name

2012-12-08 21:15:00 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1207010.003

.

==================== Find3M ====================

.

2012-12-31 17:03:57 959976 ----a-w- C:\Windows\System32\deployJava1.dll

2012-12-31 17:03:57 1081320 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-11 23:50:28 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-11 23:50:28 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-14 15:33:30 539984 ----a-w- C:\Windows\System32\EasyRedirect64.dll

2012-11-14 15:33:26 380240 ----a-w- C:\Windows\SysWow64\EasyRedirect.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-18 03:05:16 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-10-18 03:05:16 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

.

============= FINISH: 23:16:42.77 ===============

attach.txt

Share this post


Link to post
Share on other sites

COMBOFIX-Script

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    DDS::
    uStart Page = hxxp://websearch.soft-quick.info/
    mStart Page = hxxp://websearch.soft-quick.info/
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/
    FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=
    
    Folder::
    C:\ProgramData\Premium\ContinueToSave
    C:\ProgramData\continuetosave
    C:\Program Files (x86)\ContinueToSave
    C:\Program Files (x86)\SoftQuick
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Share this post


Link to post
Share on other sites

here is the Combofix Log:

 

ComboFix 13-01-05.01 - Flash 01/06/2013 14:16:59.9.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6862.4824 [GMT -5:00]

Running from: c:usersFlashDesktopComp fixing stuffComboFix.exe

Command switches used :: c:usersFlashDesktopComp fixing stuffCFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:program files (x86)ContinueToSave

c:program files (x86)ContinueToSaveuninstall.exe

c:program files (x86)SoftQuick

c:program files (x86)SoftQuickuninstall.exe

c:programdatacontinuetosave

c:programdatacontinuetosave50e1c706650d0.tlb

c:programdatacontinuetosavepgjdjelpljbfoeohdfihkpjalkpglloo.crx

c:programdatacontinuetosavesettings.ini

c:programdatacontinuetosaveuninstall.exe

c:programdataPremiumContinueToSave

c:programdataPremiumContinueToSaveContinueToSave.exe

c:programdataPremiumContinueToSaveDNL1.tmp{531D7ECD-DA29-4511-8E91-6FF3A122861F}

c:programdataPremiumContinueToSaveprofile.ini

c:windowssvchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))

.

.

2013-01-06 19:38 . 2013-01-06 19:38 -------- d-----w- c:usersPublicAppDataLocaltemp

2013-01-06 19:38 . 2013-01-06 19:38 -------- d-----w- c:usersDefaultAppDataLocaltemp

2013-01-05 04:22 . 2013-01-06 05:20 76232 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{739F38AD-C596-4616-886A-F7168F3996FF}offreg.dll

2013-01-05 04:15 . 2013-01-05 04:15 -------- d-----w- c:usersFlashAppDataRoamingCanneverbe Limited

2013-01-05 04:15 . 2013-01-05 04:15 -------- d-----w- c:programdataCanneverbe Limited

2013-01-04 20:55 . 2012-11-08 17:24 9125352 ----a-w- c:programdataMicrosoftWindows DefenderDefinition Updates{739F38AD-C596-4616-886A-F7168F3996FF}mpengine.dll

2013-01-04 02:21 . 2013-01-04 02:21 119808 ----a-r- c:usersFlashAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe

2013-01-04 02:03 . 2013-01-04 02:03 -------- d-----w- c:programdata{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-01-03 22:04 . 2013-01-03 22:04 -------- d-----w- c:usersFlashAppDataLocalPrograms

2013-01-03 19:34 . 2013-01-03 19:34 -------- dc----w- C:_OTL

2012-12-31 17:09 . 2012-12-31 17:09 -------- d-----w- c:program files (x86)ESET

2012-12-31 17:08 . 2012-12-31 17:08 -------- d-----w- c:programdataWoW Worldwide Software LTD

2012-12-31 17:05 . 2012-12-31 17:03 308200 ----a-w- c:windowssystem32javaws.exe

2012-12-31 17:04 . 2012-12-31 17:04 108008 ----a-w- c:windowssystem32WindowsAccessBridge-64.dll

2012-12-31 17:04 . 2012-12-31 17:03 188392 ----a-w- c:windowssystem32javaw.exe

2012-12-31 17:04 . 2012-12-31 17:03 188392 ----a-w- c:windowssystem32java.exe

2012-12-31 16:59 . 2012-11-28 15:35 95184 ----a-w- c:windowsSysWow64WindowsAccessBridge-32.dll

2012-12-28 04:47 . 2013-01-06 09:26 -------- d-----w- c:programdataPCPitstop

2012-12-28 04:47 . 2012-12-28 04:47 -------- d-----w- c:program files (x86)PCPitstop

2012-12-27 07:37 . 2012-12-27 07:37 388096 ----a-r- c:usersFlashAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-12-27 07:37 . 2012-12-27 07:37 -------- d-----w- c:program files (x86)Trend Micro

2012-12-25 19:39 . 2012-12-25 19:39 -------- d-----w- c:program files (x86)sp59755

2012-12-25 19:01 . 2012-01-04 05:37 654336 ------w- c:windowssystem32stapi64.dll

2012-12-25 18:43 . 2012-01-04 05:37 535552 ----a-w- c:windowssystem32driversstwrt64.sys

2012-12-25 18:43 . 2012-01-04 05:37 448512 ----a-w- c:windowssystem32stcplx64.dll

2012-12-25 18:43 . 2012-01-04 05:37 1987072 ----a-w- c:windowssystem32stapo64.dll

2012-12-25 18:43 . 2012-12-25 18:44 -------- d-----w- c:program filesIDT

2012-12-23 19:28 . 2012-12-23 19:28 -------- d-----w- c:programdataAsk

2012-12-23 18:59 . 2012-08-24 18:13 154480 ----a-w- c:windowssystem32driversksecpkg.sys

2012-12-23 18:59 . 2012-08-24 18:09 458712 ----a-w- c:windowssystem32driverscng.sys

2012-12-23 18:59 . 2012-08-24 18:05 340992 ----a-w- c:windowssystem32schannel.dll

2012-12-23 18:59 . 2012-08-24 18:04 307200 ----a-w- c:windowssystem32ncrypt.dll

2012-12-23 18:59 . 2012-08-24 18:03 1448448 ----a-w- c:windowssystem32lsasrv.dll

2012-12-23 18:59 . 2012-08-24 16:57 247808 ----a-w- c:windowsSysWow64schannel.dll

2012-12-23 18:59 . 2012-08-24 16:57 22016 ----a-w- c:windowsSysWow64secur32.dll

2012-12-23 18:59 . 2012-08-24 16:57 220160 ----a-w- c:windowsSysWow64ncrypt.dll

2012-12-23 18:59 . 2012-08-24 16:53 96768 ----a-w- c:windowsSysWow64sspicli.dll

2012-12-22 08:00 . 2012-12-16 17:11 46080 ----a-w- c:windowssystem32atmlib.dll

2012-12-22 08:00 . 2012-12-16 14:13 34304 ----a-w- c:windowsSysWow64atmlib.dll

2012-12-22 08:00 . 2012-12-16 14:45 367616 ----a-w- c:windowssystem32atmfd.dll

2012-12-22 08:00 . 2012-12-16 14:13 295424 ----a-w- c:windowsSysWow64atmfd.dll

2012-12-19 00:38 . 2012-12-22 15:39 -------- d-----w- c:usersFlashAppDataRoamingvlc

2012-12-19 00:37 . 2012-12-24 03:01 -------- d-----w- c:program files (x86)VideoLAN

2012-12-15 05:27 . 2012-12-15 08:20 -------- d-----w- c:usersFlashDoctor Web

2012-12-15 05:05 . 2013-01-06 19:11 -------- d-----w- c:usersFlashAppDataRoamingIDM

2012-12-15 05:05 . 2012-12-15 05:05 -------- d-----w- c:program files (x86)Internet Download Manager

2012-12-15 00:36 . 2012-12-15 00:36 -------- d-----w- c:usersFlashAppDataRoamingMusicOasis

2012-12-15 00:34 . 2012-12-15 04:42 -------- d-sh--w- c:windowsSysWow64AI_RecycleBin

2012-12-14 22:19 . 2012-12-14 22:19 -------- d-----w- c:usersFlashAppDataRoamingHideIPEasy

2012-12-14 22:19 . 2012-12-14 22:19 -------- d-----w- c:programdataHideIPEasy

2012-12-14 22:18 . 2012-12-14 22:18 -------- d-----w- c:program files (x86)HideIPEasy

2012-12-14 07:52 . 2012-11-22 00:43 165112 ----a-w- c:windowssystem32driversidmwfp.sys

2012-12-13 09:49 . 2013-01-05 20:21 -------- d-----w- c:windowssystem32driversNISx641402000.013

2012-12-11 23:50 . 2012-12-11 23:50 16363960 ----a-w- c:windowsSysWow64FlashPlayerInstaller.exe

