Incredibar

[NtrNetSrfr]

The first three lines did not have a reset option:

[NtrNetSrfr]

its still there.

[NtrNetSrfr]

i started firefox in safe mode and reset everything and it's still there

[Maniac]

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

• 
  
• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  :regfind
  incredibar
  
  :folderfind
  *incredibar*

  
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

[NtrNetSrfr]

SystemLook 30.07.11 by jpshortstuff

Log created at 18:29 on 18/07/2012 by John

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "incredibar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASMANCS]

========== folderfind ==========

Searching for "*incredibar*"

C:\Users\John\AppData\LocalLow\Incredibar.com d------ [20:16 03/06/2012]

C:\Users\John\AppData\LocalLow\Incredibar.com\incredibar d------ [20:16 03/06/2012]

C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com d------ [20:16 03/06/2012]

-= EOF =-

[Maniac]

Delete your ComboFix copy and download a new fresh one.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Users\John\AppData\LocalLow\Incredibar.com
C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Incredibar_Install_New_RASMANCS]

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[NtrNetSrfr]

ComboFix 12-07-13.03 - John 07/20/2012 15:21:46.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16351.13925 [GMT -4:00]

Running from: c:\users\John\Downloads\ComboFix.exe

Command switches used :: c:\users\John\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\John\AppData\LocalLow\Incredibar.com

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\chrome.manifest

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\arwDwn.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ae.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\bg.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ch.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cn.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\cz.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\de.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\eg.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\en.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\es.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\fr.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\gr.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\he.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\il.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\it.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ja.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\jp.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\nl.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\no.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pl.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\pt.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ro.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ru.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sa.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\se.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\sv.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\tr.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\ua.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\flgs\us.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\help_16.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\home.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\logo.png

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\privecy_16_hot.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\specialoffer.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\tellafriend.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\imgs\uninstall.gif

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.css

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\incredibar.xul

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\mtstart.js

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\content\tmplt.js

c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\extensions\ffxtlbr@incredibar.com\install.rdf

.

.

((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))

.

.

2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Mcx1-CORAL_SPRINGS\AppData\Local\temp

2012-07-20 19:22 . 2012-07-20 19:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 16:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33F4F8AE-FD07-42E4-94F8-9BC030414C37}\mpengine.dll

2012-07-20 02:32 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-09 20:01 . 2010-12-30 21:29 80448 ----a-w- c:\windows\system32\MMCEDT5.exe

2012-07-09 20:01 . 2010-09-21 13:07 312184 ----a-w- c:\windows\system32\drivers\ArcSec.sys

2012-07-08 22:58 . 2012-07-08 22:58 -------- d-----w- C:\_OTL

2012-07-04 21:10 . 2012-07-04 21:10 -------- d-----w- c:\users\John\AppData\Local\visi_coupon

2012-07-04 03:27 . 2012-07-04 03:27 -------- d-----w- c:\users\John\AppData\Local\Macromedia

2012-07-04 00:26 . 2012-02-10 18:58 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96854BBE-6F65-4134-979B-024C9AB34207}\gapaengine.dll

2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\users\John\AppData\Roaming\Eltima Software

2012-06-30 04:00 . 2012-06-30 04:00 -------- d-----w- c:\program files (x86)\Eltima Software

2012-06-29 10:16 . 2012-06-29 10:16 -------- d-----w- c:\users\John\AppData\Local\Xilisoft

2012-06-29 10:14 . 2012-06-29 10:14 -------- d-----w- c:\programdata\Xilisoft

2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files (x86)\Microsoft LifeCam

2012-06-28 05:32 . 2012-06-28 05:32 -------- d-----w- c:\program files\Microsoft LifeCam

2012-06-27 13:41 . 2012-06-27 13:41 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-27 13:36 . 2012-06-27 13:36 -------- d-----w- c:\program files (x86)\Oracle

2012-06-23 02:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 02:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 02:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 02:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 02:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 02:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 02:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 02:56 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 02:56 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 22:22 . 2012-04-10 17:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-11 22:22 . 2011-05-14 05:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-05 07:40 . 2011-12-20 18:15 4077616 ----a-w- c:\windows\PE_Rom.dll

2012-07-03 17:46 . 2011-05-14 04:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-28 00:51 . 2010-11-28 18:57 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-06-11 22:54 . 2012-06-11 22:56 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe

2012-06-08 06:10 . 2012-06-08 06:10 53248 ----a-r- c:\users\John\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-05-20 05:58 . 2011-12-20 22:28 4143152 ----a-w- c:\windows\PE_File.dll

2012-05-19 03:38 . 2012-05-19 03:38 971360 ----a-w- c:\windows\system32\drivers\timntr.sys

2012-05-19 03:37 . 2012-05-19 03:37 210016 ----a-w- c:\windows\system32\drivers\vididr.sys

2012-05-19 03:37 . 2012-05-19 03:37 141920 ----a-w- c:\windows\system32\drivers\vsflt53.sys

