NtrNetSrfr

Members

View Profile See their activity

Posts
20
Joined
July 4, 2012
Last visited
July 31, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by NtrNetSrfr

Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Amazing! Thank you SO much! HAPPY BIRTHDAY!
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

ComboFix 12-07-13.03 - John 07/20/2012 15:21:46.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13925 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe Command switches used :: c:\users\John\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\John\AppData\LocalLow\Incredibar.com c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\chrome.manifest c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\arwDwn.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ae.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\bg.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ch.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cn.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cz.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\de.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\eg.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\en.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\es.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\fr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\gr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\he.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\il.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\it.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ja.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\jp.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\nl.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\no.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pl.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pt.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ro.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ru.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sa.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\se.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sv.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\tr.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ua.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\us.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\help_16.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\home.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\logo.png c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\privecy_16_hot.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\specialoffer.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\tellafriend.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\uninstall.gif c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\mtstart.js c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\tmplt.js c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\install.rdf . . ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 ))))))))))))))))))))))))))))))) . . 2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-20 16:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33F4F8AE-FD07-42E4-94F8-9BC030414C37}\mpengine.dll 2012-07-20 02:32 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2012-06-18 20:52 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-18 15:38 56156 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-18 15:38 45650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-13 23:30 . 2012-07-19 15:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-19 15:57 211648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:46 . 2012-07-18 19:04 103008 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2012-07-19 03:58 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-09-14 04:50 . 2012-07-19 03:58 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-19 03:58 15379524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-20 15:24:10 ComboFix-quarantined-files.txt 2012-07-20 19:24 ComboFix2.txt 2012-07-17 03:40 ComboFix3.txt 2012-07-16 08:41 ComboFix4.txt 2012-07-16 08:26 ComboFix5.txt 2012-07-20 19:21 . Pre-Run: 290,894,376,960 bytes free Post-Run: 290,576,490,496 bytes free . - - End Of File - - CEACC4C57EABDC0779D8C0C881051C98
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

SystemLook 30.07.11 by jpshortstuff Log created at 18:29 on 18/07/2012 by John Administrator - Elevation successful WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results. ========== regfind ========== Searching for "incredibar" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASMANCS] ========== folderfind ========== Searching for "*incredibar*" C:\Users\John\AppData\LocalLow\Incredibar.com d------ [20:16 03/06/2012] C:\Users\John\AppData\LocalLow\Incredibar.com\incredibar d------ [20:16 03/06/2012] C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com d------ [20:16 03/06/2012] -= EOF =-
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

i started firefox in safe mode and reset everything and it's still there
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

its still there.
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

The first three lines did not have a reset option:
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Sorry, I cut and pasted what you had... I dont see anything that says reset... I have refresh when i right click
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

When I type about:config[/b[ or about:config it says URL cannot be loaded
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

This is without the script file: ComboFix 12-07-13.03 - John 07/16/2012 23:34:33.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.14134 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 03:39 . 2012-07-17 03:39 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-17 03:39 . 2012-07-17 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 13:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-17 00:26 56132 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-17 00:26 45594 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-16 11:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-16 11:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-16 11:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 00:26 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-17 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-17 03:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-17 00:24 . 2012-07-17 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-17 00:24 . 2012-07-17 00:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-17 00:26 211648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-16 19:52 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-16 19:52 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-16 23:40:39 ComboFix-quarantined-files.txt 2012-07-17 03:40 ComboFix2.txt 2012-07-16 08:41 ComboFix3.txt 2012-07-16 08:26 ComboFix4.txt 2012-07-14 05:33 . Pre-Run: 291,611,979,776 bytes free Post-Run: 290,803,990,528 bytes free . - - End Of File - - 52D78767FD57607A136B26AFCF46B993
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

No, it looks just the same as the pic i sent you. and firefox takes 15 seconds to open
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Sorry that was done the wrong way! Thanks again!! ComboFix 12-07-13.03 - John 07/16/2012 4:33.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13575 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe Command switches used :: c:\users\John\Downloads\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 08:36 . 2012-07-16 08:36 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-16 08:36 . 2012-07-16 08:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 06:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-15 16:58 56028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-15 16:58 45366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-15 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-16 08:38 . 2012-07-16 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-16 08:38 . 2012-07-16 08:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-15 16:58 211426 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-16 08:37 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-16 08:37 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Kodak\KODAK Share Button App\Listener.exe c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe . ************************************************************************** . Completion time: 2012-07-16 04:41:53 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-16 08:41 ComboFix2.txt 2012-07-16 08:26 ComboFix3.txt 2012-07-14 05:33 . Pre-Run: 298,272,198,656 bytes free Post-Run: 298,020,814,848 bytes free . - - End Of File - - EAF8DAD7356033B032333530724C9547
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Thank you for all of your help!!! ComboFix 12-07-13.03 - John 07/16/2012 4:20.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13864 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))) . . 2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-16 08:25 . 2012-07-16 08:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-15 23:56 . 2012-07-15 23:56 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B08E8B3-52A4-42AB-AAD8-CB484F746172}\offreg.dll 2012-07-15 23:55 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B08E8B3-52A4-42AB-AAD8-CB484F746172}\mpengine.dll 2012-07-14 19:07 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-16 06:59 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-07-15 16:58 56028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-14 02:37 . 2012-07-15 16:58 45366 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin + 2010-09-13 23:30 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-13 23:30 . 2012-07-15 16:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-15 16:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-15 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-14 02:36 . 2012-07-16 08:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-15 16:56 . 2012-07-15 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-15 16:56 . 2012-07-15 16:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-09-14 12:15 . 2012-07-15 16:58 211426 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-15 05:42 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-09-14 04:50 . 2012-07-15 05:42 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-11-22 00:32 . 2012-07-15 05:42 15355336 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c FF - user.js: extensions.incredibar_i.instlDay - 15494 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-16 04:26:32 ComboFix-quarantined-files.txt 2012-07-16 08:26 ComboFix2.txt 2012-07-14 05:33 . Pre-Run: 298,276,364,288 bytes free Post-Run: 298,173,054,976 bytes free . - - End Of File - - D807238364E9F61ED0C64034B285864D
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