2012-12-11 21:14 . 2012-11-09 05:45 2048 ----a-w- c:windowssystem32tzres.dll

2012-12-11 21:14 . 2012-11-09 04:42 2048 ----a-w- c:windowsSysWow64tzres.dll

2012-12-11 21:14 . 2012-11-22 03:26 3149824 ----a-w- c:windowssystem32win32k.sys

2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:programdataPACE Anti-Piracy

2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:usersFlashAppDataRoamingPACE Anti-Piracy

2012-12-09 18:07 . 2012-12-09 18:07 -------- d-----w- c:usersFlashAppDataLocalPACE Anti-Piracy

2012-12-09 17:08 . 2012-12-09 17:08 -------- d-----w- c:program files (x86)My Company Name

2012-12-08 21:15 . 2012-12-11 21:02 -------- d-----w- c:windowssystem32driversNAVx641207010.003

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-31 17:03 . 2012-01-29 20:07 1081320 ----a-w- c:windowssystem32npdeployJava1.dll

2012-12-31 17:03 . 2011-08-25 04:38 959976 ----a-w- c:windowssystem32deployJava1.dll

2012-12-14 21:49 . 2011-11-25 04:38 24176 ----a-w- c:windowssystem32driversmbam.sys

2012-12-11 23:50 . 2012-04-02 16:15 697272 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-12-11 23:50 . 2011-11-09 03:11 73656 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-12-11 22:38 . 2011-11-09 02:12 67413224 ----a-w- c:windowssystem32MRT.exe

2012-11-19 11:46 . 2012-11-19 11:46 10 ----a-w- c:windowsFontswfonts.key

2012-11-14 15:33 . 2012-11-22 06:43 539984 ----a-w- c:windowssystem32EasyRedirect64.dll

2012-11-14 15:33 . 2012-11-22 06:43 380240 ----a-w- c:windowsSysWow64EasyRedirect.dll

2012-10-31 02:31 . 2011-12-10 16:59 165232 ---ha-w- c:usersFlashAppDataRoamingMicrosoftVirtual PCVPCKeyboard.dll

2012-10-18 03:05 . 2012-05-16 03:16 821736 ----a-w- c:windowsSysWow64npDeployJava1.dll

2012-10-18 03:05 . 2011-08-25 04:38 746984 ----a-w- c:windowsSysWow64deployJava1.dll

2012-10-16 08:38 . 2012-11-27 22:26 135168 ----a-w- c:windowsapppatchAppPatch64AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 22:26 350208 ----a-w- c:windowsapppatchAppPatch64AcLayers.dll

2012-10-16 07:39 . 2012-11-27 22:26 561664 ----a-w- c:windowsapppatchAcLayers.dll

2012-10-09 18:17 . 2012-11-15 22:37 55296 ----a-w- c:windowssystem32dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-15 22:37 226816 ----a-w- c:windowssystem32dhcpcore6.dll

2012-10-09 17:40 . 2012-11-15 22:37 44032 ----a-w- c:windowsSysWow64dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-15 22:37 193536 ----a-w- c:windowsSysWow64dhcpcore6.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 64792 ----a-w- c:program files (x86)Common FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"IDMan"="c:program files (x86)Internet Download ManagerIDMan.exe" [2012-12-15 3541008]

"ISUSPM Startup"="c:progra~2COMMON~1INSTAL~1UPDATE~1ISUSPM.exe" [2004-08-09 221184]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"HPOSD"="c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe" [2011-01-27 318520]

"PC Pitstop PC Matic Reminder"="c:program files (x86)PCPitstopPC MaticReminder-PCMatic.exe" [2012-11-15 325320]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Secunia PSI Tray.lnk - c:program files (x86)SecuniaPSIpsi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

"SoftwareSASGeneration"= 3 (0x3)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionwindows]

"RequireSignedAppInit_DLLs"=0 (0x0)

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionrun-]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe"

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" -atboottime

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

"HP Quick Launch"=c:program files (x86)Hewlett-PackardHP Quick LaunchHPMSGSVC.exe

"HPOSD"=c:program files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

"HP Software Update"=c:program files (x86)HpHP Software UpdateHPWuSchd2.exe

"IAStorIcon"=c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorIcon.exe

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe"

"BCSSync"="c:program files (x86)Microsoft OfficeOffice14BCSSync.exe" /DelayServices

"NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe"

"TkBellExe"="c:program files (x86)RealRealPlayerupdaterealsched.exe" -osboot

"UnlockerAssistant"="c:program files (x86)UnlockerUnlockerAssistant.exe"

.

R0 vmci;VMware VMCI Bus Driver;c:windowssystem32DRIVERSvmci.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R2 CrossLoopService;CrossLoop Service;c:usersFlashAppDataLocalCrossLoopCrossLoopService.exe [2012-01-06 569072]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:windowssystem32DRIVERSamppal.sys [2011-08-08 299008]

R3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:program filesIntelBluetoothHSBTHSAmpPalService.exe [2011-08-31 1166848]

R3 Andbus;LGE Android Platform Composite USB Device;c:windowssystem32DRIVERSlgandbus64.sys [2012-03-02 19456]

R3 AndDiag;LGE Android Platform USB Serial Port;c:windowssystem32DRIVERSlganddiag64.sys [2012-03-02 27648]

R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:windowssystem32DRIVERSlgandgps64.sys [2012-03-02 27136]

R3 ANDModem;LGE Android Platform USB Modem;c:windowssystem32DRIVERSlgandmodem64.sys [2012-03-02 34304]

R3 andnetadb;ADB Interface DriverNet;c:windowssystem32Driverslgandnetadb.sys [2012-03-07 31744]

R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:windowssystem32DRIVERSlgandnetdiag64.sys [2012-03-06 29184]

R3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:windowssystem32DRIVERSlgandnetgps64.sys [2012-03-06 28160]

R3 ANDNetModem;LGE AndroidNet USB Modem;c:windowssystem32DRIVERSlgandnetmodem64.sys [2012-03-06 36352]

R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:windowssystem32DRIVERSlgandnetndis64.sys [2012-03-06 93184]

R3 androidusb;ADB Interface Driver;c:windowssystem32Driverslgandadb.sys [2010-08-02 31744]

R3 BTCFilterService;USB Networking Driver Filter Service;c:windowssystem32DRIVERSmotfilt.sys [x]

R3 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:program filesIntelBluetoothHSBTHSSecurityMgr.exe [2011-06-03 134928]

R3 clwvd;CyberLink WebCam Virtual Driver;c:windowssystem32DRIVERSclwvd.sys [2010-07-28 31088]

R3 evserial;Virtual Serial Ports Driver (Eltima Softwate);c:windowssystem32DRIVERSevserial.sys [2010-04-19 67072]

R3 ezSharedSvc;Easybits Services for Windows;c:windowsSystem32ezSharedSvcHost.exe [x]

R3 FPLService;TrueSuiteService;c:program files (x86)HP SimplePass 2011TrueSuiteService.exe [2011-08-25 260424]

R3 HP Support Assistant Service;HP Support Assistant Service;c:program files (x86)Hewlett-PackardHP Support Frameworkhpsa_service.exe [2012-09-27 86528]

R3 HPClientSvc;HP Client Services;c:program filesHewlett-PackardHP Client ServicesHPClientServices.exe [2010-10-11 346168]

R3 hpsrv;HP Service;c:windowssystem32Hpservice.exe [2011-05-13 30520]

R3 HPWMISVC;HPWMISVC;c:program files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe [2012-03-05 35200]

R3 HTCAND64;HTC Device Driver;c:windowssystem32DriversANDROIDUSB.sys [2009-11-02 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:windowssystem32DRIVERShtcnprot.sys [2010-06-25 36928]

R3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);c:windowssystem32DRIVERSHtcUsbMdmV64.sys [2011-11-12 111616]

R3 HtcVCom32;HTC Diagnostic Port;c:windowssystem32DRIVERSHtcVComV64.sys [2009-07-30 118872]

R3 HW_VSP3s_Service;HW Virtual Serial Port (single);c:program files (x86)HW groupHW VSP3sHW_VSP3s_srv.exe [2010-04-20 498968]

R3 IconMan_R;IconMan_R;c:program files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe [2011-11-24 2413056]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:windowssystem32driversintelaud.sys [2011-05-17 34200]

R3 ipMIDI;nerds.de ipMIDI - Ethernet Midi Ports SvcDesc(WDM);c:windowssystem32driversipmidi.sys [2011-05-15 23040]

R3 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:program files (x86)IntelServicesIPTjhi_service.exe [2011-09-28 212944]

R3 Macro Expert;Macro Expert;c:program files (x86)grasssoftmouse recorderMacroService.exe [2012-02-10 369152]

R3 motandroidusb;Mot ADB Interface Driver;c:windowssystem32Driversmotoandroid.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:windowssystem32DRIVERSmotccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:windowssystem32DRIVERSmotccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:windowssystem32DRIVERSMotousbnet.sys [x]

R3 PassThru Service;Internet Pass-Through Service;c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [2011-09-15 88576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:windowssystem32driversrdpvideominiport.sys [2012-08-23 19456]

R3 Revoflt;Revoflt;c:windowssystem32DRIVERSrevoflt.sys [2009-12-30 31800]