2012-05-19 03:37 . 2012-05-19 03:37 275552 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-05-15 04:01 . 2012-06-14 04:15 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 03:03 . 2012-06-14 04:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-05-04 23:29 . 2012-06-18 20:52 772504 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-04 23:29 . 2010-12-20 03:21 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-04 11:06 . 2012-06-14 04:14 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-14 04:14 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-14 04:14 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-14 04:14 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-14 04:14 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-14 04:15 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-14 04:15 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-14 04:15 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-14 04:14 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-14 04:14 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-14 04:14 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-14 04:14 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-14 04:14 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-14 04:14 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-14_05.32.04 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 05:10 . 2012-07-18 15:38 56156 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-14 02:37 . 2012-07-18 15:38 45650 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4125996851-1195880361-1058133894-1001_UserData.bin

- 2010-09-13 23:30 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-13 23:30 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-13 23:30 . 2012-07-13 17:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-13 23:30 . 2012-07-19 15:57 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-13 17:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-19 15:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-14 02:36 . 2012-07-13 17:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-14 02:36 . 2012-07-19 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-14 02:36 . 2012-07-19 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-14 02:36 . 2012-07-13 17:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-14 02:36 . 2012-07-14 05:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-14 02:36 . 2012-07-20 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 17:18 . 2012-07-13 17:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-19 15:54 . 2012-07-19 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-09-14 12:15 . 2012-07-19 15:57 211648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:46 . 2012-07-18 19:04 103008 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 05:01 . 2012-07-19 03:58 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-13 04:16 366804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2010-09-14 04:50 . 2012-07-13 04:16 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-09-14 04:50 . 2012-07-19 03:58 3764680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2010-11-22 00:32 . 2012-07-19 03:58 15379524 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4125996851-1195880361-1058133894-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]

"Facebook Update"="c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048]

"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-23 618496]

"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]

"ASUS AiChargerPlus Execute"="c:\program files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe" [2010-11-08 465536]

"ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-11-25 252544]

"DiscWizardMonitor.exe"="c:\program files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe" [2011-04-29 2638128]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"HostManager"="c:\program files (x86)\Common Files\AOL\1339455344\ee\AOLSoftware.exe" [2010-03-08 41800]

"Everything"="c:\program files (x86)\Everything\Everything.exe" [2009-03-13 602624]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

.

c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

VyprVPN for Giganews.lnk - c:\windows\system32\schtasks.exe [2011-6-10 285696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Giganews Accelerator.lnk - c:\program files (x86)\Giganews Accelerator\GiganewsAccelerator.exe [2011-4-20 456192]

NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2010-9-13 4562944]

TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe [2010-12-20 519744]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]

R3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [x]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-13 51872]

R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2009-11-10 1827328]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 136176]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]

R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 954368]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-30 82816]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]

S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys [2010-11-08 14464]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [2012-05-19 210016]

S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-05-19 141920]

S1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [2010-09-21 312184]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]

S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.18\aaHMSvc.exe [2011-12-29 950912]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-11-17 3273552]

S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2011-03-18 11576]

S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]

S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]

S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-18 26136]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-10 60184]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 22:22]

.

2012-07-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job

- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12]

.

2012-07-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job

- c:\users\John\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-21 23:12]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 22:31]

.

2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001Core.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00]

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4125996851-1195880361-1058133894-1001UA.job

- c:\users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 00:00]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 438784]

"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-11-17 3994960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-01 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-01 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-01 419096]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-01-16 6463080]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

"Seagate Scheduler2 Service"="c:\program files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [2011-04-29 395144]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

.

------- Supplementary Scan -------

.

uStart Page =

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Download with x-ipad-magic-platinum - c:\program files (x86)\Xilisoft\iPad Magic Platinum\upod_link.HTM

IE: Save F&lash with FlashCapture

Trusted Zone: samsungsetup.com\www

TCP: DhcpNameServer = 192.178.1.1

FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\fk6n333v.default\

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]