ComboFix 12-07-13.03 - John 07/14/2012 1:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13726 [GMT -4:00] Running from: c:\users\John\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\John\AppData\Local\boot.dat c:\users\John\AppData\Roaming\inst.exe c:\windows\pkunzip.pif c:\windows\pkzip.pif . . ((((((((((((((((((((((((( Files Created from 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))) . . 2012-07-14 05:31 . 2012-07-14 05:31 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp 2012-07-14 05:31 . 2012-07-14 05:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-14 03:59 . 2012-07-14 03:59 711240 ----a-w- c:\windows\is-DN66R.exe 2012-07-13 00:24 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B722FB95-920A-424A-A456-73CD11AFA9F2}\mpengine.dll 2012-07-12 03:57 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe 2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys 2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL 2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon 2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia 2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software 2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software 2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft 2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam 2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam 2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle 2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-18 20:52 . 2012-05-04 23:29 772504 ----a-w - c:\windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40 . 2012-07-14 05:18 -------- d-----w- c:\program files (x86)\Everything . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll 2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll 2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys 2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys 2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys 2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys 2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-20 03:45 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-20 03:16 . 2012-06-14 04:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-19 03:57 . 2010-09-14 02:42 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928] "Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496] "ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736] "ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536] "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544] "DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664] "HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800] "Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "InnoSetupRegFile.0000000001"="c:\windows\is-DN66R.exe" [2012-07-14 711240] . c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192] NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944] TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056] R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000] R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720] R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736] S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016] S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920] S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544] S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448] S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912] S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576] S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752] S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184] . . Contents of the 'Scheduled Tasks' folder . 2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22] . 2012-07-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job - c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784] "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168] "Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 192.178.1.1 FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ FF - prefs.js: browser.search.selectedEngine - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c FF - user.js: extensions.incredibar_i.instlDay - 15494 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-AdobeBridge - (no file) AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11" "OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-14 01:33:19 ComboFix-quarantined-files.txt 2012-07-14 05:33 . Pre-Run: 300,270,612,480 bytes free Post-Run: 300,119,891,968 bytes free . - - End Of File - - 42D397C793D01748CC952E1343AD9C9D
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Better.... incredabar is still on my firefox Thanks for all the help!!
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. HKU\S-1-5-21-4125996851-1195880361-1058133894-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cf45c54f-801c-41b5-ac77-57f2bf418edc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf45c54f-801c-41b5-ac77-57f2bf418edc}\ not found. HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found. Registry key HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1 Prefs.js: "MyStart Search" removed from browser.search.selectedEngine Prefs.js: true removed from browser.search.useDBForOrder Prefs.js: "http://mystart.incredibar.com/mb161?a=6Oy5AixVwX&i=26" removed from browser.startup.homepage Prefs.js: "http://mystart.incredibar.com/mb161/?loc=IB_DS&a=6Oy5AixVwX&&i=26&search=" removed from keyword.URL C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\searchplugins\MyStart Search.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully. C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll moved successfully. ========== FILES ========== C:\Program Files (x86)\Search Toolbar folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\John\Desktop\cmd.bat deleted successfully. C:\Users\John\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: John ->Temp folder emptied: 260266721 bytes ->Temporary Internet Files folder emptied: 22597949 bytes ->Java cache emptied: 12650135 bytes ->FireFox cache emptied: 53879218 bytes ->Google Chrome cache emptied: 414094014 bytes ->Flash cache emptied: 73315 bytes User: Mcx1-CORAL_SPRINGS ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 178184 bytes ->Flash cache emptied: 56502 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 138783871 bytes %systemroot%\System32 .tmp files removed: 499712 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 872496 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 13697151400 bytes Total Files Cleaned = 13,925.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.53.1 log created on 07082012_185802 Files\Folders moved on Reboot... C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... File C:\Users\John\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! Registry entries deleted on Reboot...
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