R3 RoxioNow Service;RoxioNow Service;c:program files (x86)RoxioRoxioNow PlayerRNowSvc.exe [2010-11-26 399344]

R3 ScrybeUpdater;Scrybe Updater;c:program files (x86)SynapticsScrybeServiceScrybeUpdater.exe [2011-05-27 1300264]

R3 SkypeUpdate;Skype Updater;c:program files (x86)SkypeUpdaterUpdater.exe [2012-07-13 160944]

R3 SrvHsfHDA;SrvHsfHDA;c:windowssystem32DRIVERSVSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:windowssystem32DRIVERSVSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:windowssystem32DRIVERSVSTCNXT6.SYS [2009-06-10 740864]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:windowssystem32DRIVERSssadbus.sys [2010-05-25 125416]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:windowssystem32DRIVERSssadmdfl.sys [2010-05-25 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:windowssystem32DRIVERSssadmdm.sys [2010-05-25 159208]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:windowssystem32DRIVERSssadserd.sys [2010-05-25 126952]

R3 Synth3dVsc;Synth3dVsc;c:windowssystem32driverssynth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:windowssystem32driverstsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:windowssystem32driversTsUsbGD.sys [2012-08-23 30208]

R3 tsusbhub;tsusbhub;c:windowssystem32driverstsusbhub.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:program filesIntelTurboBoostTurboBoost.exe [2010-11-29 149504]

R3 tvnserver;TightVNC Server;c:usersFlashAppDataLocalCrossLooptvnserver.exe [2010-07-21 814080]

R3 UNS;Intel® Management and Security Application User Notification Service;c:program files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe [2010-12-22 2656280]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2012-07-09 52736]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:windowssystem32DRIVERSVBoxNetAdp.sys [2012-06-05 147288]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:windowssystem32DRIVERSVBoxNetFlt.sys [x]

R3 VGPU;VGPU;c:windowssystem32driversrdvgkmd.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:windowssystem32DRIVERSvpcuxd.sys [2010-11-20 16384]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:program files (x86)Microsoft Visual Studio 10.0Team ToolsPerformance Toolsx64VSPerfDrv100.sys [2011-01-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2011-11-09 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:windowssystem32DRIVERSRsFx0105.sys [2011-09-23 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:program filesMicrosoft SQL ServerMSSQL10.SQLEXPRESSMSSQLBinnSQLAGENT.EXE [2011-09-23 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:program filesWindows LiveMeshwlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2011-11-03 56208]

S1 c2scsi64;c2scsi64;c:windowssystem32DRIVERSc2scsi64.sys [2011-07-20 167920]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:program filesIntelWiMAXBinDMAgent.exe [2011-06-14 498688]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:program files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IDMWFP;IDMWFP;c:windowssystem32DRIVERSidmwfp.sys [2012-11-22 165112]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:program files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe [2012-08-23 13672]

S2 MBAMScheduler;MBAMScheduler;c:program files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2012-12-14 682344]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:program files (x86)PCPitstopPCPitstopScheduleService.exe [2012-11-15 86216]

S2 Secunia PSI Agent;Secunia PSI Agent;c:program files (x86)SecuniaPSIPSIA.exe [2011-10-14 994360]

S2 SentinelKeysServer;Sentinel Keys Server;c:program files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe [2006-08-22 316992]

S2 TeamViewer7;TeamViewer 7;c:program files (x86)TeamViewerVersion7TeamViewer_Service.exe [2012-07-16 2673064]

S2 TurboB;Turbo Boost UI Monitor driver;c:windowssystem32DRIVERSTurboB.sys [2010-11-29 16120]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:program filesIntelWiMAXBinAppSrv.exe [2011-06-14 986112]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:windowssystem32DRIVERSAMPPAL.sys [2011-08-08 299008]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:windowssystem32DRIVERSbpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:windowssystem32DRIVERSbpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:windowssystem32Driversbpusb.sys [2011-05-19 83968]

S3 IntcDAud;Intel® Display Audio;c:windowssystem32DRIVERSIntcDAud.sys [2010-10-15 317440]

S3 iwdbus;IWD Bus Enumerator;c:windowssystem32DRIVERSiwdbus.sys [2011-05-17 25496]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [2012-12-14 24176]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:windowssystem32DRIVERSnusb3hub.sys [2011-11-24 91648]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:windowssystem32DRIVERSnusb3xhc.sys [2011-11-24 208896]

S3 pcouffin;VSO Software pcouffin;c:windowssystem32Driverspcouffin.sys [2012-06-05 82816]

S3 PSI;PSI;c:windowssystem32DRIVERSpsi_mf.sys [2010-09-01 17976]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:windowssystem32DRIVERSRtsPStor.sys [2011-11-24 338536]

S3 RTL8167;Realtek 8167 NT Driver;c:windowssystem32DRIVERSRt64win7.sys [2011-02-17 428136]

S3 Secunia Update Agent;Secunia Update Agent;c:program files (x86)SecuniaPSIsua.exe [2011-10-14 399416]

S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);c:windowssystem32DRIVERSevsbc.sys [2010-04-19 32768]

S3 wdkmd;Intel WiDi KMD;c:windowssystem32DRIVERSWDKMD.sys [2011-05-17 42392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-01-06 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-02 23:50]

.

2013-01-05 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000Core.job

- c:usersFlashAppDataLocalFacebookUpdateFacebookUpdate.exe [2011-12-03 19:42]

.

2013-01-06 c:windowsTasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000UA.job

- c:usersFlashAppDataLocalFacebookUpdateFacebookUpdate.exe [2011-12-03 19:42]

.

2013-01-06 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-12-20 09:57]

.

2013-01-06 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-12-20 09:57]

.

2012-12-11 c:windowsTasksHPCeeScheduleForFLASH-HP$.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]

.

2013-01-04 c:windowsTasksHPCeeScheduleForFlash.job

- c:program files (x86)Hewlett-PackardHP CeementHPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}]

2011-06-13 14:20 75544 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:usersFlashAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersIDM Shell Extension]

@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"

[HKEY_CLASSES_ROOTCLSID{CDC95B92-E27C-4745-A8C5-64A52A78855D}]

2012-11-15 23:07 23496 ----a-w- c:program files (x86)Internet Download ManagerIDMShellExt64.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2011-10-14 2837288]

"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2012-01-04 1425408]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2011-04-15 168216]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://websearch.soft-quick.info/

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyServer = http=;ftp=;https=;

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200

IE: Download all links with IDM - c:program files (x86)Internet Download ManagerIEGetAll.htm

IE: Download with IDM - c:program files (x86)Internet Download ManagerIEExt.htm

IE: E&xport to Microsoft Excel - c:progra~2MICROS~1Office14EXCEL.EXE/3000

IE: Se&nd to OneNote - c:progra~2MICROS~1Office14ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.default

FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=

FF - prefs.js: browser.search.selectedEngine - WebSearch

FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/

FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=

FF - prefs.js: network.proxy.gopher -

FF - prefs.js: network.proxy.gopher_port - 0

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-14 17:19; support@easy-hideip.com; c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionssupport@easy-hideip.com.xpi

FF - ExtSQL: 2012-12-15 00:05; mozilla_cc@internetdownloadmanager.com; c:usersFlashAppDataRoamingIDMidmmzcc5

FF - ExtSQL: 2012-12-31 12:10; 50e1c70664f41@50e1c70664f7a.com; c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.com

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:program files (x86)uTorrentuTorrent.exe

AddRemove-EasyBits Magic Desktop - c:windowssystem32ezMDUninstall.exe

AddRemove-SP_a8235b05 - c:program files (x86)SoftQuickuninstall.exe

AddRemove-SP_e14dcdfa - c:program files (x86)ContinueToSaveuninstall.exe

AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:programdatacontinuetosaveuninstall.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:program files (x86)InstallShield Installation Information{EE202411-2C26-49E8-9784-1BC1DBF7DE96}setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApproved Extensions]

@Denied: (2) (LocalSystem)

"{0055C089-8582-441B-A0BF-17B458C2A3A8}"=hex:51,66,7a,6c,4c,1d,38,12,e7,c3,46,

04,b0,cb,75,01,df,a9,54,f4,5d,9c,e7,bc

"{11111111-1111-1111-1111-110011431152}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,

15,23,5f,7f,54,6e,07,52,40,14,1d,55,46

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,

36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8590886E-EC8C-43C1-A32C-E4C2B0B6395B}"=hex:51,66,7a,6c,4c,1d,38,12,00,8b,83,

81,be,a2,af,06,dc,3a,a7,82,b5,e8,7d,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{DDA57003-0068-4ED2-9D32-4D1EC707D94D}"=hex:51,66,7a,6c,4c,1d,38,12,6d,73,b6,

d9,5a,4e,bc,0b,e2,24,0e,5e,c2,59,9d,59

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{5802D092-1784-4908-8CDB-99B6842D353D}"=hex:51,66,7a,6c,4c,1d,38,12,fc,d3,11,

5c,b6,59,66,0c,f3,cd,da,f6,81,73,71,29

.

