Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many small problems, rerouting links etc.


  • This topic is locked This topic is locked
18 replies to this topic

#1 MotoPete

MotoPete

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 31 July 2012 - 08:03 PM

It seems like more and more my computer is developing weird quirks. I can't place what I could have downloaded or when I could have picked up a bug, but definitely in the past 2-3 weeks. Here are a few examples, when I went to download the tools to scan my computer for the logs. I noticed a new download option replacing the typical text reading "Download Now" it instead reads, "DownThemAll!".

Also my screens are getting mixed up, if I open a new window it automatically sends to the back. Nothing will layer in front of Mozilla. I have to minimize or resize mozilla to see whats in back. Like when I was installing the log software, I had to minimize Mozilla because the install would not happen infront of mozilla.

Lastly when I tried to log into Youtube on Internet Explorer it was trying to reroute me to an ad site. Coupon explosion or something, but IE blocked the forwarding.


Oh and in GMER I was not able to select certain boxes. "System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries" where all greyed out. The only thing I could select was "Services, Registry, Files, ADS" and select the appropriate drive, in this case C:\. "Show All" was also greyed out. I don't think its something I was doing wrong, but please direct me if I was.
When GMER finished it stated that "No Modifications where found" on my computer. The log is blank, It saved as a completely blank .txt.

Thanks for your help,
Peter


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ox-AV at 20:17:29 on 2012-07-31
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.5831 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Giant Savings: {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-3NJCV.exe" /REG /REGSVRMODE
StartupFolder: C:\Users\Ox-AV\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{6974D860-D8A9-4F74-9BB9-40E166DBEBB2} : DhcpNameServer = 192.168.2.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Giant Savings: {11111111-1111-1111-1111-110011441179} - C:\Program Files (x86)\Giant Savings\Giant Savings.dll
BHO-X64: CrossriderApp0004479 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mRunOnce-x64: [InnoSetupRegFile.0000000001] "C:\Windows\is-3NJCV.exe" /REG /REGSVRMODE
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.visualproducts.com/storeProductDetail02.asp?productID=1120&Cat=2&Cat2=14#bigPic
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Ox-AV\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-14 654408]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-6 1636872]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-4-13 1636872]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\system32\DRIVERS\nvnusbaudio.sys --> C:\Windows\system32\DRIVERS\nvnusbaudio.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-17 250056]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-9 1038088]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys --> C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-10 113120]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 09:51:20 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BECEEB81-7EDE-40B7-8A79-45C48F601AA9}\offreg.dll
2012-07-31 09:32:27 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BECEEB81-7EDE-40B7-8A79-45C48F601AA9}\mpengine.dll
2012-07-25 03:29:47 711240 ----a-w- C:\Windows\is-3NJCV.exe
2012-07-18 23:41:04 -------- d-----w- C:\Users\Ox-AV\AppData\Roaming\PDFlite
2012-07-18 23:40:59 87040 ----a-w- C:\Windows\System32\redmonnt.dll
2012-07-18 23:40:59 46080 ----a-w- C:\Windows\System32\unredmon.exe
2012-07-18 23:40:58 -------- d-----w- C:\Users\Ox-AV\AppData\Local\Giant Savings
2012-07-18 23:40:58 -------- d-----w- C:\Program Files (x86)\PDFlite
2012-07-18 23:40:57 -------- d-----w- C:\Program Files (x86)\Giant Savings
2012-07-12 07:02:45 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 07:01:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-12 07:01:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-07-11 12:58:12 1880064 ----a-w- C:\Windows\System32\msxml3.dll
.
==================== Find3M ====================
.
2012-07-27 03:10:20 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 03:10:20 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 15:37:29 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 20:17:51.96 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 04 August 2012 - 12:26 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 05 August 2012 - 01:48 PM

The computer is running a little better already. Big thing I noticed was I was seeing ads that didn't belong on every site I went to. Even when I played a movie on Netflix there would be a banner ad above the movie. That has since gone away.

Here are the results of Checkup.txt:

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Trend Micro Titanium Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Trend Micro AMSP coreServiceShell.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk UIWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

I've attached the combofix log.txt but I'll copy and paste it if you prefer reading it out.

ComboFix 12-08-05.02 - Ox-AV 08/05/2012 14:30:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.6314 [GMT -4:00]
Running from: c:\users\Ox-AV\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ox-AV\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome.manifest
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\background.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\browser.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossrider.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\crossriderapi.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\dialog.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\options.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\search_dialog.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\chrome\content\update.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\defaults\preferences\prefs.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome.manifest
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\background.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\browser.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\crossrider.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\crossriderapi.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\dialog.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\options.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\options.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\search_dialog.xul
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\chrome\content\update.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\defaults\preferences\prefs.js
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\install.rdf
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\locale\en-US\translations.dtd
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\button1.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\button2.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\button3.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\button4.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\button5.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\crossrider_statusbar.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\icon24.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\icon48.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\panelarrow-up.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\popup.css
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\popup.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\popup_binding.xml
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\skin.css
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\firefox-production\skin\update.css
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\install.rdf
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\locale\en-US\translations.dtd
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\button1.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\button2.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\button3.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\button4.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\button5.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\crossrider_statusbar.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\icon128.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\icon16.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\icon24.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\icon48.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\panelarrow-up.png
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\popup.css
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\popup.html
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\popup_binding.xml
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\skin.css
c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\crossriderapp4479@crossrider.com\skin\update.css
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 18:36 . 2012-08-05 18:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 03:00 . 2012-08-04 03:00 -------- d-----w- C:\temp
2012-08-03 23:48 . 2012-08-03 23:48 -------- d-----w- c:\users\Ox-AV\AppData\Local\Trend Micro
2012-08-03 23:47 . 2011-08-02 20:45 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-08-03 23:47 . 2011-07-12 11:13 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-08-03 23:47 . 2011-07-12 11:13 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-08-03 23:47 . 2011-07-12 11:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-03 23:43 . 2012-08-03 23:43 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-08-03 23:40 . 2012-08-03 23:42 -------- d-----w- c:\program files\Trend Micro
2012-08-03 23:39 . 2012-08-04 03:00 -------- d-----w- c:\programdata\Trend Micro
2012-08-03 17:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DDFFB5D-3184-4F3A-85FB-3F7297F45AE4}\mpengine.dll
2012-07-18 23:41 . 2012-07-19 00:06 -------- d-----w- c:\users\Ox-AV\AppData\Roaming\PDFlite
2012-07-18 23:40 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\redmonnt.dll
2012-07-18 23:40 . 2005-03-12 00:07 46080 ----a-w- c:\windows\system32\unredmon.exe
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\program files (x86)\PDFlite
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\users\Ox-AV\AppData\Local\Giant Savings
2012-07-18 23:40 . 2012-07-18 23:41 -------- d-----w- c:\program files (x86)\Giant Savings
2012-07-12 07:02 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:01 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-12 07:01 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 07:01 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-11 12:58 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 17:10 . 2012-05-17 12:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 17:10 . 2011-11-24 04:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-26 04:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 04:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 04:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 04:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 04:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 04:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 04:36 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 04:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-26 04:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 15:37 . 2009-07-24 04:46 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-31 16:25 . 2011-11-10 01:24 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-11-10 611712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-02 296056]
.
c:\users\Ox-AV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2011-11-10 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-09 1038088]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-24 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2009-08-10 47616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-23 291328]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 17:10]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForOx-AV.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-11-11 22:38]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.visualproducts.com/storeProductDetail02.asp?productID=1120&Cat=2&Cat2=14#bigPic
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
.
**************************************************************************
.
Completion time: 2012-08-05 14:44:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 18:44
.
Pre-Run: 267,403,550,720 bytes free
Post-Run: 270,485,573,632 bytes free
.
- - End Of File - - F593FE328A9D67B10E47D5D49C2F625D

Attached Files

  • Attached File  log.txt   27.78KB   0 downloads

Edited by MotoPete, 05 August 2012 - 01:49 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 05 August 2012 - 03:21 PM

Hello MotoPete

That is a good start but I am going to dig just a little deeper to see if anything shows up

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 05 August 2012 - 05:23 PM

Thanks, One thing I noticed when downloading the programs is I still have this strange "downThemAll" option. I'm not sure what that is.