OTL.txt is too long
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 17 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\John\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: 15.97 Gb Total Physical Memory | 13.62 Gb Available Physical Memory | 85.32% Memory free 31.93 Gb Paging File | 29.31 Gb Available in Paging File | 91.79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 465.76 Gb Total Space | 298.26 Gb Free Space | 64.04% Space Free | Partition Type: NTFS Drive D: | 465.75 Gb Total Space | 305.92 Gb Free Space | 65.68% Space Free | Partition Type: NTFS Drive E: | 931.51 Gb Total Space | 421.91 Gb Free Space | 45.29% Space Free | Partition Type: NTFS Drive F: | 931.51 Gb Total Space | 909.72 Gb Free Space | 97.66% Space Free | Partition Type: NTFS Drive G: | 931.51 Gb Total Space | 141.78 Gb Free Space | 15.22% Space Free | Partition Type: NTFS Drive H: | 2794.39 Gb Total Space | 188.93 Gb Free Space | 6.76% Space Free | Partition Type: NTFS Computer Name: CORAL_SPRINGS | User Name: John | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm[@ = chm.file] -- C:\Windows\hh.exe [2009 .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe [2009 .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe [2009 .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010 .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe [2009 .reg[@ = regfile] -- C:\Windows\regedit.exe [2009 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .chm [@ = chm.file] -- C:\Windows\hh.exe [2009 .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe [2009 .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe [2009 .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe [2009 .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010 .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009 .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009 .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe [2009 .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe [2009 .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe [2009 .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe [2009 .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE [2009 .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe [2009 .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe [2009 .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe [2009 .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe [2009 ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* chm.file [open] -- "%SystemRoot%\hh.exe" %1 [2009 cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 [2009 htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* [2009 htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [2010 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" [2009 InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l [2009 InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" [2009 piffile [open] -- "%1" %* regfile [open] -- regedit.exe "%1" [2009 regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" [2012 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" [2011 Directory [cmd] -- cmd.exe /s /k pushd "%V" [2010 Directory [find] -- %SystemRoot%\Explorer.exe [2011 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" [2012 Folder [open] -- %SystemRoot%\Explorer.exe [2011 Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe [2011 Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 [2009 batfile [open] -- "%1" %* batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 [2009 chm.file [open] -- "%SystemRoot%\hh.exe" %1 [2009 cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 [2009 cmdfile [open] -- "%1" %* cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 [2009 comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* [2009 exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 [2009 htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* [2009 htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [2010 htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome [2010 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" [2009 inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009 inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009 inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009 inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009 InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l [2009 InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" [2009 jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 [2009 jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* [2009 jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 [2009 jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 [2009 jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* [2009 jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 [2009 piffile [open] -- "%1" %* regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" [2009 regfile [open] -- regedit.exe "%1" [2009 regfile [merge] -- Reg Error: Key error. regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" [2009 scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 [2009 txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 [2009 txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" [2009 vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009 vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009 vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009 vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009 vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009 vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009 wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 [2009 wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009 wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 [2009 wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* [2009 Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" [2012 Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" [2011 Directory [cmd] -- cmd.exe /s /k pushd "%V" [2010 Directory [find] -- %SystemRoot%\Explorer.exe [2011 Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" [2012 Folder [open] -- %SystemRoot%\Explorer.exe [2011 Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe [2011 Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2010 ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0144859C-E5B1-4F4C-BCD8-86EC22950EC6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{01EB4DB3-0F0E-43FC-8A60-62AB35B1A665}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{03586029-FF33-42A1-AF54-8117127F87F6}" = lport=3390 | protocol=6 | dir=in | app=system | "{04C80670-E2EE-4CD7-8B54-5F750C2988BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{08646184-A8B8-4E5A-BB72-FAB300F5F8DC}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{0FA3555C-1568-4351-9A5B-22F92FE16EC9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1F111CA6-6D47-409E-97F1-7B9DC8F6CBA2}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 | "{2189335E-2080-4714-8612-722A38B675EB}" = lport=139 | protocol=6 | dir=in | app=system | "{239BD4FF-D12C-4220-9CBB-DE19443412BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{28CBE0DA-D947-42FD-85B4-855DC092D30A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{3A635F20-59CF-488C-9CE6-10D5C3BF141B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{3EAAA27B-C3F1-416E-8580-07DF64A9A456}" = lport=138 | protocol=17 | dir=in | app=system | "{44357601-AB21-47F1-A567-7D256CA6D4AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{48E7BD88-418E-4E83-9532-C9ECE104A34C}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{5684F8DC-1C6A-4A26-85DF-56CDDF5F8A95}" = rport=139 | protocol=6 | dir=out | app=system | "{591E83C1-4AD0-4B5E-A91F-09659F77639D}" = lport=137 | protocol=17 | dir=in | app=system | "{5B4CB57D-6978-400A-8B6B-D532C8C94832}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{6178E860-17E2-47C8-B9B8-DD568BCA014F}" = lport=10244 | protocol=6 | dir=in | app=system | "{61D9CE8A-D3CF-45F9-B07A-FA202DC98C75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{63AA06E9-7226-44F6-A674-912A454AA327}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{67543B51-AF39-45E3-B0BB-20A9CBD1B32C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7014DC3F-DACE-4472-BDA7-3037BE154798}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7566BC59-5F07-4994-A613-E06B3995DE19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{77D2C492-3746-4926-A583-5EC252129DD0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{7EFB31EA-5AD2-4C74-808D-5CD0842CC592}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{82C07D65-FA7A-44F7-864F-4FBB8581CFB3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{84F20DA7-2298-4DD2-AF4F-8FE121B4C682}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8984EEB0-1C58-4847-B894-A7366F44C172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{92550548-6884-4881-9B17-B462368B6AF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{92ED9BFF-F73A-4F38-B525-CB45D046DB5B}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{964B7451-FF71-489C-AA25-0FE4EB919E04}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{9907AD28-AED5-4ED3-94AB-974763C7A536}" = lport=2869 | protocol=6 | dir=in | app=system | "{9B88EA17-13F2-4AE4-87CD-80495903D21B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | "{9FD2E996-2BF1-4E3F-ACA5-2CB82F8AE170}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A26799DD-3B3E-4A27-B4E1-85AAEE20331E}" = lport=1723 | protocol=6 | dir=in | name=1723 port | "{A336710D-BBF9-4777-9D26-1EBB3B6BB467}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A6560959-645B-4654-9004-B2D851B73D8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7E970FE-8DD5-425C-A887-0B311D49400F}" = lport=10244 | protocol=6 | dir=in | app=system | "{AF788DBF-F937-47B0-A969-6716A2368598}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B87878DE-7B24-4D42-B796-98AE77B00629}" = rport=137 | protocol=17 | dir=out | app=system | "{BD6D5CAF-C18A-4F48-AF91-80E39076EA56}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE968C45-FEE2-41A9-85BA-DEBD7CB5CAD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C05DA337-D18A-4BAC-8DDA-416123BFC11B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C4B7B039-B0E1-4FD3-A4A8-8AC6E178800F}" = rport=10243 | protocol=6 | dir=out | app=system | "{C5A831BE-C40F-497E-BFFF-CFE2006B6C6A}" = lport=445 | protocol=6 | dir=in | app=system | "{CA500676-F7BB-41AF-80BE-44D0BD872203}" = rport=445 | protocol=6 | dir=out | app=system | "{CBFD5CA5-1428-41A9-8D86-CE05D98E1294}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{CD5362E8-2CE1-4243-B914-742C44D9292F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D83B816A-0103-456E-94F8-FF2A2A64C690}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{DEE8CF9D-C6ED-470A-AD2B-E31C57985DDC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E726A9B4-F7BE-4B0A-A6E7-F78770C6B9AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E7539920-E6A2-49F0-9DD3-882886C42817}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EC537798-3AF1-4470-BC54-7ADB7649F8A6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0BB8E8B-8265-4BBA-864D-33A0B192EAB4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F17AB4FA-DD8E-447A-B4B2-CADA82648A55}" = lport=3390 | protocol=6 | dir=in | app=system | "{F1DF55A7-D944-4172-A5F5-F64742B40DED}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F221B015-6EAE-4839-8CB0-A5592960754F}" = lport=2869 | protocol=6 | dir=in | app=system | "{F2E1473C-4B8E-4F5E-BC78-D763ED4E58AB}" = rport=138 | protocol=17 | dir=out | app=system | "{F31B3996-0E9B-4104-A036-0200BAAC9F1C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{F3E1FDA9-01E9-444C-9A75-33A1ACC8BF59}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F5B12777-7618-4349-9D58-A49407FF334B}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{024C490E-09DD-44C0-AAB4-C8D3AEB21D37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{0476B71E-7279-4965-9565-4FA73FF35816}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{09C0F67E-1D33-4B76-8B99-5D340B190CDC}" = protocol=6 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | "{0F081A5A-5F85-41A9-B891-1F1847EF9C57}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{1B45DA58-CFA6-4E8F-8E28-EC93C50680C8}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{1FA42587-C5C5-4412-B6AC-81E09949C6D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2146FC3E-A0AE-4B9F-B792-E98CCEDC9BFF}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{22A42E9E-8943-4D59-BA17-3683C82B41D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{27CF2078-7E84-4E66-A304-ECBF4EA5AB05}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2ABD86B1-E9C3-46E9-AAC9-E930FC4E4020}" = dir=out | app=%programfiles% (x86)\xilisoft\ipad magic platinum\ipodmanager-loader.exe | "{2B35364F-9A3E-46AE-85AA-FA06C69A3312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E230F54-2269-4FF0-98D5-17A0557794AB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{3163D6F7-285D-413C-930B-EA5FD43DBFF1}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{3416A30D-04ED-4659-AAB1-5E9BD34A47AB}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{3751041D-CEBA-4B42-B55B-C633728E0FC1}" = protocol=58 | dir=in | app=system | "{38265481-B427-4701-8B17-C98DB875FE27}" = dir=out | app=%programfiles% (x86)\xilisoft\dvd creator\dvdcreator.exe | "{3992F744-D24B-40CE-8A1D-81D6017501F2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{3AA17109-6C7B-45CC-BAA1-F7F9E18D54DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3B86FEBB-4A2A-49BC-AADF-8B87721359B4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{3E049677-CF25-4A21-A12F-08574A5C5176}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{3F2BE071-89D0-4C8A-9F19-9F6552A47B4F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{4637C379-3C55-473D-87CF-9BED71435CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | "{4A1DFA0B-978C-4F98-92B5-D7185CC25B50}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{4E34AB63-C0CA-4236-A47D-70BE9DE61137}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{50CC9FFF-5498-4C9E-874F-1CA197669D9D}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | "{56972F82-00FF-40E8-9C0D-1ED4D41931EB}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1339455344\ee\aolsoftware.exe | "{5D1ED4F7-CA5E-4C21-BF90-3C31A4DEDB7C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5DF73A5E-A467-4EB8-AE86-8F6636BEAF03}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{628FE7B4-32B1-4A42-BCEA-CA0988C83E1F}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\aolbrowser\aolbrowser.exe | "{62ABF9BA-11A2-434C-9A31-4A30BFEAD14C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{65939752-70B6-4FC3-8703-C9E14F91A34F}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{67DC0E23-F2DD-4754-886F-0DA57D1C9376}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe | "{67F68A08-F6E9-49AE-94A5-8F5D32BF9457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{68BF61DC-BC51-47ED-B4F7-0ECE777DD98F}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander\bin\supremecommander.exe | "{697421E1-3E4E-446E-986C-B191D311BEC9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe | "{6A0CD658-4266-4CA1-95D7-AFE1F765E801}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\cdas2pc\cdas2pc.exe | "{6A5C868C-9F86-4812-857B-911A36AB7D32}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1339455344\ee\aolsoftware.exe | "{6B522CDF-8BED-44A1-83A4-5F2D666DA6FB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6C63A9AF-C41F-440B-868C-C5275350BFB0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "{6F2DF21D-DD6A-474C-B008-9C6BE9044D0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{6FFD3E8F-97B8-4FEF-9A82-7B02C9C0F53F}" = protocol=6 