Thanks for your help!! ComboFix 12-07-07.03 - Cindy 07/07/2012 7:27.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2407 [GMT -7:00] Running from: c:\users\Cindy\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\CouponAlert_2pEI c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll c:\program files (x86)\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll c:\program files (x86)\I Want This c:\program files (x86)\I Want This\appAPIinternalWrapper.js c:\program files (x86)\I Want This\fb.js c:\program files (x86)\I Want This\I Want This.dll c:\program files (x86)\I Want This\I Want This.exe c:\program files (x86)\I Want This\I Want This.ico c:\program files (x86)\I Want This\I Want ThisGui.exe c:\program files (x86)\I Want This\jquery.js c:\program files (x86)\I Want This\json.js c:\program files (x86)\I Want This\Uninstall.exe c:\program files (x86)\Search Toolbar c:\program files (x86)\Search Toolbar\SearchToolbar.dll c:\program files (x86)\TelevisionFanaticEI c:\users\Cindy\AppData\Local\I Want This c:\users\Cindy\AppData\Local\I Want This\Chrome\I Want This.crx c:\users\Cindy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll c:\users\Cindy\AppData\Roaming\result.db c:\users\Cindy\Norton_Removal_Tool.exe c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66} c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66}\@ c:\users\Trevor\AppData\Local\{05919438-749f-84f0-1361-19d593641c66}\n c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66} c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\@ c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\n c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\00000001.@ c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\80000000.@ c:\windows\Installer\{05919438-749f-84f0-1361-19d593641c66}\U\800000cb.@ c:\windows\security\Database\tmp.edb c:\windows\SysWow64\msnphoto.scr . . ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))) . . 2012-07-07 14:34 . 2012-07-07 14:34 -------- d-----w- c:\users\Trevor\AppData\Local\temp 2012-07-07 14:34 . 2012-07-07 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-07 03:45 . 2012-07-07 03:45 -------- d-----w- c:\program files (x86)\Trend Micro 2012-07-07 02:54 . 2012-07-07 02:57 33096 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-06 18:07 . 2012-07-06 18:08 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-06 18:07 . 2012-07-06 18:08 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-07-06 18:07 . 2012-07-06 18:07 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-06 18:06 . 2012-07-06 18:08 -------- d-----w- c:\programdata\AVG2012 2012-07-06 18:03 . 2012-07-06 18:04 -------- d-----w- c:\programdata\MFAData 2012-07-06 18:03 . 2012-07-06 18:03 -------- d--h--w- c:\programdata\Common Files 2012-07-06 17:50 . 2012-07-06 17:50 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-07-06 17:50 . 2012-07-06 17:50 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-07-06 17:47 . 2012-07-06 17:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-06 17:47 . 2012-07-06 17:47 -------- d-----w- c:\programdata\Malwarebytes 2012-07-06 17:47 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-06 17:10 . 2012-07-06 18:12 -------- d-----w- c:\users\Cindy\AppData\Local\360Amigo 2012-07-06 17:10 . 2012-07-06 17:10 -------- d-----w- c:\program files\360Amigo 2012-07-03 22:41 . 2012-07-03 22:41 -------- d-----w- c:\programdata\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E} 2012-07-03 21:18 . 2012-07-03 21:18 -------- d-----w- c:\programdata\Recovery 2012-07-03 21:09 . 2012-07-03 21:13 -------- d-----w- c:\users\Trevor\AppData\Roaming\NCH Software 2012-06-25 23:55 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-25 23:55 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-25 23:55 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-25 23:55 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-25 23:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-25 23:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-25 23:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-25 23:54 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-25 23:54 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-22 20:11 . 2012-06-22 20:11 -------- d-----w- c:\windows\en 2012-06-22 20:09 . 2012-06-22 20:09 -------- d-----w- c:\program files\Windows Live 2012-06-21 15:31 . 2012-06-21 15:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\DSETUP.dll 2012-06-21 15:31 . 2012-06-21 15:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\DXSETUP.exe 2012-06-21 15:31 . 2012-06-21 15:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e99431c81cd4fc201\dsetup32.dll 2012-06-18 23:12 . 2012-06-18 23:12 -------- d-----w- c:\program files (x86)\Conduit 2012-06-18 23:11 . 2012-07-07 14:17 -------- d-----w- c:\users\Cindy\AppData\Local\Conduit 2012-06-18 23:10 . 2012-06-18 23:10 -------- d-----w- c:\users\Cindy\AppData\Local\CRE 2012-06-15 14:17 . 2012-05-18 01:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-13 01:27 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 01:27 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 01:27 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 01:24 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-13 01:24 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-13 01:24 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-13 01:22 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 01:22 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 01:22 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-13 01:22 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-13 01:22 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 01:22 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 01:22 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 01:22 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-13 01:22 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-13 01:22 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-07 21:43 . 