[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:c5,e5,4a,6b,cd,9c,cd,01

.

[HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{2c407552-dd87-45fc-8342-1be7ec27725e}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"Model"=dword:000000ab

"Therad"=dword:0000001c

"SpecVersion"=dword:0000015b

"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,

1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,

.

[HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):79,be,d7,07,39,58,96,02,0c,14,84,83,25,5d,ff,72,9a,08,20,30,0c,

f5,34,49,84,0d,2f,59,c6,5f,6e,72,1e,ca,19,30,a6,9c,f7,43,00,00,00,00,00,00,

.

[HKEY_USERSS-1-5-21-2238281131-119592130-1704958914-1000_ClassesWow6432NodeCLSID{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]

@Denied: (Full) (Everyone)

@Allowed: (Read) (RestrictedCode)

"scansk"=hex(0):89,fe,96,3d,99,3b,62,91,4c,af,46,ba,d1,70,4d,64,1b,11,00,a6,cf,

af,58,8f,6e,74,cf,c5,9c,bb,2b,e3,58,cb,5e,ea,9f,66,02,1a,00,00,00,00,00,00,

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINEsoftwareClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINEsoftwareWow6432NodeMicrosoftSchema LibraryActionsPane30]

"Key"="ActionsPane3"

"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0002AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0003AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0004AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0005AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0006AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0007AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINEsystemControlSet002ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2013-01-06 14:48:08

ComboFix-quarantined-files.txt 2013-01-06 19:48

ComboFix2.txt 2012-12-31 06:05

ComboFix3.txt 2012-12-26 02:55

.

Pre-Run: 345,790,226,432 bytes free

Post-Run: 346,911,227,904 bytes free

.

- - End Of File - - EBBD2E1998304CD690EC36ECE110FF52

Share this post


Link to post
Share on other sites

Good. One more script:

 

COMBOFIX-Script

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    DDS:
    mStart Page = hxxp://websearch.soft-quick.info/
    
    
    Firefox::
    FF - ProfilePath - c:usersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.default
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://websearch.soft-quick.info/
    FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

 

 

Also... how are things running? Are you still getting BSOD's?

Share this post


Link to post
Share on other sites

OK... let's do it this way:

 

Double click on OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Processes

:OTL
FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.sof...k.info/?l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://websearch.sof...ft-quick.info/"
FF - prefs.js..keyword.URL: "http://websearch.sof...k.info/?l=1&q="
FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll ()
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:Program Files (x86)RelevantKnowledge
[2012/12/31 12:08:50 | 000,000,000 | ---D | M] (continuetosave) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.com
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://websearch.soft-quick.info/
IE - HKCU..SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00064d4da5dab0f
IE - HKCU..SearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://websearch.soft-quick.info/


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL log.

 

Then... please run a new scan with OTL (it will only produce one log) and post it.

Share this post


Link to post
Share on other sites

here is the first log:

 

All processes killed

========== PROCESSES ==========

========== OTL ==========

Prefs.js: "WebSearch" removed from browser.search.defaultenginename

Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S

Prefs.js: "" removed from browser.search.defaultthis.engineName

Prefs.js: "http://websearch.sof...k.info/?l=1&q=" removed from browser.search.defaulturl

Prefs.js: "WebSearch" removed from browser.search.order.1

Prefs.js: S", "WebSearch" removed from browser.search.order.1,S

Prefs.js: "WebSearch" removed from browser.search.selectedEngine

Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S

Prefs.js: "http://websearch.sof...ft-quick.info/" removed from browser.startup.homepage

Prefs.js: "http://websearch.sof...k.info/?l=1&q=" removed from keyword.URL

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0 not found.

File C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered1NP_wtapp.dll not found.

Registry value HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB} not found.

File C:Program Files (x86)RelevantKnowledge not found.

C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.comcontent folder moved successfully.

C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions50e1c70664f41@50e1c70664f7a.com folder moved successfully.

HKCUSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} not found.

Registry key HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerSearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} not found.

HKLMSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Flash

->Temp folder emptied: 652971 bytes

->Temporary Internet Files folder emptied: 6451539 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 25774041 bytes

->Flash cache emptied: 3830 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 53958 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 31.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 01092013_001042

 

FilesFolders moved on Reboot...

C:UsersFlashAppDataLocalTempHP Support FrameworkHPSF_Config1.dll moved successfully.

C:UsersFlashAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

C:Windowstempfla359F.tmp moved successfully.

C:Windowstempfla4210.tmp moved successfully.

C:Windowstempfla804E.tmp moved successfully.

FileFolder C:WindowstempflaA51E.tmp not found!

C:WindowstempflaC2BD.tmp moved successfully.

C:WindowstempflaD313.tmp moved successfully.

File move failed. C:Windowstempgnserv.dat scheduled to be moved on reboot.

File move failed. C:Windowstempspserv.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

---------------------

 

and here is the second log:

 

OTL logfile created on: 1/9/2013 12:30:10 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:UsersFlashDesktopComp fixing stuff

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

6.70 Gb Total Physical Memory | 4.71 Gb Available Physical Memory | 70.26% Memory free

13.40 Gb Paging File | 11.34 Gb Available in Paging File | 84.61% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 681.46 Gb Total Space | 323.56 Gb Free Space | 47.48% Space Free | Partition Type: NTFS

Drive G: | 16.88 Gb Total Space | 9.04 Gb Free Space | 53.57% Space Free | Partition Type: NTFS

 

Computer Name: FLASH-HP | User Name: Flash | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/01/02 23:20:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:UsersFlashDesktopComp fixing stuffOTL.exe

PRC - [2012/12/14 23:49:58 | 003,541,008 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIDMan.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe

PRC - [2012/12/12 08:44:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:Program Files (x86)Internet Download ManagerIEMonitor.exe

PRC - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe

PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe

PRC - [2012/07/16 09:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7TeamViewer.exe

PRC - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe

PRC - [2012/07/16 09:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:Program Files (x86)TeamViewerVersion7tv_w32.exe

PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:UsersFlashAppDataLocalCrossLoopCrossLoopService.exe

PRC - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:Program Files (x86)SecuniaPSIpsia.exe

PRC - [2011/10/14 01:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:Program Files (x86)SecuniaPSIpsi_tray.exe

PRC - [2011/06/01 17:57:16 | 000,561,984 | ---- | M] (Apple Inc.) -- C:Program Files (x86)Apple Software UpdateSoftwareUpdate.exe

PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe

PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:Program Files (x86)CyberLinkYouCamYCMMirage.exe

PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe

PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- .globalrootsystemrootsvchost.exe

PRC - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe

PRC - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2012/05/15 11:54:16 | 000,070,536 | ---- | M] () -- C:Program FilesTortoiseSVNbinlibsasl32.dll

MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14CulturesOFFICE.ODF

MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:Program Files (x86)Microsoft OfficeOffice141033GrooveIntlResource.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:Program FilesMicrosoft Security ClientNisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientMsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/08/31 18:08:08 | 001,166,848 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program FilesIntelBluetoothHSBTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/06/14 12:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:Program FilesIntelWiMAXBinDMAgent.exe -- (DMAgent)

SRV:64bit: - [2011/06/14 12:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:Program FilesIntelWiMAXBinAppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2011/06/03 12:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:Program FilesIntelBluetoothHSBTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:WindowsSysNativehpservice.exe -- (hpsrv)

SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:Program FilesIntelTurboBoostTurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:Program FilesHewlett-PackardHP Client ServicesHPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:Program FilesWindows LiveMeshwlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:WindowsSysNativeappmgmts.dll -- (AppMgmt)

SRV - [2013/01/08 16:50:27 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/08 16:31:27 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamscheduler.exe -- (MBAMScheduler)

SRV - [2012/11/15 13:57:20 | 000,086,216 | ---- | M] (PC Pitstop LLC) [Auto | Running] -- C:Program Files (x86)PCPitstopPCPitstopScheduleService.exe -- (PCPitstop Scheduling)

SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:Program Files (x86)Hewlett-PackardHP Support FrameworkHPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesIntuitUpdate Service v4IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/16 09:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:Program Files (x86)SkypeUpdaterUpdater.exe -- (SkypeUpdate)

SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:Program Files (x86)Hewlett-PackardHP Quick LaunchHPWMISVC.exe -- (HPWMISVC)

SRV - [2012/02/09 21:53:16 | 000,369,152 | ---- | M] (Grass Software) [On_Demand | Stopped] -- c:Program Files (x86)GrassSoftMouse RecorderMacroService.exe -- (Macro Expert)

SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:UsersFlashAppDataLocalCrossLoopCrossLoopService.exe -- (CrossLoopService)

SRV - [2011/11/24 15:43:17 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [On_Demand | Stopped] -- C:Program Files (x86)RealtekRealtek PCIE Card ReaderRIconMan.exe -- (IconMan_R)

SRV - [2011/10/14 01:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:Program Files (x86)SecuniaPSIpsia.exe -- (Secunia PSI Agent)

SRV - [2011/10/14 01:01:48 | 000,399,416 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:Program Files (x86)SecuniaPSIsua.exe -- (Secunia Update Agent)