No reboots were required on TDSSKiller, Here's the log:

17:55:02.0354 7088 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:55:02.0704 7088 ============================================================
17:55:02.0704 7088 Current date / time: 2012/08/05 17:55:02.0704
17:55:02.0704 7088 SystemInfo:
17:55:02.0704 7088
17:55:02.0704 7088 OS Version: 6.1.7600 ServicePack: 0.0
17:55:02.0704 7088 Product type: Workstation
17:55:02.0704 7088 ComputerName: OX-AV-PC
17:55:02.0704 7088 UserName: Ox-AV
17:55:02.0714 7088 Windows directory: C:\Windows
17:55:02.0714 7088 System windows directory: C:\Windows
17:55:02.0714 7088 Running under WOW64
17:55:02.0714 7088 Processor architecture: Intel x64
17:55:02.0714 7088 Number of processors: 4
17:55:02.0714 7088 Page size: 0x1000
17:55:02.0714 7088 Boot type: Normal boot
17:55:02.0714 7088 ============================================================
17:55:03.0732 7088 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:55:03.0764 7088 ============================================================
17:55:03.0764 7088 \Device\Harddisk0\DR0:
17:55:03.0764 7088 MBR partitions:
17:55:03.0764 7088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x31000
17:55:03.0764 7088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FCD, BlocksNum 0x55C63AA9
17:55:03.0764 7088 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55C97000, BlocksNum 0x18AE800
17:55:03.0764 7088 ============================================================
17:55:03.0779 7088 C: <-> \Device\Harddisk0\DR0\Partition1
17:55:03.0810 7088 D: <-> \Device\Harddisk0\DR0\Partition2
17:55:03.0810 7088 ============================================================
17:55:03.0810 7088 Initialize success
17:55:03.0810 7088 ============================================================
17:55:12.0156 5280 ============================================================
17:55:12.0156 5280 Scan started
17:55:12.0156 5280 Mode: Manual;
17:55:12.0156 5280 ============================================================
17:55:13.0155 5280 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
17:55:13.0155 5280 1394ohci - ok
17:55:13.0186 5280 61883 (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
17:55:13.0186 5280 61883 - ok
17:55:13.0233 5280 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
17:55:13.0233 5280 ACPI - ok
17:55:13.0248 5280 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
17:55:13.0248 5280 AcpiPmi - ok
17:55:13.0295 5280 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
17:55:13.0295 5280 adfs - ok
17:55:13.0451 5280 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
17:55:13.0451 5280 Adobe Version Cue CS4 - ok
17:55:13.0529 5280 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:55:13.0529 5280 AdobeARMservice - ok
17:55:13.0638 5280 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:55:13.0638 5280 AdobeFlashPlayerUpdateSvc - ok
17:55:13.0685 5280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:55:13.0685 5280 adp94xx - ok
17:55:13.0701 5280 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:55:13.0701 5280 adpahci - ok
17:55:13.0701 5280 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:55:13.0716 5280 adpu320 - ok
17:55:13.0732 5280 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:55:13.0732 5280 AeLookupSvc - ok
17:55:13.0794 5280 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
17:55:13.0794 5280 AFD - ok
17:55:13.0935 5280 AffinegyService (7f1130830b3ba85921519a5616e29803) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
17:55:13.0935 5280 AffinegyService - ok
17:55:13.0966 5280 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
17:55:13.0966 5280 agp440 - ok
17:55:13.0997 5280 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys
17:55:14.0013 5280 ahcix64s - ok
17:55:14.0028 5280 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:55:14.0028 5280 ALG - ok
17:55:14.0044 5280 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
17:55:14.0044 5280 aliide - ok
17:55:14.0091 5280 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
17:55:14.0091 5280 AMD External Events Utility - ok
17:55:14.0153 5280 AMD FUEL Service - ok
17:55:14.0184 5280 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
17:55:14.0184 5280 amdide - ok
17:55:14.0200 5280 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
17:55:14.0200 5280 amdiox64 - ok
17:55:14.0216 5280 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:55:14.0216 5280 AmdK8 - ok
17:55:14.0465 5280 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:14.0684 5280 amdkmdag - ok
17:55:14.0793 5280 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
17:55:14.0793 5280 amdkmdap - ok
17:55:14.0808 5280 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:55:14.0808 5280 AmdPPM - ok
17:55:14.0855 5280 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
17:55:14.0855 5280 amdsata - ok
17:55:14.0871 5280 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:55:14.0871 5280 amdsbs - ok
17:55:14.0886 5280 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
17:55:14.0886 5280 amdxata - ok
17:55:14.0933 5280 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
17:55:14.0933 5280 AMD_RAIDXpert - ok
17:55:15.0027 5280 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
17:55:15.0042 5280 Amsp - ok
17:55:15.0074 5280 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:55:15.0074 5280 AODDriver4.01 - ok
17:55:15.0105 5280 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
17:55:15.0105 5280 AODDriver4.1 - ok
17:55:15.0120 5280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
17:55:15.0136 5280 AppID - ok
17:55:15.0167 5280 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:55:15.0167 5280 AppIDSvc - ok
17:55:15.0183 5280 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
17:55:15.0183 5280 Appinfo - ok
17:55:15.0245 5280 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:55:15.0245 5280 Apple Mobile Device - ok
17:55:15.0292 5280 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:55:15.0308 5280 arc - ok
17:55:15.0323 5280 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:55:15.0323 5280 arcsas - ok
17:55:15.0339 5280 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:55:15.0339 5280 AsyncMac - ok
17:55:15.0354 5280 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
17:55:15.0354 5280 atapi - ok
17:55:15.0464 5280 athr (7d89b0c443f6068e5b27aa3b972069ff) C:\Windows\system32\DRIVERS\athrx.sys
17:55:15.0495 5280 athr - ok
17:55:15.0807 5280 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
17:55:15.0869 5280 atikmdag - ok
17:55:15.0994 5280 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:55:15.0994 5280 AtiPcie - ok
17:55:16.0041 5280 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:55:16.0056 5280 AudioEndpointBuilder - ok
17:55:16.0056 5280 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
17:55:16.0072 5280 AudioSrv - ok
17:55:16.0088 5280 Avc (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
17:55:16.0088 5280 Avc - ok
17:55:16.0119 5280 AVCSTRM (155f536d6181508929f4fe177f4167ce) C:\Windows\system32\DRIVERS\avcstrm.sys
17:55:16.0134 5280 AVCSTRM - ok
17:55:16.0166 5280 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
17:55:16.0166 5280 AxInstSV - ok
17:55:16.0212 5280 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:55:16.0228 5280 b06bdrv - ok
17:55:16.0244 5280 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:55:16.0259 5280 b57nd60a - ok
17:55:16.0290 5280 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:55:16.0290 5280 BDESVC - ok
17:55:16.0306 5280 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:55:16.0306 5280 Beep - ok
17:55:16.0353 5280 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
17:55:16.0368 5280 BFE - ok
17:55:16.0415 5280 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll
17:55:16.0415 5280 BITS - ok
17:55:16.0431 5280 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:55:16.0431 5280 blbdrive - ok
17:55:16.0509 5280 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:55:16.0524 5280 Bonjour Service - ok
17:55:16.0634 5280 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
17:55:16.0634 5280 bowser - ok
17:55:16.0727 5280 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:55:16.0727 5280 BrFiltLo - ok
17:55:16.0727 5280 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:55:16.0727 5280 BrFiltUp - ok
17:55:16.0743 5280 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
17:55:16.0743 5280 BridgeMP - ok
17:55:16.0774 5280 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
17:55:16.0774 5280 Browser - ok
17:55:16.0790 5280 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:55:16.0790 5280 Brserid - ok
17:55:16.0805 5280 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:55:16.0805 5280 BrSerWdm - ok
17:55:16.0805 5280 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:55:16.0821 5280 BrUsbMdm - ok
17:55:16.0821 5280 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:55:16.0821 5280 BrUsbSer - ok
17:55:16.0836 5280 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:55:16.0836 5280 BTHMODEM - ok
17:55:16.0852 5280 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:55:16.0852 5280 bthserv - ok
17:55:16.0883 5280 catchme - ok
17:55:16.0899 5280 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:55:16.0899 5280 cdfs - ok
17:55:16.0930 5280 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
17:55:16.0930 5280 cdrom - ok
17:55:16.0946 5280 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:55:16.0946 5280 CertPropSvc - ok
17:55:16.0961 5280 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:55:16.0961 5280 circlass - ok
17:55:16.0977 5280 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:55:16.0977 5280 CLFS - ok
17:55:17.0039 5280 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:55:17.0055 5280 clr_optimization_v2.0.50727_32 - ok
17:55:17.0086 5280 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:55:17.0086 5280 clr_optimization_v2.0.50727_64 - ok
17:55:17.0180 5280 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:55:17.0180 5280 clr_optimization_v4.0.30319_32 - ok
17:55:17.0195 5280 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:55:17.0211 5280 clr_optimization_v4.0.30319_64 - ok
17:55:17.0226 5280 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:55:17.0226 5280 CmBatt - ok
17:55:17.0242 5280 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
17:55:17.0242 5280 cmdide - ok
17:55:17.0289 5280 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
17:55:17.0289 5280 CNG - ok
17:55:17.0304 5280 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:55:17.0320 5280 Compbatt - ok
17:55:17.0336 5280 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
17:55:17.0336 5280 CompositeBus - ok
17:55:17.0336 5280 COMSysApp - ok
17:55:17.0351 5280 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:55:17.0351 5280 crcdisk - ok
17:55:17.0382 5280 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
17:55:17.0382 5280 CryptSvc - ok
17:55:17.0429 5280 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:55:17.0429 5280 DcomLaunch - ok
17:55:17.0445 5280 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:55:17.0460 5280 defragsvc - ok
17:55:17.0492 5280 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
17:55:17.0492 5280 DfsC - ok
17:55:17.0538 5280 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
17:55:17.0538 5280 Dhcp - ok
17:55:17.0554 5280 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:55:17.0554 5280 discache - ok
17:55:17.0570 5280 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:55:17.0570 5280 Disk - ok
17:55:17.0601 5280 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
17:55:17.0616 5280 Dnscache - ok
17:55:17.0632 5280 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
17:55:17.0632 5280 dot3svc - ok
17:55:17.0648 5280 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
17:55:17.0648 5280 DPS - ok
17:55:17.0663 5280 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:55:17.0679 5280 drmkaud - ok