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{72947683-9C2B-4F96-AA16-4AB678281692}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{73F02177-174F-4491-A4EB-9783FD0CEFE8}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{7496CE7E-478B-4F6A-8D17-9ED5A0715DE1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | "{75FC07DB-1BD9-4813-A29A-61461D4CB745}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{78798E79-CF9A-401C-875D-73EB14603648}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{7C09ADB1-2CD8-41D0-BECF-C1A3D046E4B9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7E289066-E8BC-4707-886D-5B52199F2C55}" = protocol=6 | dir=out | app=system | "{7E84850A-3DE9-440E-99C8-2B9AB4FA28AE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{7F8CBACB-2AF1-466B-88E9-F36FF094D018}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8670018F-37CE-4BC5-98F2-9538C5561EEA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8FAE1AAB-9E30-463F-AFF4-8CD0283F8226}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{92040760-15B2-408D-A6B7-2EC4814F5498}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{923E89B8-EB12-474C-B32C-DB4BB81B14F8}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{941A8B11-33A4-49CB-8867-E60D2981885E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{99C93335-9DD9-47EF-94BE-6F97155690EB}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | "{9BD963B6-4647-4F75-9A3E-516A474DF302}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{9DE928FB-2CD9-4398-A257-0033BF5DB402}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9E41CA94-0B82-4E01-8AFF-414ABD196AF4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AA2EA2D2-AC01-43AC-A98B-F99008662A8B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{AD6B831F-1E4E-4706-B05E-363C6AA7F60F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{ADCE8418-D2A9-4C0F-9B1D-BA84F579D0A5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{AED9FAB7-97C1-4E1A-9D53-3DFAB0780269}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B077F53B-7255-4AC2-AF5A-5DEFA761B9A9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{B1E34222-331C-414F-9A89-B5F39A605754}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B2E79E62-666A-409F-A149-0D6C09539B4A}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{B8E68E8E-1687-4152-884D-F87B05550B2E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{BBFA09E0-03CE-4202-B0DE-94572771D9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{BD09B32B-EFED-4CE4-A793-D88401496CA1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{C23005ED-0D2D-4B90-A25C-63D54495407C}" = dir=out | app=%programfiles% (x86)\xilisoft\ipad magic platinum\ipodmanager.exe | "{C3105710-04B8-4088-9340-99CFC2C60F0F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{C5E79598-E47A-4B99-90A0-1548C6FFDD75}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C67C1CCB-2BB7-45CD-9900-21528ADBE6E4}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ordersupplies.exe | "{C6C0E580-E0BF-4404-A6A1-83256FC91CEF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | "{C71D1FC9-DBD4-4DA5-8D82-962BFAED3B75}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\ids.application.exe | "{CAD49F5A-0DA7-4F55-8748-16CF17795615}" = dir=out | app=%programfiles% (x86)\opoosoft\pdf split-merge\opoosoft pdf split-merge.exe | "{CB5E4326-208F-48EF-9E0E-FE6AE252E718}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{CF0E3BCA-5336-463B-BCA1-216354BDB6A4}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe | "{D05C3A5F-183D-49A3-82E8-5A514DBD4283}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{D342B8F5-4B9A-434A-9B01-AA0F4DF84ED9}" = dir=in | app=c:\users\john\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{D4BE51B8-AB9B-4535-AA51-63B3FCD8B866}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{D542665F-75BA-47BF-8A09-54E85CBD5306}" = protocol=17 | dir=in | app=c:\program files\common files\common desktop agent\cdasrv.exe | "{DA2B1319-39D1-421D-9C7A-2806F2E2801E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol desktop 9.7\waol.exe | "{DF817AD4-1B87-45A8-BD86-96D3B170CD44}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | "{E3CF8F92-BA8A-41B4-ADEE-DAB6EDCF4DEA}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E4AE701E-1E7C-4BC1-BF0B-AC46047AABB3}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | "{E4B8C03A-2FB3-4CCB-9D30-06D0BED832B7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E615DB26-7782-4EA1-899D-2C32AE370C44}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{E7B7CE6A-BA87-442F-9905-37327D2B949E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E86CB9EC-FDE1-4280-94EB-FF360829393E}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "{E8786266-6328-41EA-A739-5DF2E37267C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EB87262C-31B9-47EA-8BE8-5BF72CB36D79}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "{EC4206BB-14F9-4569-AF5D-58778C0E3D33}" = protocol=17 | dir=in | app=c:\program files\realvnc\vnc4\winvnc4.exe | "{F666AA04-C2E7-4519-877F-BDE5DAFA6C16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7139426-72F0-49BD-AFC8-72FB9EA28444}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{FEAEA4D8-3135-4192-9696-75C9899F7474}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\easy printer manager\idsalert.exe | "{FFAB6250-5801-491D-8312-BF11C24E6AF1}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "TCP Query User{1444AD74-3709-4460-BFF7-B7312EE85E62}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{1A482930-6A86-4AF1-B3FE-F42235E27636}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "TCP Query User{1EDEA7F8-E24D-4CDB-B9E8-2257D3B41662}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "TCP Query User{2502FB11-38CC-40CB-A423-EB12EA16C54B}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe | "TCP Query User{42592C6E-BCAE-4A61-8EB2-42E2DFF9014D}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "TCP Query User{42ACCD2E-4E82-47F0-9156-9419015B33C1}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "TCP Query User{44EBA19E-12AF-455E-9E60-B642B2D54357}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{4D4A04C7-53D5-4D2E-998D-5F5BD3DC0F06}F:\dead space 2\deadspace2.exe" = protocol=6 | dir=in | app=f:\dead space 2\deadspace2.exe | "TCP Query User{637EB493-BFC6-41F4-B98E-2D4543018D84}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | "TCP Query User{6455E392-04AD-4B1B-944D-D3E460895B68}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{8CC51F2D-B486-4F05-954B-57C64B0B5792}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "TCP Query User{A4AAD524-8929-4251-92AC-215CF3D069CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{B1F9F1C5-6FDD-4E4A-B0D1-FAA0BE006650}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | "TCP Query User{BA392FBC-4D4C-4307-AA86-DF5B9459A7A6}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe | "TCP Query User{D307AAB2-7E3E-4D63-8EF5-A1CCDFE21295}C:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe | "TCP Query User{D68F7AC5-4225-4569-BB2F-D5467E5809A1}C:\program files\synergy\synergys.exe" = protocol=6 | dir=in | app=c:\program files\synergy\synergys.exe | "TCP Query User{E138FCCA-9493-4FB2-9DAE-971AE6B805B1}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{E5CBE42F-C528-4EE5-AD13-0CCBA7DEDED8}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{08B29903-7D9A-479D-84AD-D7C2A6EB8FF1}C:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orcs must die!