SRV - [2011/09/28 15:18:02 | 000,212,944 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelServicesIPTjhi_service.exe -- (jhi_service)

SRV - [2011/09/15 11:06:04 | 000,088,576 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe -- (PassThru Service)

SRV - [2011/08/25 05:30:52 | 000,260,424 | ---- | M] (HP) [On_Demand | Stopped] -- C:Program Files (x86)HP SimplePass 2011TrueSuiteService.exe -- (FPLService)

SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)SynapticsScrybeServiceScrybeUpdater.exe -- (ScrybeUpdater)

SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel® Rapid Storage TechnologyIAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/12/22 15:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsUNSUNS.exe -- (UNS)

SRV - [2010/12/22 15:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:Program Files (x86)IntelIntel® Management Engine ComponentsLMSLMS.exe -- (LMS)

SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [On_Demand | Stopped] -- C:Program Files (x86)RoxioRoxioNow PlayerRNowSvc.exe -- (RoxioNow Service)

SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:UsersFlashAppDataLocalCrossLooptvnserver.exe -- (tvnserver)

SRV - [2010/04/20 11:34:00 | 000,498,968 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)HW groupHW VSP3sHW_VSP3s_srv.exe -- (HW_VSP3s_Service)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Yahoo!SoftwareUpdateYahooAUService.exe -- (YahooAUService)

SRV - [2006/09/20 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Protection ServerWinNTspnsrvnt.exe -- (SentinelProtectionServer)

SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:Program Files (x86)Common FilesSafeNet SentinelSentinel Keys Serversntlkeyssrvr.exe -- (SentinelKeysServer)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:WindowsSysNativedriversmbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/06 12:11:40 | 011,518,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversNetwsw00.sys -- (NETwNs64)

DRV:64bit: - [2012/11/21 19:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativedriversidmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversNisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversrdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversTsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversTsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversGEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversusbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/06/05 16:04:14 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriverspcouffin.sys -- (pcouffin)

DRV:64bit: - [2012/06/05 15:03:52 | 000,147,288 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2012/03/07 02:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetadb.sys -- (andnetadb)

DRV:64bit: - [2012/03/06 06:17:00 | 000,093,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetndis64.sys -- (andnetndis)

DRV:64bit: - [2012/03/06 06:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetmodem64.sys -- (ANDNetModem)

DRV:64bit: - [2012/03/06 06:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetdiag64.sys -- (AndNetDiag)

DRV:64bit: - [2012/03/06 06:04:00 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandnetgps64.sys -- (AndNetGps)

DRV:64bit: - [2012/03/02 15:02:00 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandmodem64.sys -- (ANDModem)

DRV:64bit: - [2012/03/02 15:02:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslganddiag64.sys -- (AndDiag)

DRV:64bit: - [2012/03/02 15:02:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandgps64.sys -- (AndGps)

DRV:64bit: - [2012/03/02 15:02:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandbus64.sys -- (Andbus)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:WindowsSysNativedriversfs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/04 00:37:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversstwrt64.sys -- (STHDA)

DRV:64bit: - [2011/11/24 15:43:17 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2011/11/24 15:40:48 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/11/24 15:40:48 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversnusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/11/12 13:05:48 | 000,111,616 | ---- | M] (HTC Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHtcUsbMdmV64.sys -- (HtcUsbMdmV64)

DRV:64bit: - [2011/11/03 03:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversPxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversSynTP.sys -- (SynTP)

DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:WindowsSysNativedriversRsFx0105.sys -- (RsFx0105)

DRV:64bit: - [2011/08/24 23:09:36 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsata.sys -- (amdsata)

DRV:64bit: - [2011/08/24 23:09:36 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:WindowsSysNativedriversamdxata.sys -- (amdxata)

DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversAmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/08/08 07:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversAmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/07/20 09:50:42 | 000,167,920 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:WindowsSysNativedriversC2SCSI64.SYS -- (c2scsi64)

DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativedriversiaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/19 15:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpmp.sys -- (bpmp)

DRV:64bit: - [2011/05/19 15:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpusb.sys -- (bpusb)

DRV:64bit: - [2011/05/19 15:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversbpenum.sys -- (bpenum)

DRV:64bit: - [2011/05/17 11:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversWDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/05/17 11:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversiwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/05/17 11:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversintelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/05/15 06:16:44 | 000,023,040 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversipmidi.sys -- (ipMIDI)

DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:WindowsSysNativedrivershpdskflt.sys -- (hpdskflt)

DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversAccelerometer.sys -- (Accelerometer)

DRV:64bit: - [2011/04/15 18:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversigdkmd64.sys -- (igfx)

DRV:64bit: - [2011/04/09 11:42:56 | 000,013,824 | ---- | M] (nerds.de) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversloopbe1.sys -- (LoopBeMidi1)

DRV:64bit: - [2011/02/16 20:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativedriversTurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 22:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:WindowsSysNativedriversrmcast.sys -- (RMCAST)

DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriverssdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativedriversvpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 08:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversvpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 06:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversvpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 06:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversvpcuxd.sys -- (vpcuxd)

DRV:64bit: - [2010/11/20 06:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:WindowsSysNativedriversvpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversHECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversIntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/09/01 03:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:WindowsSysNativedriverspsi_mf.sys -- (PSI)

DRV:64bit: - [2010/08/02 15:19:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslgandadb.sys -- (androidusb)

DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversclwvd.sys -- (clwvd)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedrivershtcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/05/25 02:59:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadmdm.sys -- (ssadmdm)

DRV:64bit: - [2010/05/25 02:59:24 | 000,126,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadserd.sys -- (ssadserd)

DRV:64bit: - [2010/05/25 02:59:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadbus.sys -- (ssadbus)

DRV:64bit: - [2010/05/25 02:59:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversssadmdfl.sys -- (ssadmdfl)

DRV:64bit: - [2010/04/19 12:53:24 | 000,067,072 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversevserial.sys -- (evserial)

DRV:64bit: - [2010/04/19 12:53:24 | 000,032,768 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversevsbc.sys -- (VSBC)

DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:WindowsSysNativedriversrevoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversnetr28ux.sys -- (netr28ux)

DRV:64bit: - [2009/07/30 18:50:24 | 000,118,872 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversHtcVComV64.sys -- (HtcVCom32)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversamdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriverslsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversstexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversWSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversusb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversVSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversnvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversBCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversevbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversbxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedriversb57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativedrivershcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversmcdbus.sys -- (mcdbus)

DRV:64bit: - [2005/06/14 12:01:16 | 000,296,448 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Stopped] -- C:WindowsSysNativedrivershardlock.sys -- (Hardlock)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:WindowsSysWOW64driverswimmount.sys -- (WIMMount)

DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysWOW64driversmcdbus.sys -- (mcdbus)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE:64bit: - HKLM..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms}

IE:64bit: - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

IE:64bit: - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE:64bit: - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE:64bit: - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE:64bit: - HKLM..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page =

IE - HKLM..SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKLM..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

IE - HKLM..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKLM..SearchScopes{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sof...q={searchTerms}

IE - HKLM..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKLM..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKLM..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page =

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,Default_Search_URL = http://www.google.com/ie

IE - HKCUSOFTWAREMicrosoftInternet ExplorerSearch,SearchAssistant = http://www.google.com/ie

IE - HKCU..SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

IE - HKCU..SearchScopes{00628C0F-DE35-4EF3-A359-BCB0FBA65666}: "URL" = http://fileservehome...d0ebdab57409c87

IE - HKCU..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU..SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F5-1E458EA419B3

IE - HKCU..SearchScopes{1EB84FA8-532B-4934-AD17-74C076770809}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU..SearchScopes{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF

IE - HKCU..SearchScopes{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.bing.com/...UGO&form=ZGAIDF

IE - HKCU..SearchScopes{54D797F8-43EE-40B1-B043-D1D1569183FD}: "URL" = http://www.google.co...ie=utf8&oe=utf8

IE - HKCU..SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear

IE - HKCU..SearchScopes{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.se...t=kwd&qsrc=2869

IE - HKCU..SearchScopes{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF

IE - HKCU..SearchScopes{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

IE - HKCU..SearchScopes{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU..SearchScopes{FC9FA277-ECDA-42EA-B54A-BB6512172A89}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyServer" = http=;ftp=;https=;

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..extensions.enabledAddons: support%40easy-hideip.com:1.0

FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.31

FF - prefs.js..extensions.enabledAddons: fbphotozoom%40installdaddy.com:1.4

FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145

FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.19.2

FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a2

 

 

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:Windowssystem32MacromedFlashNPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program FilesDivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.10.2: C:Windowssystem32npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.10.2: C:Program FilesJavajre7binplugin2npjp2.dll (Oracle Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~1MICROS~2Office14NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLMSoftwareMozillaPluginsadobe.com/AdobeAAMDetect: C:Program Files (x86)Common FilesAdobeOOBEPDAppCCMUtilitiesnpAdobeAAMDetect64.dll File not found

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32_11_5_502_146.dll ()

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=: File not found

FF - HKLMSoftwareMozillaPlugins@Apple.com/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - HKLMSoftwareMozillaPlugins@divx.com/DivX Browser Plugin,version=1.0.0: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll (DivX, LLC)

FF - HKLMSoftwareMozillaPlugins@divx.com/DivX VOD Helper,version=1.0.0: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll (DivX, LLC.)