2012-06-07 21:43 -------- d-sh--w- c:\windows\system32\%APPDATA% . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-06 17:50 . 2010-12-09 14:45 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-23 03:50 . 2012-04-04 02:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-23 03:50 . 2011-05-17 14:52 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 19:07 . 2012-04-14 15:09 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0538CF1C-8419-4800-ADBB-0C00C799FDA2}] 2012-06-25 14:01 88416 ----a-w- c:\users\Cindy\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392] "ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2008-10-20 210208] "InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648] "GenieoUpdaterService"="c:\users\Cindy\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" [2012-06-25 280928] "GenieoSystemTray"="c:\users\Cindy\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe" [2012-06-25 564064] "360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2012-07-06 5156128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 257224] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 136176] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-07-07 33096] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2011-01-21 7680512] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys [2010-01-19 4608] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-11 232992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-23 333928] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-23 1255736] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-30 20056] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/08/19 02:52];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 22:48 146928] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-01-04 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-01-16 127984] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-02-08 338168] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-06 227384] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-06 2184496] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-01-22 8034368] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-07-27 8593920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:50] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 20:15] . 2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 20:15] . 2012-07-07 c:\windows\Tasks\HPCeeScheduleForCINDY-PC$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-06-21 c:\windows\Tasks\HPCeeScheduleForCindy.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-06-23 c:\windows\Tasks\HPCeeScheduleForTrevor.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-22 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-22 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-22 410136] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896] "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-20 107832] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-28 172032] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-04 487424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Doxillion - c:\program files (x86)\NCH Software\Doxillion\uninst.exe AddRemove-I Want This - c:\program files (x86)\I Want This\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51, 99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43 "{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}"=hex:51,66,7a,6c,4c,1d,38,12,56,9f,34, 9c,79,90,a1,0e,ec,df,cd,82,65,37,92,e0 "{5BED3930-2E9E-76D8-BACC-80DF2188D455}"=hex:51,66,7a,6c,4c,1d,38,12,5e,3a,fe, 5f,ac,60,b6,33,c5,da,c3,9f,24,d6,90,41 "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a, eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54, 06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64 "{0538CF1C-8419-4800-ADBB-0C00C799FDA2}"=hex:51,66,7a,6c,4c,1d,38,12,72,cc,2b, 01,2b,ca,6e,0d,d2,ad,4f,40,c2,c7,b9,b6 "{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02, 15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c "{1631550F-191D-4826-B069-D9439253D926}"=hex:51,66,7a,6c,4c,1d,38,12,61,56,22, 12,2f,57,48,0d,cf,7f,9a,03,97,0d,9d,32 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}"=hex:51,66,7a,6c,4c,1d,38,12,4e,0e,85, 66,3f,23,da,5f,34,e7,d6,f0,b0,e6,3c,2e "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{B6EF6C45-5E8D-4C3B-B580-A5073261A381}"=hex:51,66,7a,6c,4c,1d,38,12,2b,6f,fc, b2,bf,10,55,09,ca,96,e6,47,37,3f,e7,95 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E8DAAA30-6CAA-4B58-9603-8E54238219E2}"=hex:51,66,7a,6c,4c,1d,38,12,5e,a9,c9, ec,98,22,36,0e,e9,15,cd,14,26,dc,5d,f6 "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be, f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:a3,15,1c,bb,16,45,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe c:\program files (x86)\DigitalPersona\Bin\DPAgent.exe . ************************************************************************** . Completion time: 2012-07-07 07:47:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-07 14:47 . Pre-Run: 402,971,475,968 bytes free Post-Run: 403,542,683,648 bytes free . - - End Of File - - BF51A3B6A54A83B928E3E2E2AF1638EF