\build\release\orcsmustdie.exe | "UDP Query User{0F086509-39C0-41A5-9DCF-8B25A7ADDD0C}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | "UDP Query User{11E9DBE8-F4A4-4407-B0A6-B64EE3853103}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{1E24DE5F-34BC-4DE7-9900-755B0A3CA5BD}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | "UDP Query User{23A5D591-B2CB-4159-9AE2-384DADA3917E}C:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\launch4j-tmp\mimo.exe | "UDP Query User{275FFA1D-9A79-4895-93B5-773890AB17D7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "UDP Query User{28CD3E2A-6CB1-495A-9A11-97B0243F7FED}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{3164EB51-48BD-4392-A8E7-8C0785374BBC}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | "UDP Query User{317F1E6E-98E7-43E3-B76A-4A6DE3075F40}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | "UDP Query User{476E6CA2-9185-46E2-B318-B0D72E373619}F:\dead space 2\deadspace2.exe" = protocol=17 | dir=in | app=f:\dead space 2\deadspace2.exe | "UDP Query User{4F52B965-7EEF-43D4-B433-5B35ED6C940F}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | "UDP Query User{64B7720A-6971-4E5C-BA80-29D1549EFADE}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{7F4EDD82-7A76-4A2C-9CF4-8ACF9921B207}C:\users\john\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\john\appdata\local\google\chrome\application\chrome.exe | "UDP Query User{93C9DF84-918D-41EA-B9FC-CDE70B457DC0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | "UDP Query User{9BDE0DDC-8B97-44B3-A501-0E21CC42499D}C:\program files (x86)\activision\call of duty - black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty - black ops\blackops.exe | "UDP Query User{B9B30000-C304-4AE6-8996-DBD1F68A41BA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{CF6488AA-CCB5-4FD4-9488-A75F691E5D32}C:\program files\synergy\synergys.exe" = protocol=17 | dir=in | app=c:\program files\synergy\synergys.exe | "UDP Query User{D4C6A4E0-7329-496F-AB95-252B8B261429}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{031A0E14-0413-4C97-9772-2639B782F46F}" = Common Desktop Agent "{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64) "{23170F69-40C1-2702-0921-000001000000}" = 7-Zip 9.21 (x64 edition) "{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64 "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{636BB5E4-88A3-4DA6-9630-B98E7814972A}" = XP Repair Pro 5 "{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{BC39713D-B14D-4BB0-9663-BC9F7B8AB1F2}" = O&O Defrag Professional "{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel® Network Connections 15.6.25.0 "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "PROSetDX" = Intel® Network Connections 15.6.25.0 "RealVNC_is1" = VNC Enterprise Edition E4.5.4 "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sandboxie" = Sandboxie 3.62 (64-bit) "sp6" = Logitech SetPoint 6.32 "VNCMirror_is1" = VNC Mirror Driver 1.8.0 "VNCPrinter_is1" = VNC Printer Driver 1.6.0 "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter "{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20187EBD-71B1-4913-AEFF-6E2E2A444434}" = Giganews Accelerator "{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}" = Supreme Commander "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All "{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II "{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver "{3B03E732-6150-4D0A-849F-C6F4141EA78C}" = EPSON Perfection V30/V300 Photo Scanner Driver Update "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space "{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT) "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard "{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159 "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30 "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common "{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin "{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard "{9170B2A2-FC44-4ec2-AEB6-9052626B2A2E}_is1" = Driver Reviver "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2 "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter "{a72ce741-1f32-4d79-bffb-a714375c678d}_is1" = Bigasoft Total Video Converter 3.4.14.4261 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries "{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5 "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French "{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet "{C975D391-7BF6-44A0-A4FF-EDF3CFD88F68}" = ArcSoft MediaImpression for Kodak "{CCB71FF8-DE82-469C-8641-44378F4443EB}" = Garmin WebUpdater "{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}" = WinZip 15.5 "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DA5447A3-C6E7-471C-802C-A1FD401F0159}" = ArcSoft MediaImpression Codec "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash "{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver "{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 "{E705AF4A-68B1-4C1A-8604-85728B0F2D21}" = Stone File Undelete "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0 "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "abgx360" = abgx360 v1.0.6 "AC3Filter_is1" = AC3Filter 1.63b "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0 "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AviSynth" = AviSynth 2.5 "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Classroom Spy Professional" = Classroom Spy Professional "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only) "DVDFab 8 Qt Beta_is1" = DVDFab 8.1.8.8 (29/06/2012) Qt Beta "DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt "EPSON Scanner" = EPSON Scan "Everything" = Everything 1.2.1.371 "ffdshow_is1" = ffdshow [rev 3299] [2010-03-03] "GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008) "Hard Reset_is1" = Hard Reset "ImgBurn" = ImgBurn "Insane 2_is1" = Insane 2 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full) "LameACM" = Lame ACM MP3 Codec "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "MediaPlayerLite" = MediaPlayerLite 0.2 "Mimo" = Mimo "mIRC" = mIRC "MKVtoolnix" = MKVtoolnix 4.3.0 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "OpenVPN" = OpenVPN 2.2.1 "OpooSoft PDF Split-Merge_is1" = OpooSoft PDF Split-Merge v6.0 "Picasa 3" = Picasa 3 "PowerISO" = PowerISO "QuickPar" = QuickPar 0.9 "Revo Uninstaller" = Revo Uninstaller 1.94 "Samsung Easy Printer Manager" = Samsung Easy Printer Manager "Samsung ML-1865W Series" = Samsung ML-1865W Series "Samsung Printer Live Update" = Samsung Printer Live Update "SWF & FLV Player_is1" = SWF & FLV Player 3.0 (build 3.0.33.5106) "Synergy" = Synergy "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 2.0.1 "VyprVPN for Giganews 1.1.0.319" = VyprVPN for Giganews "WBFS Manager 3.0" = WBFS Manager 3.0 "Xilisoft DVD Creator" = Xilisoft DVD Creator "Xvid_is1" = Xvid 1.2.2 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4125996851-1195880361-1058133894-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Xilisoft iPad Magic Platinum" = Xilisoft iPad Magic Platinum ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 12 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1 Description = Activation context generation failed for "c:\program files\microsoft security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft security client\MSESysprep.dll" on line 10. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. [ Media Center Events ] Error - 19 Description = 7:36:28 PM - Error connecting to the internet. 7:36:28 PM - Unable to contact server.. Error - 2 Description = 2:07:22 AM - Error connecting to the internet. 2:07:22 AM - Unable to contact server.. Error - 2 Description = 2:07:28 AM - Error connecting to the internet. 2:07:28 AM - Unable to contact server.. Error - 3 Description = 3:07:37 AM - Error connecting to the internet. 3:07:37 AM - Unable to contact server.. Error - 3 Description = 3:07:43 AM - Error connecting to the internet. 3:07:43 AM - Unable to contact server.. Error - 4 Description = 4:07:52 AM - Error connecting to the internet. 4:07:52 AM - Unable to contact server.. Error - 4 Description = 4:07:58 AM - Error connecting to the internet. 4:07:58 AM - Unable to contact server.. Error - 5 Description = 5:08:07 AM - Error connecting to the internet. 5:08:07 AM - Unable to contact server.. Error - 5 Description = 5:08:13 AM - Error connecting to the internet. 5:08:13 AM - Unable to contact server.. Error - 14 Description = 2:21:28 PM - Error connecting to the internet. 2:21:29 PM - Unable to contact server.. [ System Events ] Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 19 Description = The device, \Device\CdRom0, has a bad block. Error - 21 Description = The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. < End of report >
Incredibar