FF - HKLMSoftwareMozillaPlugins@Google.com/GoogleEarthPlugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll (Google)

FF - HKLMSoftwareMozillaPlugins@google.com/npPicasa3,version=3.0.0: C:Program Files (x86)GooglePicasa3npPicasa3.dll (Google, Inc.)

FF - HKLMSoftwareMozillaPlugins@intel-webapi.intel.com/Intel WebAPI ipt;version=1.2.22: C:Program Files (x86)IntelServicesIPTnpIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLMSoftwareMozillaPlugins@intel-webapi.intel.com/Intel WebAPI updater: C:Program Files (x86)IntelServicesIPTnpIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: C:Windowssystem32WatnpWatWeb.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/OfficeAuthz,version=14.0: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/SharePoint,version=14.0: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3555.0308: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=15.0.4.53: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpplugin;version=15.0.4.53: C:Program Files (x86)RealRealPlayerNetscape6nprpplugin.dll (RealPlayer)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.123npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKLMSoftwareMozillaPluginsadobe.com/AdobeExManDetect: C:Program Files (x86)AdobeAdobe Extension Manager CS6npAdobeExManDetectX86.dll File not found

FF - HKCUSoftwareMozillaPlugins@Skype Limited.com/Facebook Video Calling Plugin: C:UsersFlashAppDataLocalFacebookVideoSkypenpFacebookVideoCalling.dll (Skype Limited)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaAurora 19.0a2extensionsComponents: C:Program Files (x86)Auroracomponents [2013/01/09 00:28:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaAurora 19.0a2extensionsPlugins: C:Program Files (x86)Auroraplugins

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsfbphotozoom@installdaddy.com: C:Program Files (x86)fbphotozoomfbphotozoom14.xpi [2012/03/17 23:06:24 | 000,102,505 | ---- | M] ()

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2012/05/15 23:48:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:Program Files (x86)DivXDivX Plus Web PlayerfirefoxDivXHTML5 [2012/07/19 01:39:20 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersFlashAppDataRoamingIDMidmmzcc5 [2012/12/15 00:05:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USERsoftwaremozillaSeaMonkeyExtensionsmozilla_cc@internetdownloadmanager.com: C:UsersFlashAppDataRoamingIDMidmmzcc5 [2012/12/15 00:05:38 | 000,000,000 | ---D | M]

 

[2011/11/08 22:02:15 | 000,000,000 | ---D | M] (No name found) -- C:UsersFlashAppDataRoamingMozillaExtensions

[2013/01/09 00:27:16 | 000,000,000 | ---D | M] (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions

[2012/11/30 16:47:08 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2012/12/25 13:28:17 | 000,000,000 | ---D | M] (HP Detect) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions{ab91efd4-6975-4081-8552-1b3922ed79e2}

[2012/09/05 19:24:26 | 000,005,156 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensions5047ed063d883@5047ed063d8bc.info.xpi

[2012/12/14 17:19:50 | 000,004,545 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionssupport@easy-hideip.com.xpi

[2013/01/09 00:27:16 | 000,615,656 | ---- | M] () (No name found) -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultextensionstestpilot@labs.mozilla.com.xpi

[2012/12/14 17:19:21 | 000,002,578 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginsaskcom.xml

[2012/12/15 00:07:18 | 000,002,531 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginssafesearch.xml

[2011/11/24 12:57:19 | 000,003,915 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginssweetim.xml

[2012/12/31 12:08:13 | 000,000,553 | ---- | M] () -- C:UsersFlashAppDataRoamingMozillaFirefoxProfilestxknz5s1.defaultsearchpluginsWebSearch.xml

[2013/01/09 00:26:43 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/11/08 22:50:58 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:Program Files (x86)Mozilla Firefoxextensionswebsitelogon@truesuite.com

[2012/07/19 01:39:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:PROGRAM FILES (X86)DIVXDIVX PLUS WEB PLAYERFIREFOXDIVXHTML5

[2012/03/17 23:06:24 | 000,102,505 | ---- | M] () (No name found) -- C:PROGRAM FILES (X86)FBPHOTOZOOMFBPHOTOZOOM14.XPI

[2012/12/15 00:05:38 | 000,000,000 | ---D | M] (IDM CC) -- C:USERSFLASHAPPDATAROAMINGIDMIDMMZCC5

[2012/05/15 23:47:59 | 000,129,144 | ---- | M] (RealPlayer) -- C:Program Files (x86)mozilla firefoxpluginsnprpplugin.dll

 

========== Chrome ==========

 

CHR - homepage: http://websearch.soft-quick.info/

 

O1 HOSTS File: ([2013/01/06 14:38:14 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll (Oracle Corporation)

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:Program Files (x86)HP SimplePass 2011x64IEBHO.dll (HP)

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll (Oracle Corporation)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:Program Files (x86)Internet Download ManagerIDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:Program Files (x86)DivXDivX Plus Web PlayerieDivXHTML5DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)Javajre7binssv.dll (Oracle Corporation)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:Program Files (x86)HP SimplePass 2011IEBHO.dll (HP)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre7binjp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll (Hewlett-Packard)

O3 - HKCU..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..Run: [sysTrayApp] C:Program FilesIDTWDMsttray64.exe (IDT, Inc.)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [HPOSD] C:Program Files (x86)Hewlett-PackardHP On Screen DisplayHPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..Run: [PC Pitstop PC Matic Reminder] C:Program Files (x86)PCPitstopPC MaticReminder-PCMatic.exe (PC Pitstop LLC)

O4 - HKCU..Run: [iDMan] C:Program Files (x86)Internet Download ManagerIDMan.exe (Tonec Inc.)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: EnableShellExecuteHooks = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: HideFastUserSwitching = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: SoftwareSASGeneration = 3

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableLockWorkstation = 0

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: DisableChangePassword = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:Windowssystem32GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:WindowsSysWow64GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Download all links with IDM - C:Program Files (x86)Internet Download ManagerIEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:Program Files (x86)Internet Download ManagerIEExt.htm ()

O9 - Extra Button: @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckHPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:Program Files (x86)Hewlett-PackardHP Support FrameworkResourcesHPNetworkCheckNCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:Program Files (x86)Paltalk Messengerpaltalk.exe (AVM Software Inc.)

O9 - Extra Button: @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:Program Files (x86)EvernoteEvernoteResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:Program Files (x86)EvernoteEvernoteEvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{EE314222-51BA-4483-9C9D-13CB37D068D6}: DhcpNameServer = 192.168.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{F95E5F27-023F-46B2-A91E-51AFCA0379D3}: DhcpNameServer = 209.18.47.61 209.18.47.62

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/01/09 00:43:17 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsiTunes

[2013/01/09 0

Edited by flash0429

Share this post


Link to post
Share on other sites

[2012/12/27 02:37:36 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/12/27 02:37:36 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/12/25 21:55:27 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/12/25 14:39:34 | 000,000,000 | ---D | C] -- C:Program Files (x86)sp59755

[2012/12/25 14:01:41 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestapi64.dll

[2012/12/25 13:43:31 | 000,535,552 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativedriversstwrt64.sys

[2012/12/25 13:43:30 | 000,448,512 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestcplx64.dll

[2012/12/25 13:43:29 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:WindowsSysNativestapo64.dll

[2012/12/25 13:43:21 | 000,000,000 | ---D | C] -- C:Program FilesIDT

[2012/12/23 14:28:56 | 000,000,000 | ---D | C] -- C:ProgramDataAsk

[2012/12/23 14:00:07 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeRdpGroupPolicyExtension.dll

[2012/12/23 14:00:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbRedirectionGroupPolicyExtension.dll

[2012/12/23 14:00:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbRedirectionGroupPolicyControl.exe

[2012/12/23 14:00:05 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversTsUsbFlt.sys

[2012/12/23 14:00:05 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversTsUsbGD.sys

[2012/12/23 14:00:05 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedriversrdpvideominiport.sys

[2012/12/23 14:00:01 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstsc.exe

[2012/12/23 14:00:01 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstsc.exe

[2012/12/23 14:00:01 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewksprt.exe

[2012/12/23 14:00:01 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeaaclient.dll

[2012/12/23 14:00:01 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64aaclient.dll

[2012/12/23 14:00:01 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpudd.dll

[2012/12/23 14:00:01 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpendp_winip.dll

[2012/12/23 14:00:01 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64rdpendp_winip.dll

[2012/12/23 14:00:01 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTSWbPrxy.exe

[2012/12/23 14:00:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeMsRdpWebAccess.dll

[2012/12/23 14:00:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64MsRdpWebAccess.dll

[2012/12/23 14:00:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativetsgqec.dll

[2012/12/23 14:00:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeTsUsbGDCoInstaller.dll

[2012/12/23 14:00:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64tsgqec.dll