17:55:17.0741 5280 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
17:55:17.0757 5280 DXGKrnl - ok
17:55:17.0788 5280 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:55:17.0788 5280 EapHost - ok
17:55:17.0882 5280 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:55:17.0944 5280 ebdrv - ok
17:55:18.0038 5280 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
17:55:18.0038 5280 EFS - ok
17:55:18.0100 5280 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
17:55:18.0116 5280 ehRecvr - ok
17:55:18.0147 5280 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:55:18.0147 5280 ehSched - ok
17:55:18.0194 5280 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:55:18.0194 5280 elxstor - ok
17:55:18.0209 5280 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
17:55:18.0225 5280 ErrDev - ok
17:55:18.0272 5280 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:55:18.0272 5280 EventSystem - ok
17:55:18.0287 5280 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:55:18.0287 5280 exfat - ok
17:55:18.0303 5280 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:55:18.0303 5280 fastfat - ok
17:55:18.0334 5280 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
17:55:18.0350 5280 Fax - ok
17:55:18.0350 5280 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:55:18.0350 5280 fdc - ok
17:55:18.0365 5280 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:55:18.0365 5280 fdPHost - ok
17:55:18.0365 5280 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:55:18.0381 5280 FDResPub - ok
17:55:18.0381 5280 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:55:18.0381 5280 FileInfo - ok
17:55:18.0396 5280 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:55:18.0396 5280 Filetrace - ok
17:55:18.0474 5280 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
17:55:18.0490 5280 FLEXnet Licensing Service - ok
17:55:18.0584 5280 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
17:55:18.0599 5280 FLEXnet Licensing Service 64 - ok
17:55:18.0646 5280 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:55:18.0646 5280 flpydisk - ok
17:55:18.0662 5280 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
17:55:18.0662 5280 FltMgr - ok
17:55:18.0740 5280 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
17:55:18.0755 5280 FontCache - ok
17:55:18.0786 5280 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:55:18.0802 5280 FontCache3.0.0.0 - ok
17:55:18.0818 5280 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:55:18.0818 5280 FsDepends - ok
17:55:18.0849 5280 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
17:55:18.0849 5280 Fs_Rec - ok
17:55:18.0896 5280 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:55:18.0896 5280 fvevol - ok
17:55:18.0911 5280 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:55:18.0911 5280 gagp30kx - ok
17:55:18.0989 5280 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:55:19.0005 5280 GameConsoleService - ok
17:55:19.0036 5280 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:55:19.0036 5280 GEARAspiWDM - ok
17:55:19.0083 5280 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
17:55:19.0098 5280 gpsvc - ok
17:55:19.0114 5280 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:55:19.0114 5280 hcw85cir - ok
17:55:19.0161 5280 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
17:55:19.0176 5280 HdAudAddService - ok
17:55:19.0192 5280 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:55:19.0192 5280 HDAudBus - ok
17:55:19.0208 5280 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:55:19.0208 5280 HidBatt - ok
17:55:19.0208 5280 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:55:19.0223 5280 HidBth - ok
17:55:19.0239 5280 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:55:19.0239 5280 HidIr - ok
17:55:19.0239 5280 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
17:55:19.0239 5280 hidserv - ok
17:55:19.0270 5280 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
17:55:19.0270 5280 HidUsb - ok
17:55:19.0301 5280 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
17:55:19.0301 5280 hkmsvc - ok
17:55:19.0301 5280 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
17:55:19.0317 5280 HomeGroupListener - ok
17:55:19.0332 5280 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
17:55:19.0332 5280 HomeGroupProvider - ok
17:55:19.0395 5280 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:55:19.0395 5280 HP Health Check Service - ok
17:55:19.0442 5280 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
17:55:19.0442 5280 hpqwmiex - ok
17:55:19.0457 5280 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
17:55:19.0457 5280 HpSAMD - ok
17:55:19.0520 5280 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
17:55:19.0535 5280 HTTP - ok
17:55:19.0551 5280 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
17:55:19.0551 5280 hwpolicy - ok
17:55:19.0551 5280 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:55:19.0551 5280 i8042prt - ok
17:55:19.0613 5280 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
17:55:19.0613 5280 iaStorV - ok
17:55:19.0707 5280 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:55:19.0707 5280 IDriverT - ok
17:55:19.0785 5280 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:55:19.0800 5280 idsvc - ok
17:55:19.0832 5280 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:55:19.0847 5280 iirsp - ok
17:55:19.0878 5280 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
17:55:19.0894 5280 IKEEXT - ok
17:55:19.0956 5280 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
17:55:19.0972 5280 IntcAzAudAddService - ok
17:55:20.0019 5280 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
17:55:20.0019 5280 intelide - ok
17:55:20.0050 5280 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:55:20.0050 5280 intelppm - ok
17:55:20.0081 5280 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:55:20.0081 5280 IPBusEnum - ok
17:55:20.0097 5280 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:55:20.0097 5280 IpFilterDriver - ok
17:55:20.0128 5280 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
17:55:20.0128 5280 iphlpsvc - ok
17:55:20.0144 5280 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:55:20.0144 5280 IPMIDRV - ok
17:55:20.0144 5280 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:55:20.0144 5280 IPNAT - ok
17:55:20.0222 5280 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
17:55:20.0222 5280 iPod Service - ok
17:55:20.0237 5280 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:55:20.0253 5280 IRENUM - ok
17:55:20.0284 5280 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
17:55:20.0284 5280 isapnp - ok
17:55:20.0315 5280 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
17:55:20.0315 5280 iScsiPrt - ok
17:55:20.0346 5280 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
17:55:20.0346 5280 kbdclass - ok
17:55:20.0362 5280 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
17:55:20.0362 5280 kbdhid - ok
17:55:20.0393 5280 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:55:20.0393 5280 KeyIso - ok
17:55:20.0440 5280 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
17:55:20.0440 5280 KSecDD - ok
17:55:20.0456 5280 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
17:55:20.0456 5280 KSecPkg - ok
17:55:20.0471 5280 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:55:20.0471 5280 ksthunk - ok
17:55:20.0502 5280 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:55:20.0518 5280 KtmRm - ok
17:55:20.0565 5280 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
17:55:20.0580 5280 LanmanServer - ok
17:55:20.0596 5280 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
17:55:20.0612 5280 LanmanWorkstation - ok
17:55:20.0705 5280 LightScribeService (71c6a95a5f0ccc87298c4dd0f2c3635a) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:55:20.0705 5280 LightScribeService - ok
17:55:20.0721 5280 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:55:20.0721 5280 lltdio - ok
17:55:20.0736 5280 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:55:20.0752 5280 lltdsvc - ok
17:55:20.0768 5280 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:55:20.0768 5280 lmhosts - ok
17:55:20.0783 5280 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:55:20.0783 5280 LSI_FC - ok
17:55:20.0783 5280 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:55:20.0783 5280 LSI_SAS - ok
17:55:20.0799 5280 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:55:20.0799 5280 LSI_SAS2 - ok
17:55:20.0814 5280 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:55:20.0814 5280 LSI_SCSI - ok
17:55:20.0846 5280 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:55:20.0846 5280 luafv - ok
17:55:20.0892 5280 MAUSBMIDI (6ea9aa4a432871225938cc6869e59213) C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys
17:55:20.0892 5280 MAUSBMIDI - ok
17:55:20.0908 5280 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
17:55:20.0924 5280 Mcx2Svc - ok
17:55:20.0939 5280 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:55:20.0939 5280 megasas - ok
17:55:20.0939 5280 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:55:20.0955 5280 MegaSR - ok
17:55:21.0017 5280 MIDISPORTAudioDevMon (2511976346fe182eb0992f6d3685facc) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
17:55:21.0017 5280 MIDISPORTAudioDevMon - ok
17:55:21.0064 5280 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:55:21.0080 5280 MMCSS - ok
17:55:21.0080 5280 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:55:21.0080 5280 Modem - ok
17:55:21.0095 5280 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:55:21.0095 5280 monitor - ok
17:55:21.0111 5280 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:55:21.0111 5280 mouclass - ok
17:55:21.0111 5280 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:55:21.0111 5280 mouhid - ok
17:55:21.0126 5280 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
17:55:21.0126 5280 mountmgr - ok
17:55:21.0204 5280 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:55:21.0204 5280 MozillaMaintenance - ok
17:55:21.0220 5280 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
17:55:21.0220 5280 mpio - ok
17:55:21.0236 5280 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:55:21.0236 5280 mpsdrv - ok
17:55:21.0267 5280 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
17:55:21.0282 5280 MpsSvc - ok
17:55:21.0298 5280 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
17:55:21.0298 5280 MRxDAV - ok
17:55:21.0329 5280 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:55:21.0345 5280 mrxsmb - ok
17:55:21.0345 5280 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:55:21.0360 5280 mrxsmb10 - ok
17:55:21.0360 5280 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:55:21.0360 5280 mrxsmb20 - ok
17:55:21.0376 5280 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
17:55:21.0376 5280 msahci - ok
17:55:21.0485 5280 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
17:55:21.0485 5280 MSCSPTISRV - ok
17:55:21.0516 5280 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
17:55:21.0516 5280 msdsm - ok
17:55:21.0532 5280 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:55:21.0532 5280 MSDTC - ok
17:55:21.0579 5280 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
17:55:21.0579 5280 MSDV - ok
17:55:21.0594 5280 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:55:21.0594 5280 Msfs - ok
17:55:21.0610 5280 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:55:21.0610 5280 mshidkmdf - ok
17:55:21.0626 5280 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
17:55:21.0626 5280 msisadrv - ok
17:55:21.0657 5280 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:55:21.0657 5280 MSiSCSI - ok
17:55:21.0657 5280 msiserver - ok
17:55:21.0688 5280 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:55:21.0688 5280 MSKSSRV - ok
17:55:21.0750 5280 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:55:21.0750 5280 MSPCLOCK - ok
