Jump to content

NtrNetSrfr

Members
  • Posts

    20
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Amazing! Thank you SO much! HAPPY BIRTHDAY!
  2. ComboFix 12-07-13.03 - John 07/20/2012 15:21:46.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13925 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe Command switches used :: c:\users\John\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\John\AppData\LocalLow\Incredibar.com c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\chrome.manifest c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\arwDwn.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ae.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\bg.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ch.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cn.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cz.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\de.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\eg.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\en.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\es.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\fr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\gr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\he.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\il.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\it.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ja.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\jp.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\nl.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\no.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pl.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pt.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ro.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ru.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sa.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\se.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sv.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\tr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ua.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\us.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\help_16.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\home.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\logo.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\privecy_16_hot.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\specialoffer.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\tellafriend.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\uninstall.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\mtstart.js c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\tmplt.js c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\install.rdf . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 16:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33F4F8AE-FD07-42E4-94F8-9BC030414C37}\mpengine.dll 2012-07-20 02:32 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2012-06-18 20:52 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-18 15:38 56156 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-18 15:38 45650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-13 23:30 . 2012-07-19 15:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-19 15:57 211648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:46 . 2012-07-18 19:04 103008 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2012-07-19 03:58 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-09-14 04:50 . 2012-07-19 03:58 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-19 03:58 15379524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-20 15:24:10 ComboFix-quarantined-files.txt 2012-07-20 19:24 ComboFix2.txt 2012-07-17 03:40 ComboFix3.txt 2012-07-16 08:41 ComboFix4.txt 2012-07-16 08:26 ComboFix5.txt 2012-07-20 19:21 . Pre-Run: 290,894,376,960 bytes free Post-Run: 290,576,490,496 bytes free . - - End Of File - - CEACC4C57EABDC0779D8C0C881051C98
  3. SystemLook 30.07.11 by jpshortstuff Log created at 18:29 on 18/07/2012 by John Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "incredibar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASMANCS] ========== folderfind ========== Searching for "*incredibar*" C:\Users\John\AppData\LocalLow\Incredibar.com d------ [20:16 03/06/2012] C:\Users\John\AppData\LocalLow\Incredibar.com\incredibar d------ [20:16 03/06/2012] C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com d------ [20:16 03/06/2012] -= EOF =-
  4. i started firefox in safe mode and reset everything and it's still there
  5. The first three lines did not have a reset option:
  6. Sorry, I cut and pasted what you had... I dont see anything that says reset... I have refresh when i right click
  7. When I type about:config[/b[ or about:config it says URL cannot be loaded
  8. This is without the script file: ComboFix 12-07-13.03 - John 07/16/2012 23:34:33.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.14134 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 03:39 . 2012-07-17 03:39 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-17 03:39 . 2012-07-17 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 13:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-17 00:26 56132 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-17 00:26 45594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-16 11:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-16 11:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-16 11:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-17 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-17 00:24 . 2012-07-17 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-17 00:24 . 2012-07-17 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-17 00:26 211648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-16 19:52 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-16 19:52 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-16 23:40:39 ComboFix-quarantined-files.txt 2012-07-17 03:40 ComboFix2.txt 2012-07-16 08:41 ComboFix3.txt 2012-07-16 08:26 ComboFix4.txt 2012-07-14 05:33 . Pre-Run: 291,611,979,776 bytes free Post-Run: 290,803,990,528 bytes free . - - End Of File - - 52D78767FD57607A136B26AFCF46B993
  9. No, it looks just the same as the pic i sent you. and firefox takes 15 seconds to open
  10. Sorry that was done the wrong way! Thanks again!! ComboFix 12-07-13.03 - John 07/16/2012 4:33.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13575 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe Command switches used :: c:\users\John\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 08:36 . 2012-07-16 08:36 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-16 08:36 . 2012-07-16 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 06:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-15 16:58 56028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-15 16:58 45366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-15 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-16 08:38 . 2012-07-16 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-16 08:38 . 2012-07-16 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-15 16:58 211426 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-16 08:37 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-16 08:37 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe . ************************************************************************** . Completion time: 2012-07-16 04:41:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-16 08:41 ComboFix2.txt 2012-07-16 08:26 ComboFix3.txt 2012-07-14 05:33 . Pre-Run: 298,272,198,656 bytes free Post-Run: 298,020,814,848 bytes free . - - End Of File - - EAF8DAD7356033B032333530724C9547
  11. Thank you for all of your help!!! ComboFix 12-07-13.03 - John 07/16/2012 4:20.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13864 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-15 23:56 . 2012-07-15 23:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B08E8B3-52A4-42AB-AAD8-CB484F746172}\offreg.dll 2012-07-15 23:55 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B08E8B3-52A4-42AB-AAD8-CB484F746172}\mpengine.dll 2012-07-14 19:07 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 06:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-15 16:58 56028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-15 16:58 45366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-15 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-15 16:56 . 2012-07-15 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-15 16:56 . 2012-07-15 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-15 16:58 211426 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-15 05:42 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-15 05:42 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c FF - user.js: extensions.incredibar_i.instlDay - 15494 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-16 04:26:32 ComboFix-quarantined-files.txt 2012-07-16 08:26 ComboFix2.txt 2012-07-14 05:33 . Pre-Run: 298,276,364,288 bytes free Post-Run: 298,173,054,976 bytes free . - - End Of File - - D807238364E9F61ED0C64034B285864D
  12. ComboFix 12-07-13.03 - John 07/14/2012 1:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13726 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\John\AppData\Local\boot.dat c:\users\John\AppData\Roaming\inst.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif . . ((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))) . . 2012-07-14 05:31 . 2012-07-14 05:31 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-14 05:31 . 2012-07-14 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 03:59 . 2012-07-14 03:59 711240 ----a-w- c:\windows\is-DN66R.exe 2012-07-13 00:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B722FB95-920A-424A-A456-73CD11AFA9F2}\mpengine.dll 2012-07-12 03:57 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w - c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-14 05:18 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "InnoSetupRegFile.0000000001"="c:\windows\is-DN66R.exe" [2012-07-14 711240] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c FF - user.js: extensions.incredibar_i.instlDay - 15494 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-14 01:33:19 ComboFix-quarantined-files.txt 2012-07-14 05:33 . Pre-Run: 300,270,612,480 bytes free Post-Run: 300,119,891,968 bytes free . - - End Of File - - 42D397C793D01748CC952E1343AD9C9D
  13. Better.... incredabar is still on my firefox Thanks for all the help!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.