NtrNetSrfr replied to NtrNetSrfr's topic in Resolved Malware Removal Logs

Extras.Txt OTL.Txt
Incredibar

NtrNetSrfr posted a topic in Resolved Malware Removal Logs

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by John at 23:40:26 on 2012-07-03 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13801 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\IProsetMonitor.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Program Files\OO Software\Defrag\oodag.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe C:\Windows\vVX3000.exe C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe C:\Program Files\OO Software\Defrag\oodtray.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Sandboxie\SbieCtrl.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\Giganews Accelerator\GiganewsAccelerator.exe C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\VyprVPN for Giganews\VyprVPN for Giganews.exe C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Samsung\PanelMgr\caller64.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\AOL\1339455344\ee\aolsoftware.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Everything\Everything.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb161?a=6Oy5AixVwX&i=26 uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: FCToolbarURLSearchHook Class: {939a6a52-7680-7e14-35d7-5851ade84213} - C:\Program Files (x86)\Bekko Search Bar 1.0\Helper.dll uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO: Bekko Search Bar 1.0 BHO: {0a7e0730-1d2b-21f4-d160-dbcb5520151e} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB: Bekko Search Bar 1.0: {d8e6fab1-ccb0-9174-716b-7c4727c14bc8} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet uRun: [AdobeBridge] uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe" uRun: [KGShareApp] C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VYPRVP~1.LNK - C:\Windows\system32\schtasks.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GIGANE~1.LNK - C:\Program Files (x86)\Giganews Accelerator\GiganewsAccelerator.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Download with x-ipad-magic-platinum - C:\Program Files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM IE: Save F&lash with FlashCapture IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Trusted Zone: samsungsetup.com\www DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.178.1.1 TCP: Interfaces\{8981FF05-6368-4BD9-89E8-2A47E85207D4} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B99C0433-D8C8-4C45-88A8-6AA8A9BA4C1F} : DhcpNameServer = 192.178.1.1 TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\140707C65602355736B6371212 : DhcpNameServer = 192.178.1.1 TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\8456C6C6F6 : DhcpNameServer = 192.178.1.1 TCP: Interfaces\{CADE793A-0758-40EC-83E4-B2FEEC32F3E0}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{CF504919-AF17-4517-9BC8-05E3F0CC501A} : DhcpNameServer = 192.178.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL AppInit_DLLs: prio32.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll BHO-X64: 0x1 - No File BHO-X64: Bekko Search Bar 1.0 BHO: {0A7E0730-1D2B-21F4-D160-DBCB5520151E} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll BHO-X64: FCTBPos00Pos - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll TB-X64: Bekko Search Bar 1.0: {D8E6FAB1-CCB0-9174-716B-7C4727C14BC8} - C:\Program Files (x86)\Bekko Search Bar 1.0\Toolbar.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun mRun-x64: [ArcSoft MediaImpression Monitor] C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe mRun-x64: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe mRun-x64: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRun-x64: [HostManager] C:\Program Files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" IE-X64: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} AppInit_DLLs-X64: prio32.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\ FF - prefs.js: browser.search.selectedEngine - MyStart Search FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb161?a=6Oy5AixVwX&i=26 FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb161/?loc=IB_DS&a=6Oy5AixVwX&&i=26&search= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: C:\Users\John\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=050412_30b FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.hardId - 309020840000000000005404a62f5613 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15444 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:09:29 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oy5AixVwX&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 66b33afe00000000000000ff82392c5c FF - user.js: extensions.incredibar_i.instlDay - 15494 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:16:26 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6Oy5AixVwX FF - user.js: extensions.incredibar_i.upn2n - 92259576709457079 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10643 FF - user.js: extensions.incredibar_i.ppd - 1 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\system32\DRIVERS\AiChargerPlus.sys --> C:\Windows\system32\DRIVERS\AiChargerPlus.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys --> C:\Windows\system32\DRIVERS\scmndisp.sys [?] R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?] R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?] R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\system32\DRIVERS\jswpslwfx.sys --> C:\Windows\system32\DRIVERS\jswpslwfx.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2012-5-18 918448] R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2012-5-18 950912] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-12-14 586880] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-18 654408] R2 OODefragAgent;O&O Defrag;C:\Program Files\OO Software\Defrag\oodag.exe [2011-11-17 3273552] R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-4-29 1191408] R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2010-9-13 278528] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\system32\DRIVERS\ICCWDT.sys --> C:\Windows\system32\DRIVERS\ICCWDT.sys [?] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-11-23 158336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?] S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\system32\DRIVERS\athurx.sys --> C:\Windows\system32\DRIVERS\athurx.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2010-9-13 954368] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-04 03:27:01 -------- d-----w- C:\Users\John\AppData\Local\Macromedia 2012-07-04 00:27:44 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7EE2C97-ABC7-4887-A41F-F187369558C2}\offreg.dll 2012-07-04 00:26:55 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll 2012-07-04 00:26:47 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B7EE2C97-ABC7-4887-A41F-F187369558C2}\mpengine.dll 2012-07-03 02:27:54 9013136 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-30 04:00:02 -------- d-----w- C:\Program Files (x86)\Eltima Software 2012-06-29 10:16:23 -------- d-----w- C:\Users\John\AppData\Local\Xilisoft 2012-06-29 10:14:22 -------- d-----w- C:\ProgramData\Xilisoft 2012-06-28 06:31:22 -------- d-----w- C:\Windows\LastGood.Tmp 2012-06-28 05:32:36 -------- d-----w- C:\Program Files\Microsoft LifeCam 2012-06-28 05:32:36 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam 2012-06-27 13:36:32 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-23 02:56:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-23 02:56:20 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-23 02:56:07 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-23 02:56:07 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 20:52:40 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-06-18 05:40:32 -------- d-----w- C:\Program Files (x86)\Everything 2012-06-14 04:14:59 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 02:35:04 -------- d-----w- C:\Opoosoft 2012-06-13 02:34:46 -------- d-----w- C:\Program Files (x86)\OpooSoft 2012-06-12 17:07:45 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C53CD39A-1C38-494A-A7F1-02C169883E4B}\gapaengine.dll 2012-06-11 22:57:03 -------- d-----w- C:\Users\John\AppData\Roaming\AOL 2012-06-11 22:56:49 -------- d-----w- C:\ProgramData\Viewpoint 2012-06-11 22:56:48 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe 2012-06-11 22:56:48 -------- d-----w- C:\Program Files (x86)\Viewpoint 2012-06-11 22:56:12 24064 ----a-w- C:\Windows\System32\drivers\wanatw64.sys 2012-06-11 22:55:59 -------- d-----w- C:\Users\John\AppData\Local\AOL 2012-06-11 22:55:20 -------- d-----w- C:\Program Files (x86)\Common Files\AOL 2012-06-11 22:55:20 -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.7 2012-06-11 22:55:18 -------- d-----w- C:\Program Files (x86)\Common Files\aolshare 2012-06-08 06:10:44 53248 ----a-r- C:\Users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-06-08 06:10:33 -------- d-----w- C:\Users\John\AppData\Local\Logishrd . ==================== Find3M ==================== . 