17:55:21.0766 5280 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:55:21.0766 5280 MSPQM - ok
17:55:21.0797 5280 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
17:55:21.0813 5280 MsRPC - ok
17:55:21.0828 5280 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
17:55:21.0828 5280 mssmbios - ok
17:55:21.0860 5280 MSTAPE (966ec55988d580b9823c453781309450) C:\Windows\system32\DRIVERS\mstape.sys
17:55:21.0875 5280 MSTAPE - ok
17:55:21.0875 5280 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:55:21.0891 5280 MSTEE - ok
17:55:21.0906 5280 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:55:21.0906 5280 MTConfig - ok
17:55:21.0922 5280 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:55:21.0922 5280 Mup - ok
17:55:21.0953 5280 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
17:55:21.0953 5280 napagent - ok
17:55:21.0984 5280 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:55:21.0984 5280 NativeWifiP - ok
17:55:22.0031 5280 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
17:55:22.0047 5280 NDIS - ok
17:55:22.0078 5280 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:55:22.0078 5280 NdisCap - ok
17:55:22.0094 5280 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:55:22.0094 5280 NdisTapi - ok
17:55:22.0109 5280 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
17:55:22.0109 5280 Ndisuio - ok
17:55:22.0109 5280 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
17:55:22.0109 5280 NdisWan - ok
17:55:22.0125 5280 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
17:55:22.0125 5280 NDProxy - ok
17:55:22.0125 5280 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:55:22.0125 5280 NetBIOS - ok
17:55:22.0140 5280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
17:55:22.0140 5280 NetBT - ok
17:55:22.0172 5280 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:55:22.0172 5280 Netlogon - ok
17:55:22.0187 5280 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:55:22.0203 5280 Netman - ok
17:55:22.0203 5280 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:55:22.0218 5280 netprofm - ok
17:55:22.0265 5280 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:55:22.0265 5280 NetTcpPortSharing - ok
17:55:22.0281 5280 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:55:22.0296 5280 nfrd960 - ok
17:55:22.0312 5280 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
17:55:22.0328 5280 NlaSvc - ok
17:55:22.0328 5280 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:55:22.0328 5280 Npfs - ok
17:55:22.0359 5280 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:55:22.0359 5280 nsi - ok
17:55:22.0359 5280 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:55:22.0359 5280 nsiproxy - ok
17:55:22.0452 5280 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
17:55:22.0468 5280 Ntfs - ok
17:55:22.0515 5280 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:55:22.0515 5280 Null - ok
17:55:22.0577 5280 NvnUsbAudio (f579fc56fa6a210f0b5ced586c776d52) C:\Windows\system32\DRIVERS\nvnusbaudio.sys
17:55:22.0577 5280 NvnUsbAudio - ok
17:55:22.0624 5280 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
17:55:22.0624 5280 nvraid - ok
17:55:22.0640 5280 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
17:55:22.0655 5280 nvstor - ok
17:55:22.0671 5280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
17:55:22.0671 5280 nv_agp - ok
17:55:22.0671 5280 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
17:55:22.0671 5280 ohci1394 - ok
17:55:22.0702 5280 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:55:22.0702 5280 p2pimsvc - ok
17:55:22.0718 5280 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:55:22.0733 5280 p2psvc - ok
17:55:22.0842 5280 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
17:55:22.0842 5280 PACSPTISVR - ok
17:55:22.0858 5280 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:55:22.0858 5280 Parport - ok
17:55:22.0905 5280 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
17:55:22.0905 5280 partmgr - ok
17:55:22.0905 5280 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:55:22.0920 5280 PcaSvc - ok
17:55:22.0920 5280 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
17:55:22.0936 5280 pci - ok
17:55:22.0952 5280 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
17:55:22.0952 5280 pciide - ok
17:55:22.0952 5280 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:55:22.0967 5280 pcmcia - ok
17:55:22.0967 5280 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:55:22.0967 5280 pcw - ok
17:55:22.0998 5280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:55:22.0998 5280 PEAUTH - ok
17:55:23.0061 5280 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:55:23.0061 5280 PerfHost - ok
17:55:23.0232 5280 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
17:55:23.0248 5280 pla - ok
17:55:23.0310 5280 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
17:55:23.0310 5280 PlugPlay - ok
17:55:23.0326 5280 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:55:23.0326 5280 PNRPAutoReg - ok
17:55:23.0342 5280 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:55:23.0342 5280 PNRPsvc - ok
17:55:23.0373 5280 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
17:55:23.0373 5280 PolicyAgent - ok
17:55:23.0388 5280 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:55:23.0388 5280 Power - ok
17:55:23.0435 5280 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
17:55:23.0435 5280 PptpMiniport - ok
17:55:23.0482 5280 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:55:23.0482 5280 Processor - ok
17:55:23.0529 5280 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
17:55:23.0529 5280 ProfSvc - ok
17:55:23.0576 5280 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:55:23.0576 5280 ProtectedStorage - ok
17:55:23.0607 5280 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
17:55:23.0607 5280 Psched - ok
17:55:23.0654 5280 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
17:55:23.0654 5280 PxHlpa64 - ok
17:55:23.0700 5280 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:55:23.0732 5280 ql2300 - ok
17:55:23.0794 5280 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:55:23.0794 5280 ql40xx - ok
17:55:23.0841 5280 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:55:23.0856 5280 QWAVE - ok
17:55:23.0856 5280 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:55:23.0872 5280 QWAVEdrv - ok
17:55:23.0888 5280 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:55:23.0888 5280 RasAcd - ok
17:55:23.0919 5280 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:55:23.0919 5280 RasAgileVpn - ok
17:55:23.0950 5280 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:55:23.0950 5280 RasAuto - ok
17:55:23.0966 5280 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:55:23.0966 5280 Rasl2tp - ok
17:55:23.0997 5280 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
17:55:23.0997 5280 RasMan - ok
17:55:24.0012 5280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:55:24.0012 5280 RasPppoe - ok
17:55:24.0012 5280 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:55:24.0012 5280 RasSstp - ok
17:55:24.0028 5280 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
17:55:24.0044 5280 rdbss - ok
17:55:24.0059 5280 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:55:24.0059 5280 rdpbus - ok
17:55:24.0075 5280 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:55:24.0075 5280 RDPCDD - ok
17:55:24.0090 5280 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:55:24.0090 5280 RDPENCDD - ok
17:55:24.0106 5280 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:55:24.0106 5280 RDPREFMP - ok
17:55:24.0137 5280 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
17:55:24.0153 5280 RDPWD - ok
17:55:24.0153 5280 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
17:55:24.0168 5280 rdyboost - ok
17:55:24.0184 5280 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:55:24.0184 5280 RemoteAccess - ok
17:55:24.0200 5280 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:55:24.0200 5280 RemoteRegistry - ok
17:55:24.0215 5280 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:55:24.0215 5280 RpcEptMapper - ok
17:55:24.0215 5280 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:55:24.0215 5280 RpcLocator - ok
17:55:24.0231 5280 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
17:55:24.0246 5280 RpcSs - ok
17:55:24.0246 5280 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:55:24.0246 5280 rspndr - ok
17:55:24.0309 5280 RTL8167 (fe61b0b4aa58c3bd3dfa6279131f7f53) C:\Windows\system32\DRIVERS\Rt64win7.sys
17:55:24.0309 5280 RTL8167 - ok
17:55:24.0324 5280 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:55:24.0324 5280 SamSs - ok
17:55:24.0356 5280 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
17:55:24.0356 5280 sbp2port - ok
17:55:24.0371 5280 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:55:24.0371 5280 SCardSvr - ok
17:55:24.0387 5280 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
17:55:24.0387 5280 scfilter - ok
17:55:24.0449 5280 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
17:55:24.0449 5280 Schedule - ok
17:55:24.0465 5280 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
17:55:24.0465 5280 SCPolicySvc - ok
17:55:24.0480 5280 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
17:55:24.0480 5280 SDRSVC - ok
17:55:24.0496 5280 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:55:24.0496 5280 secdrv - ok
17:55:24.0512 5280 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
17:55:24.0512 5280 seclogon - ok
17:55:24.0527 5280 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
17:55:24.0527 5280 SENS - ok
17:55:24.0543 5280 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:55:24.0543 5280 SensrSvc - ok
17:55:24.0558 5280 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:55:24.0558 5280 Serenum - ok
17:55:24.0574 5280 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:55:24.0590 5280 Serial - ok
17:55:24.0590 5280 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:55:24.0590 5280 sermouse - ok
17:55:24.0605 5280 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
17:55:24.0605 5280 SessionEnv - ok
17:55:24.0605 5280 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:55:24.0605 5280 sffdisk - ok
17:55:24.0621 5280 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:55:24.0621 5280 sffp_mmc - ok
17:55:24.0621 5280 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:55:24.0621 5280 sffp_sd - ok
17:55:24.0621 5280 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:55:24.0621 5280 sfloppy - ok
17:55:24.0668 5280 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:55:24.0668 5280 SharedAccess - ok
17:55:24.0699 5280 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
17:55:24.0699 5280 ShellHWDetection - ok
17:55:24.0730 5280 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:55:24.0730 5280 SiSRaid2 - ok
17:55:24.0730 5280 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:55:24.0730 5280 SiSRaid4 - ok
17:55:24.0808 5280 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:55:24.0808 5280 SkypeUpdate - ok
17:55:24.0839 5280 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:55:24.0839 5280 Smb - ok
17:55:24.0855 5280 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:55:24.0855 5280 SNMPTRAP - ok
17:55:24.0948 5280 SonicStage Back-End Service (977aaa4398d7d6fa65d973f5b3f54e40) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
17:55:24.0964 5280 SonicStage Back-End Service - ok
17:55:25.0042 5280 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
17:55:25.0042 5280 Sony SCSI Helper Service - ok
17:55:25.0058 5280 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:55:25.0058 5280 spldr - ok
17:55:25.0120 5280 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
17:55:25.0120 5280 Spooler - ok
17:55:25.0214 5280 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
17:55:25.0245 5280 sppsvc - ok
17:55:25.0292 5280 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:55:25.0307 5280 sppuinotify - ok
17:55:25.0354 5280 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