[2012/12/23 14:00:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewksprtPS.dll

[2012/12/23 14:00:01 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wksprtPS.dll

[2012/12/23 14:00:00 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemstscax.dll

[2012/12/23 14:00:00 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mstscax.dll

[2012/12/23 14:00:00 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativerdpcorets.dll

[2012/12/23 13:59:27 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativelsasrv.dll

[2012/12/23 13:59:27 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativencrypt.dll

[2012/12/22 03:00:28 | 000,046,080 | ---- | C] (Adobe Systems) -- C:WindowsSysNativeatmlib.dll

[2012/12/22 03:00:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:WindowsSysWow64atmlib.dll

[2012/12/22 03:00:27 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysNativeatmfd.dll

[2012/12/22 03:00:26 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:WindowsSysWow64atmfd.dll

[2012/12/18 19:38:11 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingvlc

[2012/12/18 19:37:09 | 000,000,000 | ---D | C] -- C:Program Files (x86)VideoLAN

[2012/12/15 00:27:21 | 000,000,000 | ---D | C] -- C:UsersFlashDoctor Web

[2012/12/15 00:05:29 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingIDM

[2012/12/15 00:05:09 | 000,000,000 | ---D | C] -- C:Program Files (x86)Internet Download Manager

[2012/12/14 19:36:31 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingMusicOasis

[2012/12/14 19:34:23 | 000,000,000 | -HSD | C] -- C:WindowsSysWow64AI_RecycleBin

[2012/12/14 17:19:41 | 000,000,000 | ---D | C] -- C:UsersFlashAppDataRoamingHideIPEasy

[2012/12/14 17:19:41 | 000,000,000 | ---D | C] -- C:ProgramDataHideIPEasy

[2012/12/14 17:18:53 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsHide IP Easy

[2012/12/14 17:18:51 | 000,000,000 | ---D | C] -- C:Program Files (x86)HideIPEasy

[2012/12/14 02:52:18 | 000,165,112 | ---- | C] (Tonec Inc.) -- C:WindowsSysNativedriversidmwfp.sys

[2012/12/11 17:36:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieui.dll

[2012/12/11 17:36:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemshtmled.dll

[2012/12/11 17:36:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64mshtmled.dll

[2012/12/11 17:36:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64inetcpl.cpl

[2012/12/11 17:36:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieui.dll

[2012/12/11 17:36:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeurl.dll

[2012/12/11 17:36:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64url.dll

[2012/12/11 17:36:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeieUnatt.exe

[2012/12/11 17:36:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ieUnatt.exe

[2012/12/11 17:36:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript9.dll

[2012/12/11 17:36:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeinetcpl.cpl

[2012/12/11 17:36:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativemsfeeds.dll

[2012/12/11 17:36:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativejscript.dll

[2012/12/11 17:36:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64jscript.dll

[2012/12/11 17:36:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativevbscript.dll

[2012/12/11 16:13:39 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeKernelBase.dll

[2012/12/11 16:13:38 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativekernel32.dll

[2012/12/11 16:13:38 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64win.dll

[2012/12/11 16:13:38 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativeconhost.exe

[2012/12/11 16:13:38 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64.dll

[2012/12/11 16:13:38 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewinsrv.dll

[2012/12/11 16:13:38 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64setup16.exe

[2012/12/11 16:13:38 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativentvdm64.dll

[2012/12/11 16:13:38 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64ntvdm64.dll

[2012/12/11 16:13:38 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativewow64cpu.dll

[2012/12/11 16:13:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64instnm.exe

[2012/12/11 16:13:38 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64wow32.dll

[2012/12/11 16:13:38 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processthreads-l1-1-0.dll

[2012/12/11 16:13:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/11 16:13:38 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-heap-l1-1-0.dll

[2012/12/11 16:13:37 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-security-base-l1-1-0.dll

[2012/12/11 16:13:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-file-l1-1-0.dll

[2012/12/11 16:13:37 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-file-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-threadpool-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processthreads-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-sysinfo-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-synch-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-misc-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localregistry-l1-1-0.dll

[2012/12/11 16:13:37 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localregistry-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-processenvironment-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-namedpipe-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-misc-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-memory-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-memory-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-xstate-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-util-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-string-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-string-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-profile-l1-1-0.dll

[2012/12/11 16:13:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-profile-l1-1-0.dll

[2012/12/11 16:13:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-security-base-l1-1-0.dll

[2012/12/11 16:13:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-threadpool-l1-1-0.dll

[2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-synch-l1-1-0.dll

[2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-localization-l1-1-0.dll

[2012/12/11 16:13:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-localization-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-xstate-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-libraryloader-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-interlocked-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-heap-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-util-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-io-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-io-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-interlocked-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-handle-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-handle-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-fibers-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-fibers-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-errorhandling-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-delayload-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-delayload-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-debug-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-debug-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-datetime-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-datetime-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysWow64api-ms-win-core-console-l1-1-0.dll

[2012/12/11 16:13:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:WindowsSysNativeapi-ms-win-core-console-l1-1-0.dll

[2012/12/11 16:13:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64user.exe

[2012/12/11 16:13:20 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:WindowsSysNativedpnet.dll

[2012/12/11 16:13:20 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:WindowsSysWow64dpnet.dll

[2012/06/05 16:04:14 | 000,082,816 | ---- | C] (VSO Software) -- C:UsersFlashAppDataRoamingpcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2013/01/09 00:50:18 | 000,000,830 | ---- | M] () -- C:WindowstasksAdobe Flash Player Updater.job

[2013/01/09 00:48:07 | 000,000,928 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000UA.job

[2013/01/09 00:43:17 | 000,001,743 | ---- | M] () -- C:UsersPublicDesktopiTunes.lnk

[2013/01/09 00:32:13 | 000,040,624 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 00:32:13 | 000,040,624 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/09 00:28:42 | 000,001,805 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2013/01/09 00:16:43 | 000,000,892 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2013/01/09 00:13:13 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2013/01/09 00:12:46 | 1101,418,495 | -HS- | M] () -- C:hiberfil.sys

[2013/01/08 23:57:31 | 1085,263,124 | ---- | M] () -- C:WindowsMEMORY.DMP

[2013/01/08 19:53:00 | 000,000,896 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2013/01/08 16:50:27 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerApp.exe

[2013/01/08 16:50:26 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2013/01/08 15:47:00 | 000,000,906 | ---- | M] () -- C:WindowstasksFacebookUpdateTaskUserS-1-5-21-2238281131-119592130-1704958914-1000Core.job

[2013/01/06 15:41:04 | 000,001,945 | ---- | M] () -- C:Windowsepplauncher.mif

[2013/01/06 14:38:14 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2013/01/06 00:29:28 | 000,000,774 | ---- | M] () -- C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc

[2013/01/06 00:13:55 | 000,000,927 | ---- | M] () -- C:UsersFlashApplication DataMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk

[2013/01/05 23:52:01 | 000,000,017 | ---- | M] () -- C:UsersFlashAppDataLocalresmon.resmoncfg

[2013/01/05 23:00:58 | 005,101,944 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2013/01/05 20:38:31 | 000,000,850 | ---- | M] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

[2013/01/05 17:01:24 | 478,027,761 | ---- | M] () -- C:UsersFlashDesktopDownloads.rar

[2013/01/03 22:30:33 | 000,876,418 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2013/01/03 22:30:33 | 000,731,010 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2013/01/03 22:30:33 | 000,147,926 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2013/01/03 22:23:19 | 000,000,332 | ---- | M] () -- C:WindowstasksHPCeeScheduleForFlash.job

[2013/01/03 21:20:24 | 3224,686,592 | ---- | M] () -- C:UsersFlashDesktopGRMCPRXFRER_EN_DVD.ISO

[2012/12/31 12:04:00 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativeWindowsAccessBridge-64.dll

[2012/12/31 12:03:58 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaws.exe

[2012/12/31 12:03:58 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejavaw.exe

[2012/12/31 12:03:58 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativejava.exe

[2012/12/31 12:03:57 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativenpdeployJava1.dll

[2012/12/31 12:03:57 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:WindowsSysNativedeployJava1.dll

[2012/12/25 14:11:10 | 001,759,269 | ---- | M] () -- C:WindowsSysNativedriversNISx641402000.013Cat.DB

[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:WindowsSysNativeatmlib.dll

[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysNativeatmfd.dll

[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64atmfd.dll

[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:WindowsSysWow64atmlib.dll

[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2012/12/12 23:48:07 | 000,003,520 | ---- | M] () -- C:WindowsSysWow64EasyRedirect.ini

[2012/12/12 23:48:07 | 000,002,040 | ---- | M] () -- C:WindowsSysWow64EasyRedirectOff.ini

[2012/12/12 23:48:07 | 000,002,040 | ---- | M] () -- C:WindowsSysNativeEasyRedirectOff.ini

[2012/12/11 17:41:36 | 000,000,129 | ---- | M] () -- C:WindowsSysNativeMRT.INI

[2012/12/11 17:28:38 | 000,058,880 | ---- | M] () -- C:UsersFlashAppDataLocalN360