2012-06-28 00:51:37 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-06-23 08:22:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-23 08:22:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-20 05:59:48 4077616 ----a-w- C:\Windows\PE_Rom.dll 2012-05-20 05:58:42 4143152 ----a-w- C:\Windows\PE_File.dll 2012-05-19 03:38:07 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys 2012-05-19 03:37:59 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys 2012-05-19 03:37:57 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys 2012-05-19 03:37:55 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-20 22:50:46 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-04-20 22:50:45 499712 ----a-w- C:\Windows\SysWow64\nsa18A3.tmp 2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-19 03:57:38 126912 ----a-w- C:\Windows\System32\drivers\scdemu.sys 2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-04-06 02:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-04-06 02:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-04-06 02:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-04-06 02:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-04-06 02:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-04-06 02:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll 2012-04-06 02:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-04-06 02:32:08 54784 ----a-w- C:\Windows\System32\OpenCL.dll 2012-04-06 02:32:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll 2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe 2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll 2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll 2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll 2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll 2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll 2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll 2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll . ============= FINISH: 234106.01 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume6 Install Date: 9/13/2010 10:26:17 PM System Uptime: 7/3/2012 10:50:22 AM (13 hours ago) . Motherboard: ASUSTeK Computer INC. | | P8Z68-V GEN3 Processor: Intel® Core i5-2500K CPU @ 3.30GHz | LGA1155 | 2079/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 466 GiB total, 297.977 GiB free. D: is FIXED (NTFS) - 466 GiB total, 305.924 GiB free. E: is FIXED (NTFS) - 932 GiB total, 457.446 GiB free. F: is FIXED (NTFS) - 932 GiB total, 909.725 GiB free. G: is FIXED (NTFS) - 932 GiB total, 141.778 GiB free. H: is FIXED (NTFS) - 2794 GiB total, 188.932 GiB free. I: is CDROM () K: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: ASUS Bluetooth Device ID: USB\VID_0B05&PID_179C\6&35FA611D&0&7 Manufacturer: Atheros Communications Name: ASUS Bluetooth PNP Device ID: USB\VID_0B05&PID_179C\6&35FA611D&0&7 Service: BTHUSB . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: MAC Bridge Miniport Device ID: ROOT\MS_BRIDGEMP\0000 Manufacturer: Microsoft Name: MAC Bridge Miniport PNP Device ID: ROOT\MS_BRIDGEMP\0000 Service: BridgeMP . ==== System Restore Points =================== . RP417: 7/3/2012 12:29:41 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . ABBYY FineReader 6.0 Sprint abgx360 v1.0.6 AC3Filter 1.63b Adobe AIR Adobe Community Help Adobe Creative Suite 5 Master Collection Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop Elements 6.0 Adobe Reader X (10.1.3) AI Suite II Angry Birds Space AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Software Update ArcSoft MediaImpression ArcSoft MediaImpression Codec ArcSoft MediaImpression for Kodak Asmedia ASM104x USB 3.0 Host Controller Driver AviSynth 2.5 Bekko Search Bar 1.0 Bigasoft Total Video Converter 3.4.14.4261 Call of Duty: Black Ops CardRecovery 5.30 Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Classroom Spy Professional CoreAAC Audio Decoder (remove only) Crysis® 2 Dead Space™ 2 Driver Reviver DVDFab 8.1.6.3 (11/02/2012) Qt DVDFab 8.1.8.8 (29/06/2012) Qt Beta Epson Copy Utility 3.5 Epson Event Manager EPSON Perfection V30/V300 Photo Scanner Driver Update EPSON Scan eReg Everything 1.2.1.371 Facebook Video Calling 1.2.0.159 ffdshow [rev 3299] [2010-03-03] Garmin Communicator Plugin Garmin USB Drivers Garmin WebUpdater Giganews Accelerator Google Chrome Google Earth Google Update Helper GPGNet GPL MPEG-1/2 DirectShow Decoder Filter GrabIt 1.7.2 Beta 6 (build 1008) Hard Reset ImgBurn Insane 2 Intel® Management Engine Components Intel® Processor Graphics Intel® Watchdog Timer Driver (Intel® WDT) Internet TV for Windows Media Center Java Auto Updater Java 6 Update 22 Java 6 Update 33 Java 7 Update 5 JavaFX 2.1.1 JMicron JMB36X Driver K-Lite Codec Pack 4.0.0 (Full) KODAK Share Button App Lame ACM MP3 Codec Malwarebytes Anti-Malware version 1.61.0.1400 MediaPlayerLite 0.2 Microsoft Corporation Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mimo mIRC MKVtoolnix 4.3.0 Mozilla Firefox 10.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) NETGEAR WNA1100 wireless USB 2.0 adapter NVIDIA PhysX OpenOffice.org 3.3 OpenVPN 2.2.1 OpooSoft PDF Split-Merge v6.0 PDF Settings CS5 Picasa 3 PowerISO QuickPar 0.9 QuickTime Realtek High Definition Audio Driver Revo Uninstaller 1.94 Samsung Easy Printer Manager Samsung ML-1865W Series Samsung PC Studio 3 USB Driver Installer Samsung Printer Live Update SDFormatter Seagate DiscWizard SeaTools for Windows Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype Click to Call Skype™ 5.10 Stone File Undelete Supreme Commander SWF & FLV Player 3.0 (build 3.0.33.5106) Synergy System Requirements Lab Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Viewpoint Media Player VLC media player 2.0.1 VyprVPN for Giganews WBFS Manager 3.0 Windows Media Center Add-in for Flash Windows Media Player Firefox Plugin WinZip 15.5 Xilisoft DVD Creator Xilisoft iPad Magic Platinum Xvid 1.2.2 final uninstall Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 7/1/2012 9:26:52 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 6/28/2012 3:47:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RACQUEL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CF504919-AF17-4517-9BC8-05E3F0CC501A}. The master browser is stopping or an election is being forced. 6/28/2012 2:28:35 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 6/28/2012 2:26:21 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:44 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/28/2012 2:24:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/28/2012 2:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/28/2012 2:24:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/28/2012 2:24:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/28/2012 2:24:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/28/2012 2:24:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B} 6/28/2012 2:24:21 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AsUpIO DfsC discache JSWPSLWF MpFilter NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/28/2012 2:24:20 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/28/2012 1:12:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect. 6/28/2012 1:12:22 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== Attach.txt

Events

Profiles

Forums

Everything posted by NtrNetSrfr

Important Information