17:55:25.0354 5280 SPTISRV - ok
17:55:25.0401 5280 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
17:55:25.0401 5280 srv - ok
17:55:25.0432 5280 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
17:55:25.0432 5280 srv2 - ok
17:55:25.0479 5280 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
17:55:25.0479 5280 srvnet - ok
17:55:25.0494 5280 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:55:25.0494 5280 SSDPSRV - ok
17:55:25.0526 5280 SSScsiSV (756e371b3b86a3d3039926d32eac0e8d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
17:55:25.0526 5280 SSScsiSV - ok
17:55:25.0541 5280 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:55:25.0541 5280 SstpSvc - ok
17:55:25.0572 5280 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:55:25.0572 5280 stexstor - ok
17:55:25.0619 5280 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
17:55:25.0635 5280 stisvc - ok
17:55:25.0666 5280 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
17:55:25.0666 5280 swenum - ok
17:55:25.0697 5280 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:55:25.0697 5280 swprv - ok
17:55:25.0760 5280 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
17:55:25.0791 5280 SysMain - ok
17:55:25.0853 5280 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
17:55:25.0853 5280 TabletInputService - ok
17:55:25.0869 5280 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
17:55:25.0869 5280 TapiSrv - ok
17:55:25.0884 5280 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:55:25.0884 5280 TBS - ok
17:55:25.0994 5280 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
17:55:26.0009 5280 Tcpip - ok
17:55:26.0134 5280 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
17:55:26.0150 5280 TCPIP6 - ok
17:55:26.0181 5280 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
17:55:26.0181 5280 tcpipreg - ok
17:55:26.0196 5280 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:55:26.0196 5280 TDPIPE - ok
17:55:26.0228 5280 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
17:55:26.0243 5280 TDTCP - ok
17:55:26.0259 5280 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
17:55:26.0259 5280 tdx - ok
17:55:26.0274 5280 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
17:55:26.0274 5280 TermDD - ok
17:55:26.0290 5280 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
17:55:26.0306 5280 TermService - ok
17:55:26.0321 5280 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:55:26.0321 5280 Themes - ok
17:55:26.0337 5280 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:55:26.0337 5280 THREADORDER - ok
17:55:26.0384 5280 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
17:55:26.0384 5280 tmactmon - ok
17:55:26.0430 5280 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
17:55:26.0446 5280 tmcomm - ok
17:55:26.0462 5280 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
17:55:26.0462 5280 tmevtmgr - ok
17:55:26.0493 5280 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
17:55:26.0493 5280 tmtdi - ok
17:55:26.0508 5280 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:55:26.0508 5280 TrkWks - ok
17:55:26.0540 5280 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
17:55:26.0540 5280 TrustedInstaller - ok
17:55:26.0555 5280 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:55:26.0555 5280 tssecsrv - ok
17:55:26.0586 5280 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
17:55:26.0586 5280 tunnel - ok
17:55:26.0602 5280 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:55:26.0602 5280 uagp35 - ok
17:55:26.0618 5280 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
17:55:26.0633 5280 udfs - ok
17:55:26.0649 5280 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:55:26.0649 5280 UI0Detect - ok
17:55:26.0664 5280 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
17:55:26.0664 5280 uliagpkx - ok
17:55:26.0664 5280 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
17:55:26.0664 5280 umbus - ok
17:55:26.0680 5280 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:55:26.0696 5280 UmPass - ok
17:55:26.0711 5280 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:55:26.0711 5280 upnphost - ok
17:55:26.0758 5280 usbbus (c85b8247fadd432fa54fe11667c8d97d) C:\Windows\system32\DRIVERS\lgx64bus.sys
17:55:26.0758 5280 usbbus - ok
17:55:26.0789 5280 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
17:55:26.0789 5280 usbccgp - ok
17:55:26.0820 5280 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
17:55:26.0820 5280 usbcir - ok
17:55:26.0852 5280 UsbDiag (d8cdc12f5429878f23ddb3785a0fdf95) C:\Windows\system32\DRIVERS\lgx64diag.sys
17:55:26.0852 5280 UsbDiag - ok
17:55:26.0867 5280 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
17:55:26.0883 5280 usbehci - ok
17:55:26.0898 5280 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
17:55:26.0898 5280 usbfilter - ok
17:55:26.0914 5280 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
17:55:26.0914 5280 usbhub - ok
17:55:27.0039 5280 USBMIDIAudioDevMon (8d557006bb327c29cdd6a01ba49e0e4e) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
17:55:27.0054 5280 USBMIDIAudioDevMon - ok
17:55:27.0148 5280 USBModem (79fa7a22b0f6f0082f640cbc82a00fce) C:\Windows\system32\DRIVERS\lgx64modem.sys
17:55:27.0148 5280 USBModem - ok
17:55:27.0164 5280 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
17:55:27.0164 5280 usbohci - ok
17:55:27.0195 5280 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:55:27.0195 5280 usbprint - ok
17:55:27.0242 5280 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:55:27.0242 5280 usbscan - ok
17:55:27.0257 5280 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:55:27.0257 5280 USBSTOR - ok
17:55:27.0273 5280 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
17:55:27.0288 5280 usbuhci - ok
17:55:27.0304 5280 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:55:27.0320 5280 UxSms - ok
17:55:27.0351 5280 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
17:55:27.0351 5280 VaultSvc - ok
17:55:27.0366 5280 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
17:55:27.0366 5280 vdrvroot - ok
17:55:27.0398 5280 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
17:55:27.0398 5280 vds - ok
17:55:27.0413 5280 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:55:27.0413 5280 vga - ok
17:55:27.0429 5280 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:55:27.0429 5280 VgaSave - ok
17:55:27.0444 5280 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
17:55:27.0444 5280 vhdmp - ok
17:55:27.0460 5280 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
17:55:27.0460 5280 viaide - ok
17:55:27.0476 5280 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
17:55:27.0476 5280 volmgr - ok
17:55:27.0491 5280 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
17:55:27.0491 5280 volmgrx - ok
17:55:27.0507 5280 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
17:55:27.0507 5280 volsnap - ok
17:55:27.0538 5280 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:55:27.0538 5280 vsmraid - ok
17:55:27.0632 5280 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
17:55:27.0663 5280 VSS - ok
17:55:27.0725 5280 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:55:27.0725 5280 vwifibus - ok
17:55:27.0741 5280 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:55:27.0741 5280 vwififlt - ok
17:55:27.0772 5280 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:55:27.0772 5280 vwifimp - ok
17:55:27.0788 5280 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:55:27.0788 5280 W32Time - ok
17:55:27.0803 5280 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:55:27.0803 5280 WacomPen - ok
17:55:27.0819 5280 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:55:27.0819 5280 WANARP - ok
17:55:27.0819 5280 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
17:55:27.0819 5280 Wanarpv6 - ok
17:55:27.0897 5280 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:55:27.0912 5280 WatAdminSvc - ok
17:55:27.0959 5280 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
17:55:28.0006 5280 wbengine - ok
17:55:28.0037 5280 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:55:28.0037 5280 WbioSrvc - ok
17:55:28.0068 5280 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
17:55:28.0084 5280 wcncsvc - ok
17:55:28.0115 5280 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:55:28.0162 5280 WcsPlugInService - ok
17:55:28.0318 5280 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:55:28.0318 5280 Wd - ok
17:55:28.0365 5280 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:55:28.0380 5280 Wdf01000 - ok
17:55:28.0396 5280 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:55:28.0412 5280 WdiServiceHost - ok
17:55:28.0412 5280 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:55:28.0412 5280 WdiSystemHost - ok
17:55:28.0474 5280 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
17:55:28.0490 5280 WebClient - ok
17:55:28.0505 5280 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:55:28.0505 5280 Wecsvc - ok
17:55:28.0521 5280 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:55:28.0521 5280 wercplsupport - ok
17:55:28.0552 5280 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:55:28.0552 5280 WerSvc - ok
17:55:28.0568 5280 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:55:28.0568 5280 WfpLwf - ok
17:55:28.0599 5280 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:55:28.0599 5280 WIMMount - ok
17:55:28.0630 5280 WinDefend - ok
17:55:28.0630 5280 WinHttpAutoProxySvc - ok
17:55:28.0677 5280 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:55:28.0692 5280 Winmgmt - ok
17:55:28.0739 5280 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
17:55:28.0770 5280 WinRM - ok
17:55:28.0880 5280 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
17:55:28.0880 5280 WinUsb - ok
17:55:28.0911 5280 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:55:28.0926 5280 Wlansvc - ok
17:55:28.0942 5280 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:55:28.0942 5280 WmiAcpi - ok
17:55:28.0973 5280 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:55:28.0973 5280 wmiApSrv - ok
17:55:28.0989 5280 WMPNetworkSvc - ok
17:55:29.0004 5280 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:55:29.0004 5280 WPCSvc - ok
17:55:29.0020 5280 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
17:55:29.0036 5280 WPDBusEnum - ok
17:55:29.0051 5280 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:55:29.0051 5280 ws2ifsl - ok
17:55:29.0082 5280 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
17:55:29.0082 5280 wscsvc - ok
17:55:29.0082 5280 WSearch - ok
17:55:29.0192 5280 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:55:29.0238 5280 wuauserv - ok
17:55:29.0285 5280 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
17:55:29.0285 5280 WudfPf - ok
17:55:29.0316 5280 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:55:29.0316 5280 WUDFRd - ok
17:55:29.0332 5280 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
17:55:29.0332 5280 wudfsvc - ok
17:55:29.0348 5280 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:55:29.0348 5280 WwanSvc - ok
17:55:29.0379 5280 MBR (0x1B8) (ab41132cf4a01ee9820cbc6bacf6825c) \Device\Harddisk0\DR0
17:55:29.0535 5280 \Device\Harddisk0\DR0 - ok
17:55:29.0535 5280 Boot (0x1200) (a013c8c8a237c066551f7f18c44a6d80) \Device\Harddisk0\DR0\Partition0
17:55:29.0535 5280 \Device\Harddisk0\DR0\Partition0 - ok
17:55:29.0550 5280 Boot (0x1200) (08c3a798ea715d5b9aa3dd26a0e6b1d7) \Device\Harddisk0\DR0\Partition1
17:55:29.0550 5280 \Device\Harddisk0\DR0\Partition1 - ok
17:55:29.0566 5280 Boot (0x1200) (08ad36806746015597b068433d07d28c) \Device\Harddisk0\DR0\Partition2
17:55:29.0582 5280 \Device\Harddisk0\DR0\Partition2 - ok
17:55:29.0582 5280 ============================================================
17:55:29.0582 5280 Scan finished
17:55:29.0582 5280 ============================================================
17:55:29.0582 3484 Detected object count: 0
17:55:29.0582 3484 Actual detected object count: 0