[2012/12/11 17:28:38 | 000,055,808 | ---- | M] () -- C:UsersFlashAppDataLocalNAV

[2012/12/11 17:28:38 | 000,054,272 | ---- | M] () -- C:UsersFlashAppDataLocalNIS

[2012/12/11 15:50:36 | 000,000,342 | ---- | M] () -- C:WindowstasksHPCeeScheduleForFLASH-HP$.job

 

========== Files Created - No Company Name ==========

 

[2013/01/09 00:43:17 | 000,001,743 | ---- | C] () -- C:UsersPublicDesktopiTunes.lnk

[2013/01/09 00:28:42 | 000,001,805 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2013/01/09 00:23:30 | 000,001,054 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAurora.lnk

[2013/01/06 15:41:04 | 000,001,945 | ---- | C] () -- C:Windowsepplauncher.mif

[2013/01/06 15:34:36 | 000,002,117 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Security Essentials.lnk

[2013/01/06 13:54:09 | 1085,263,124 | ---- | C] () -- C:WindowsMEMORY.DMP

[2013/01/06 00:13:55 | 000,000,927 | ---- | C] () -- C:UsersFlashApplication DataMicrosoftInternet ExplorerQuick LaunchµTorrent.lnk

[2013/01/05 23:52:01 | 000,000,017 | ---- | C] () -- C:UsersFlashAppDataLocalresmon.resmoncfg

[2013/01/05 22:59:26 | 005,101,944 | ---- | C] () -- C:WindowsSysNativeFNTCACHE.DAT

[2013/01/05 20:38:31 | 000,000,850 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupSecunia PSI Tray.lnk

[2013/01/05 15:39:23 | 478,027,761 | ---- | C] () -- C:UsersFlashDesktopDownloads.rar

[2013/01/03 21:12:55 | 3224,686,592 | ---- | C] () -- C:UsersFlashDesktopGRMCPRXFRER_EN_DVD.ISO

[2012/12/31 18:02:07 | 1101,418,495 | -HS- | C] () -- C:hiberfil.sys

[2012/12/31 00:36:59 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/12/31 00:36:59 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/12/31 00:36:59 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/12/31 00:36:59 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/12/31 00:36:59 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/12/11 17:28:38 | 000,058,880 | ---- | C] () -- C:UsersFlashAppDataLocalN360

[2012/12/11 17:28:38 | 000,055,808 | ---- | C] () -- C:UsersFlashAppDataLocalNAV

[2012/12/11 17:28:38 | 000,054,272 | ---- | C] () -- C:UsersFlashAppDataLocalNIS

[2012/11/22 01:43:52 | 000,003,520 | ---- | C] () -- C:WindowsSysWow64EasyRedirect.ini

[2012/11/22 01:43:52 | 000,002,040 | ---- | C] () -- C:WindowsSysWow64EasyRedirectOff.ini

[2012/10/13 03:44:42 | 000,000,399 | ---- | C] () -- C:UsersFlash.gitconfig

[2012/09/04 23:30:06 | 000,000,938 | -H-- | C] () -- C:UsersFlash.gitk

[2012/09/03 23:34:14 | 000,001,287 | ---- | C] () -- C:UsersFlash_viminfo

[2012/09/02 23:12:22 | 000,000,356 | ---- | C] () -- C:UsersFlash.bash_history

[2012/08/14 16:15:31 | 000,053,248 | ---- | C] () -- C:WindowsSysWow64CommonDL.dll

[2012/08/14 16:15:31 | 000,002,413 | ---- | C] () -- C:WindowsSysWow64lgAxconfig.ini

[2012/08/14 09:28:21 | 000,004,932 | ---- | C] () -- C:ProgramDatashppvtrh.txs

[2012/07/25 11:45:19 | 000,004,608 | ---- | C] () -- C:UsersFlashAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/25 11:44:17 | 000,598,016 | ---- | C] () -- C:WindowsSysWow64viscomqtde.dll

[2012/07/25 11:44:17 | 000,262,144 | ---- | C] () -- C:WindowsSysWow64lame_enc.dll

[2012/07/25 01:23:04 | 000,061,440 | ---- | C] () -- C:WindowsSysWow64GkSui18.EXE

[2012/06/05 23:31:33 | 000,000,045 | ---- | C] () -- C:UsersFlashjagex_cl_runescape_LIVE1.dat

[2012/06/05 22:36:12 | 000,000,044 | ---- | C] () -- C:UsersFlashjagex_cl_runescape_LIVE.dat

[2012/06/05 22:36:12 | 000,000,024 | ---- | C] () -- C:UsersFlashrandom.dat

[2012/06/05 16:04:14 | 000,007,859 | ---- | C] () -- C:UsersFlashAppDataRoamingpcouffin.cat

[2012/06/05 16:04:14 | 000,001,167 | ---- | C] () -- C:UsersFlashAppDataRoamingpcouffin.inf

[2012/05/10 00:19:03 | 000,005,034 | ---- | C] () -- C:ProgramDatatninvxyu.eyb

[2012/04/10 00:23:46 | 006,990,455 | ---- | C] () -- C:UsersFlashAppDataRoamingData

[2012/04/10 00:23:46 | 000,001,814 | ---- | C] () -- C:UsersFlashAppDataRoamingSchema

[2012/03/15 09:40:28 | 004,826,112 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll

[2012/03/14 11:29:20 | 000,013,865 | ---- | C] () -- C:ProgramDataN360BUOptions.ini

[2012/02/20 18:01:26 | 000,001,456 | ---- | C] () -- C:UsersFlashAppDataLocalAdobe Save for Web 12.0 Prefs

[2012/02/05 23:01:26 | 000,000,036 | ---- | C] () -- C:UsersFlash.org.eclipse.epp.usagedata.recording.userId

[2012/02/01 00:40:57 | 000,000,774 | ---- | C] () -- C:ProgramDataMicrosoft.SqlServer.Compact.400.32.bc

[2012/01/30 13:25:49 | 000,005,055 | ---- | C] () -- C:ProgramDatazwbdueus.luf

[2012/01/09 19:45:18 | 000,178,688 | ---- | C] () -- C:WindowsSysWow64unrar.dll

[2011/12/17 00:45:02 | 000,892,412 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/12/07 19:32:24 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll

[2011/12/02 14:38:19 | 000,000,537 | ---- | C] () -- C:WindowsFICEDULA.INI

[2011/09/11 10:34:47 | 000,145,804 | ---- | C] () -- C:WindowsSysWow64igcompkrng600.bin

[2011/09/11 10:30:57 | 000,000,056 | -H-- | C] () -- C:WindowsSysWow64ezsidmv.dat

[2011/08/24 23:36:56 | 000,000,068 | ---- | C] () -- C:WindowsSysWow64ezdigsgn.dat

[2011/04/15 18:05:52 | 000,218,304 | ---- | C] () -- C:WindowsSysWow64igfcg600m.bin

[2011/04/15 18:05:50 | 000,963,116 | ---- | C] () -- C:WindowsSysWow64igkrng600.bin

[2011/04/15 17:59:50 | 000,056,832 | ---- | C] () -- C:WindowsSysWow64igdde32.dll

[2011/04/15 17:33:42 | 013,359,616 | ---- | C] () -- C:WindowsSysWow64ig4icd32.dll

[2011/03/03 23:04:58 | 000,007,736 | ---- | C] () -- C:WindowshpDSTRES.DLL

 

========== ZeroAccess Check ==========

 

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:WindowsassemblyDesktop.ini

 

[HKEY_CURRENT_USERSoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

 

[HKEY_CURRENT_USERSoftwareClassesclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32] /64

 

[HKEY_CURRENT_USERSoftwareClassesWow6432nodeclsid{fbeb8a05-beee-4442-804e-409d6c4515e9}InProcServer32]

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32] /64

"" = C:WindowsSysNativeshell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{42aedc87-2188-41fd-b9a3-0c966feabec1}InProcServer32]

"" = %SystemRoot%system32shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32] /64

"" = C:WindowsSysNativewbemfastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{5839FCA9-774D-42A1-ACDA-D6A79037F57F}InProcServer32]

"" = %systemroot%system32wbemfastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINESoftwareClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32] /64

"" = C:WindowsSysNativewbemwbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINESoftwareWow6432NodeClassesclsid{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}InProcServer32]

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 211 bytes -> C:ProgramDataTemp:DDE29E40

@Alternate Data Stream - 181 bytes -> C:ProgramDataTemp:1A15E356

 

< End of report >

Share this post


Link to post
Share on other sites

Looks good. That is all I see. I don't know what is causing the continued BSOD's. Perhaps you should post in the User to User help area and see if the "windows guru's" can help you tweak things a bit.

 

Let's do some housekeeping:

 

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

  • Double click on OTL to run it.
  • Click on CleanUp!
  • When done, you will be prompted to restart your computer. Please restart your computer.

Please re-enable any security that was disabled.

 

If you have any questions... please let me know. Otherwise I'll close this thread as malware seems to be gone.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×