And here are the results of the aswMBR scan:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 17:57:33
-----------------------------
17:57:33.746 OS Version: Windows x64 6.1.7600
17:57:33.746 Number of processors: 4 586 0x402
17:57:33.746 ComputerName: OX-AV-PC UserName: Ox-AV
17:57:35.062 Initialize success
17:58:31.058 AVAST engine defs: 12080501
17:58:35.644 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
17:58:35.644 Disk 0 Vendor: Seagate_ HP22 Size: 715404MB BusType: 8
17:58:35.660 Disk 0 MBR read successfully
17:58:35.660 Disk 0 MBR scan
17:58:35.675 Disk 0 unknown MBR code
17:58:35.691 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 98 MB offset 2048
17:58:35.706 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702663 MB offset 208845
17:58:35.738 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12637 MB offset 1439264768
17:58:35.784 Disk 0 scanning C:\Windows\system32\drivers
17:58:46.470 Service scanning
17:59:05.346 Modules scanning
17:59:05.362 Disk 0 trace - called modules:
17:59:05.378 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll ahcix64s.sys
17:59:05.378 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007d84060]
17:59:05.378 3 CLASSPNP.SYS[fffff8800103b43f] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80074fd9c0]
17:59:08.607 AVAST engine scan C:\Windows
17:59:10.978 AVAST engine scan C:\Windows\system32
18:01:53.684 AVAST engine scan C:\Windows\system32\drivers
18:02:07.958 AVAST engine scan C:\Users\Ox-AV
18:16:31.912 AVAST engine scan C:\ProgramData
18:17:47.898 Scan finished successfully
18:22:30.933 Disk 0 MBR has been saved successfully to "C:\Users\Ox-AV\Desktop\MBR.dat"
18:22:30.933 The log file has been saved successfully to "C:\Users\Ox-AV\Desktop\aswMBR.txt"


Thank you so much for your help Gringo!

Pete

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 05 August 2012 - 05:40 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 06 August 2012 - 07:48 AM

Here are the contents of the OTL.txt log.

OTL logfile created on: 8/6/2012 8:43:37 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Ox-AV\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.74 Gb Available Physical Memory | 71.84% Memory free
15.98 Gb Paging File | 12.70 Gb Available in Paging File | 79.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 686.19 Gb Total Space | 251.83 Gb Free Space | 36.70% Space Free | Partition Type: NTFS
Drive D: | 12.34 Gb Total Space | 2.22 Gb Free Space | 18.00% Space Free | Partition Type: NTFS

Computer Name: OX-AV-PC | User Name: Ox-AV | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ox-AV\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe (M-Audio)
PRC - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-3191161147-1020103038-1933301316-1000\MSPRindiv01.key ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\WinRAR\RarExt32.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\connectionDetector.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\fsk.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskNetInterface.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\FskTimeHardware.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ticket.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskinLocalize.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskPower.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskDocumentViewer.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskMobileMediaDevice.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\Fskin.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskMediaPlayers.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\USBDetector.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\FskSecurity.dll ()
MOD - C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\ebookUsb.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony SCSI Helper Service) -- C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (MIDISPORTAudioDevMon) -- C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe (M-Audio)
SRV - (USBMIDIAudioDevMon) -- C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe (M-Audio)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
SRV - (SSScsiSV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (MAUSBMIDI) -- C:\Windows\SysNative\drivers\MAudioUSBMIDI.sys (M-Audio)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (NvnUsbAudio) -- C:\Windows\SysNative\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (AVCSTRM) -- C:\Windows\SysNative\drivers\avcstrm.sys (Microsoft Corporation)
DRV:64bit: - (MSTAPE) -- C:\Windows\SysNative\drivers\mstape.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
IE:64bit: - HKLM\..\SearchScopes\{2EE5CA33-7F7B-4907-A662-BAEBBF574746}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
IE - HKLM\..\SearchScopes\{2EE5CA33-7F7B-4907-A662-BAEBBF574746}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\..\SearchScopes,DefaultScope = {2EE5CA33-7F7B-4907-A662-BAEBBF574746}
IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\..\SearchScopes\{2EE5CA33-7F7B-4907-A662-BAEBBF574746}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ox-AV\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/09 21:32:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/02 11:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{38783831-6098-4faa-A9C9-1EE1E343F4D2}: C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\firefoxextension [2012/08/03 22:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2012/08/03 23:00:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 22:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 22:05:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/02 23:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Extensions
[2011/12/02 23:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2012/08/03 19:38:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions
[2012/07/16 18:26:59 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
[2012/07/31 22:05:46 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/07/16 18:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\extensionManager
[2012/05/14 22:28:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/11/29 09:26:48 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG
[2012/07/31 22:05:43 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/17 20:38:14 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 20:38:14 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/05 14:38:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Ox-AV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AB8A416-2DE0-4DC5-97A9-007FBD28221D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6974D860-D8A9-4F74-9BB9-40E166DBEBB2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/06 08:42:45 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ox-AV\Desktop\OTL.exe
[2012/08/05 17:55:40 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ox-AV\Desktop\aswMBR.exe
[2012/08/05 17:54:41 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ox-AV\Desktop\tdsskiller.exe
[2012/08/05 14:29:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 14:29:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 14:29:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 14:29:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 14:29:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/04 21:20:54 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\Ox-AV\Desktop\ComboFix.exe
[2012/08/03 23:00:05 | 000,000,000 | ---D | C] -- C:\temp
[2012/08/03 19:48:42 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\AppData\Local\Trend Micro
[2012/08/03 19:48:36 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Internet Security 2012
[2012/08/03 19:47:49 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2012/08/03 19:47:40 | 000,167,696 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2012/08/03 19:47:40 | 000,091,920 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2012/08/03 19:47:40 | 000,070,928 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2012/08/03 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/08/03 19:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2012/07/31 20:21:20 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\Desktop\gmer
[2012/07/21 10:23:59 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\Documents\Encore DVDS
[2012/07/18 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\AppData\Roaming\PDFlite
[2012/07/18 19:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFlite
[2012/07/18 19:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFlite
[2012/07/18 19:40:58 | 000,000,000 | ---D | C] -- C:\Users\Ox-AV\AppData\Local\Giant Savings
[2012/07/18 19:40:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Giant Savings
[2012/07/12 03:01:00 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:01:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:00:59 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:00:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:00:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:00:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:00:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:00:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:00:55 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:00:54 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:00:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:00:54 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:00:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 08:58:04 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/08/06 08:42:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ox-AV\Desktop\OTL.exe
[2012/08/06 08:42:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/06 08:42:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/05 18:22:30 | 000,000,512 | ---- | M] () -- C:\Users\Ox-AV\Desktop\MBR.dat
[2012/08/05 17:56:05 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ox-AV\Desktop\aswMBR.exe
[2012/08/05 17:54:42 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ox-AV\Desktop\tdsskiller.exe
[2012/08/05 14:47:34 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 14:47:34 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/05 14:38:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/05 14:38:00 | 2141,106,175 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 21:21:00 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\Ox-AV\Desktop\ComboFix.exe
[2012/08/04 21:20:29 | 000,881,494 | ---- | M] () -- C:\Users\Ox-AV\Desktop\SecurityCheck.exe
[2012/08/03 19:48:40 | 000,001,447 | ---- | M] () -- C:\Users\Ox-AV\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/08/03 19:47:39 | 000,743,538 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/03 19:47:39 | 000,635,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/03 19:47:39 | 000,110,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/03 19:43:56 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/03 19:43:40 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/03 19:36:12 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOx-AV.job
[2012/08/03 13:10:08 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/03 13:10:08 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/31 20:16:53 | 000,000,000 | ---- | M] () -- C:\Users\Ox-AV\defogger_reenable
[2012/07/31 18:52:55 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2012/07/27 18:40:26 | 000,273,642 | ---- | M] () -- C:\Users\Ox-AV\Documents\WPUNJ Enrollment.png
[2012/07/24 23:44:20 | 000,143,929 | ---- | M] () -- C:\Users\Ox-AV\Documents\anj13.pdf
[2012/07/24 11:19:01 | 000,004,536 | ---- | M] () -- C:\Users\Ox-AV\AppData\Roaming\wklnhst.dat
[2012/07/18 19:43:58 | 000,005,936 | ---- | M] () -- C:\Users\Ox-AV\Documents\Charuza_Peter.pdf
[2012/07/12 03:20:14 | 002,948,304 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 19:58:32 | 013,475,353 | ---- | M] () -- C:\Users\Ox-AV\Documents\crimson.ncor

========== Files Created - No Company Name ==========

[2012/08/05 18:22:30 | 000,000,512 | ---- | C] () -- C:\Users\Ox-AV\Desktop\MBR.dat
[2012/08/05 14:29:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 14:29:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 14:29:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 14:29:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 14:29:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/04 21:20:29 | 000,881,494 | ---- | C] () -- C:\Users\Ox-AV\Desktop\SecurityCheck.exe
[2012/08/03 19:48:36 | 000,001,447 | ---- | C] () -- C:\Users\Ox-AV\Desktop\Trend Micro Titanium Internet Security 2012.lnk
[2012/08/03 19:43:56 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2012/08/03 19:43:40 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/31 20:16:53 | 000,000,000 | ---- | C] () -- C:\Users\Ox-AV\defogger_reenable
[2012/07/27 18:40:26 | 000,273,642 | ---- | C] () -- C:\Users\Ox-AV\Documents\WPUNJ Enrollment.png
[2012/07/24 23:44:20 | 000,143,929 | ---- | C] () -- C:\Users\Ox-AV\Documents\anj13.pdf
[2012/07/18 19:43:57 | 000,005,936 | ---- | C] () -- C:\Users\Ox-AV\Documents\Charuza_Peter.pdf
[2012/07/18 19:40:59 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\redmonnt.dll
[2012/07/18 19:40:59 | 000,046,080 | ---- | C] () -- C:\Windows\SysNative\unredmon.exe
[2012/06/30 22:23:04 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/03/25 15:18:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/03/25 15:18:04 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/01/09 18:07:45 | 000,004,536 | ---- | C] () -- C:\Users\Ox-AV\AppData\Roaming\wklnhst.dat
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 06 August 2012 - 01:08 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE:64bit: - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    IE - HKU\S-1-5-21-3191161147-1020103038-1933301316-1000\..\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
    [2012/07/16 18:26:59 | 000,000,000 | ---D | M] (ShopToWin9) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}
    [2012/07/31 22:05:46 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/16 18:26:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\extensionManager
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 06 August 2012 - 07:09 PM

Hi Gringo, The computer seems to be moving much better. My links arn't getting redirected in Google on any of my browsers. It seems stable. I did a few checks of problems that I used to have and it all appears to be normal now.




========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ not found.
Registry key HKEY_USERS\S-1-5-21-3191161147-1020103038-1933301316-1000\Software\Microsoft\Internet Explorer\SearchScopes\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{806F0701-B745-42F0-90BC-8A4C736C0D85}\ not found.
Prefs.js: emoticons-msn-smileys@m513901.de:0.1 removed from extensions.enabledItems
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\META-INF folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\skin folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\locale folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\modules\core\session folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\modules\core folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\modules folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\voicebox\validators folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\voicebox\actions folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\voicebox folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\utils\crypto folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\utils\compression folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\utils folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\substitution\settings folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\substitution\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\substitution folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\settings folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\session\settings folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\session folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\overlay\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\overlay folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\monitoring folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\externalJS\utils folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\externalJS\providers folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\externalJS\parser folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\externalJS\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\externalJS folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\extensionManager folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\exceptions folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\diagnostic\testclick folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\diagnostic\statistic folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\diagnostic\pingModule folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\diagnostic\eventSending folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\diagnostic folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\utils folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\reporters folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\piirules\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\piirules folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\eventsending folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\epochtime\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\epochtime folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\dispatchers\killswitch folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\dispatchers\deadmen folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\dispatchers folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\dcaservice\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\dcaservice folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\cookies folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\clicksending\processors folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\clicksending\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\clicksending folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\ajax\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca\ajax folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\dca folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\cookies folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\storage folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\providers folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\listeners folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\downloaders folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\dispatchers folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching\config folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\caching folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\bus folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\xhr folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\windows folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\web folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\utils\compression folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\utils folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\tabs folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\storage\preferences folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\storage\file folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\storage folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\notifications folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\logging\appenders folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\logging folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\cookies folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\content folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces\addon folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\interfaces folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\xhr folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\windows folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\web folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\utils\compression folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\utils folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\tabs folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\storage\session folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\storage\registry folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\storage\preferences folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\storage\file folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\storage folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\notifications folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\logging\appenders folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\logging folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\cookies folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\content folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox\addon folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba\firefox folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\cba folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66} folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Folder C:\Users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\extensions\{46d606b0-a645-11df-981c-0800200c9a66}\chrome\content\dca\core\extensionManager\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ox-AV\Desktop\cmd.bat deleted successfully.
C:\Users\Ox-AV\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Ox-AV

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ox-AV
->Flash cache emptied: 8257292 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08062012_200320

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 06 August 2012 - 09:24 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 07 August 2012 - 08:08 AM

The computer restarted while running combo fix. I did a few tests now before work and I see my software is booting up faster than ever. Premiere CS4 loads up the quickest I've seen it in a long time, Same with Photoshop.

Everything seems to be great, I'll keep at it and report if I see any concerns later this evening.


Heres the combofix log:

ComboFix 12-08-07.02 - Ox-AV 08/07/2012 8:54.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8184.6535 [GMT -4:00]
Running from: c:\users\Ox-AV\Desktop\ComboFix.exe
Command switches used :: c:\users\Ox-AV\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ox-AV\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 12:58 . 2012-08-07 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 00:03 . 2012-08-07 00:03 -------- d-----w- C:\_OTL
2012-08-04 03:00 . 2012-08-04 03:00 -------- d-----w- C:\temp
2012-08-03 23:48 . 2012-08-03 23:48 -------- d-----w- c:\users\Ox-AV\AppData\Local\Trend Micro
2012-08-03 23:47 . 2011-08-02 20:45 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-08-03 23:47 . 2011-07-12 11:13 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-08-03 23:47 . 2011-07-12 11:13 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-08-03 23:47 . 2011-07-12 11:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-03 23:43 . 2012-08-03 23:43 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-08-03 23:40 . 2012-08-03 23:42 -------- d-----w- c:\program files\Trend Micro
2012-08-03 23:39 . 2012-08-04 03:00 -------- d-----w- c:\programdata\Trend Micro
2012-08-03 17:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DDFFB5D-3184-4F3A-85FB-3F7297F45AE4}\mpengine.dll
2012-07-18 23:41 . 2012-07-19 00:06 -------- d-----w- c:\users\Ox-AV\AppData\Roaming\PDFlite
2012-07-18 23:40 . 2005-03-12 00:07 87040 ----a-w- c:\windows\system32\redmonnt.dll
2012-07-18 23:40 . 2005-03-12 00:07 46080 ----a-w- c:\windows\system32\unredmon.exe
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\program files (x86)\PDFlite
2012-07-18 23:40 . 2012-07-18 23:40 -------- d-----w- c:\users\Ox-AV\AppData\Local\Giant Savings
2012-07-18 23:40 . 2012-07-18 23:41 -------- d-----w- c:\program files (x86)\Giant Savings
2012-07-12 07:02 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 07:01 . 2012-06-02 11:57 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-07-12 07:01 . 2012-06-02 11:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-12 07:01 . 2012-06-02 08:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-07-11 12:58 . 2012-06-06 05:50 1880064 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 17:10 . 2012-05-17 12:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 17:10 . 2011-11-24 04:16 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-26 04:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 04:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-26 04:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 04:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 04:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-26 04:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-26 04:36 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 04:35 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-26 04:35 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 15:37 . 2009-07-24 04:46 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-05-31 16:25 . 2011-11-10 01:24 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_18.38.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-11 01:22 . 2012-08-07 13:03 39132 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-07 13:03 27958 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:46 . 2012-08-05 18:43 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-10 01:07 . 2012-08-07 13:03 8910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3191161147-1020103038-1933301316-1000_UserData.bin
- 2012-08-05 18:38 . 2012-08-05 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 12:59 . 2012-08-07 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 12:59 . 2012-08-07 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-05 18:38 . 2012-08-05 18:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-09 15:57 . 2012-08-07 12:45 346022 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 05:01 . 2012-08-07 12:58 379724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-05 18:37 379724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-07-12 07:22 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-08-05 18:42 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2012-03-10 01:22 . 2012-08-05 18:37 6708924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3191161147-1020103038-1933301316-1000-4096.dat
+ 2012-03-10 01:22 . 2012-08-07 12:58 6708924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3191161147-1020103038-1933301316-1000-4096.dat
- 2009-07-14 02:34 . 2012-08-04 15:07 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-07 12:55 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-11-10 00:54 . 2012-08-07 12:58 26351564 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3191161147-1020103038-1933301316-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-06-20 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-11-10 611712]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2011-11-23 892928]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-15 636032]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-02 296056]
.
c:\users\Ox-AV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2011-11-10 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-11-09 1038088]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-01 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-24 1255736]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-12 70928]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-15 361984]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 NvnUsbAudio;Novation USB Audio Driver;c:\windows\system32\DRIVERS\nvnusbaudio.sys [2009-08-10 47616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-10-23 291328]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 17:10]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForOx-AV.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-11-11 22:38]
.
2012-07-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Ox-AV\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ox-AV\AppData\Roaming\Mozilla\Firefox\Profiles\1chcjiw5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.visualproducts.com/storeProductDetail02.asp?productID=1120&Cat=2&Cat2=14#bigPic
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files (x86)\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2012-08-07 09:06:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 13:06
ComboFix2.txt 2012-08-05 18:44
.
Pre-Run: 270,098,407,424 bytes free
Post-Run: 269,799,079,936 bytes free
.
- - End Of File - - 6BB734FE92C39DC4F577E409D2B382DB



Thanks!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 07 August 2012 - 04:27 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 07 August 2012 - 07:49 PM

The computer is running faster than ever. I did have Mozilla Crash on me once which was unusual but after I closed it out and reopened it, it has since functioned normally.

Thanks


4Front Rhode 1.0 VSTi
AC3Filter 1.63b
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Template Projects & Footage
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 4 Production Premium
Adobe CS4 American English Speech Analysis Models
Adobe CS4 French Speech Analysis Models
Adobe CS4 German Speech Analysis Models
Adobe CS4 International English Speech Analysis Models
Adobe CS4 Italian Speech Analysis Models
Adobe CS4 Japanese Speech Analysis Models
Adobe CS4 Korean Speech Analysis Models
Adobe CS4 Spanish Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Belkin Setup and Router Monitor
Canon MP Navigator EX 3.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Celtx (2.9.1)
Compatibility Pack for the 2007 Office system
Connect
CyberLink DVD Suite Deluxe
Data Transfer Software
DirectX for Managed Code Update (Summer 2004)
Dirk's Guitar Tuner V3.3 Trial
DivX Setup
Dropbox
Giant Savings
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
kuler
LabelPrint
LG United Mobile Driver
LightScribe System Software
Live 8.0.6
Live 8.2.8
Magic DVD Ripper V5.4.2
Microsoft Live Search Toolbar
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Monome Serial 0.2.1.5
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PDF Settings CS4
PDFlite 0.7
Photoshop Camera Raw
PictureMover
Pixel Bender Toolkit
Power2Go
PowerDirector
PowerRecover
QuickTime
RAIDXpert
Reader for PC
Reader Library by Sony
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.9
SonicStage 4.3
Suite Shared Configuration CS4
SureThing CD Labeler Deluxe Trial
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VideoLAN VLC media player 0.8.6f

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:13 PM

Posted 07 August 2012 - 07:55 PM

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MotoPete

MotoPete
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 08 August 2012 - 06:02 PM

The computer is running great still, no issues noticed.

Here are my logs:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.08.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Ox-AV :: OX-AV-PC [administrator]

8/8/2012 8:46:54 AM
mbam-log-2012-08-08 (08-46-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199835
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\Software\Cr_Installer\4479 (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:00:39 PM, on 8/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Users\Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Users\Ox-AV\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: Dropbox.lnk = Ox-AV\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: AML Device Install.lnk = C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MIDISPORT Audio Device Monitor (MIDISPORTAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13717 bytes


Thanks again for your help Gringo!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users