"OODEFRAG14.00.00.01PROFESSIONAL"="4C3F049743AB1CC3BFA79090397AB2568FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3D9DB7CE019D40AA5CF0E3D9BED7884799B0DBF5D6E14784331FB09337F0E43753216C6643EC85C91E9AEA425165AAAC7153AE1A1A61C48BD2ACBA67A8F562C76F258E4466B669CEA7AC22EB2B70E1B530477D83E937D1ABBD08542D63C1A5BAC74DC2F6EF96A958D1DB028DD08819C5CF3F4B489B01B33E0E802A032E9FEAFCB528FA41B7271D075817E72C4AB4DC520CA57D5708524EAEA19C49DAD351918E5A7812BB98F33B903A7B1625A6EEDFE4E7955FEF8EB2AF7B9A96A5F822089E8296344250F3FD22BDBBDD3028F325789C28DF9E27109C8337DFDA9779EB6D38839306ADBCACBB12EAE5C440B849B91F2DD4094E6571FE9F0B9B8B5A48099E2CCB3B4DD794A994EE8B85EB34AD3C82735A3BC965E81DBDF9B0B9FD8CA75329E8ACBD1BA93FD7E5C3A229C3DD356CC8B5FE6D8EBC41012FACF7EF3B32AC291303890D37EEF625013C4B26EEF04CF84C4D0BC0F794530E1EF6C4B1823243ED54B25C619A58C9072BA9B094C40948863DC27ECCDA8C58B9493C8CBAC258A60757522FB5F57A1CF49D8096CF5221513E4245F1703F2EDC7F65035D0824D36B607D63A3C8AA4DA3E80559D077551D614D76260E4C616142D997F5D3DC7E38F4E71A896E1ECF2DEA630272C87142C0CAE2E55B10453376BB4EFC64A4BD5FFCFC11F58C577C2EDA50E82A2B7C65C0352F3515FE4D83D71F535FA2411776897D9352CCD7396FC5FB0980858A7C3EAB0907FAF64EAAF5A77165970C238515717919A5CD7B87454A1619B513B66E2E922D9EF278ABA14DAFE62385B0C560EA4193C20A1E2C43922097DD98C1FD8A273977155DF51DC0FD3160913A7B862A8D55D39A0255C0862D625183BCF7D19F6318A05E7DC1CB2B42209E87CA4B6A7AD840A47F947FB57D31DFF58E398EC50EDC59C5C19CA2879695A5493452F2167C6AC857224C9DAB677D1A1F54A9D194CBD55D695C8751BFCC3B9CE8176CBAD5EF23E41D08B721641A35C949022E031961D1B7EF1D10FD8BAC37176C85BCDB97A72BC50F8BE8F4497C3F585393EA58D56C18AEA4480947A5A952582728E686EF8AEB4A28DB77F3678BC663045D86796F9D36BEB1F44C46E9C71A5ACEFA965C9414130A47787EECEBD73BBE0206AD83ADBB7A18AA8E3684DCA1DF487E50F8F6605412CD30371B262D0550EFDA090F09FD9EFA1D85D527FDA167B883B3CBBEDFD2EDA0120AC371D6A14BFB337DB2DE0CF1B48E65995E832704D97D21D1669D950E983909E09AA6A9E4F779F4BF2954093E7ED13DA61034E4F1504CE79DEC518B591E1819238E6640B8E9C858D860AB6A3B11"

"OODEFRAG15.00.00.01PROFESSIONAL"="5F085D0808D1F2C469C537BEF9F3F602A4BA6531F1EB10D47098CA262EBBFDA13FB2878994C200173214987BF85E66870F334EF5B6A469D5FCAF0F7A1FA8DBED171DEED8A6D124CF4AE61002F640852C0ABADAE34448C5874B0980E5F2730E8059944E659598B38EF70C57453205B9654EBDE09959B1335BA755AF51118571608C28167D8E33799316145A22B91A58D02CEEEA9A0C3E38E2F9876608B4D0D5BDC62D69D88FC2B345FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933C278784AF39A85185525986AB1AFD2FDB63AD54DA8A7A5EB133B8E7E3BC9DB13E18F17FB07F2AA7540088DB5E4295A2D0B807D1F2BC3CFCA5291D35649A1EABC17C7A854B0ECB4CB5EFA4C2A8A75D72311252FDC4216F1F0AB551A435D292D863EACAA75A490A91E41EBAFD49C4F421DAD16469CCB2790F278975602575B5180C88CD06968EB08178C8BC6A865F182FC5E82CCD87906238D2A29B1376FB67C5F39FB801DD88B40837CCDD5F9051E77C82E61846F4EC3939FC2218A6B2DBD477BA951D45FA20437535C6854827099F12B416B6123257540AA59D7F1876F77BCCE45271DE5486DC69B8D5BED5FED2C3AEF4C9D0D1A29B57DD71A6D2D5DE66DDC7A4BDCD948A262BB9685E382121AA2880B1C38625FDBA0126F44C2379F9BAF9CC113174383DB0456A04D07A38164CD8A120D42F26012D9B7622A7EBBE3E451630E023AC4F7F0F5CCB8830E1CF3118164BD9283027174852042340A9CA8F1E68D69167479E9B65EC686D7036419B797AA6D30898A46FECD6B47DC15F04B448BE905DE333780536A62D190B8AD8243EBE6A10425B6FA846133CBB311808FB1603EB3012982CA4148AF0706BFDAA374DF1981BA6BE70E27EF804EDBB3C81D648441EE33CE97374F2DB4B7A6F303585ED731D59537B3E061B0D3F10CF6FBFE58A120D1C3DEE29A21506A18726F735BE9BB950E6BA3E03B005C9FFD919A8025E05FF99B9358892D2CECBD0280122AD0527822BAA892EC4522314A5C491E6E62A3EFE230937D5F8C3CC18F71F781DABB26FEA292C7298890BEEF2F1D28CA946E9A03E3984FD771B7EE1434879725EC08CAC4D9EEDDCF970D1EDF1EF1B4A872659350F600E12FFB13B8ABF48930A8FC01F6427DCD1036B2125CC959348A063F45AE140FB67A967268DE5290E026FC5AD8B771B8511A4AA65A69FA985B58F565F164890D31DE5E7C62FDD9B519F4D507256CD629BEC7C274030C440588614E7FB37CF54B85671EF21203158AE328ABBBDE47F460807D994F8FDC7D407EFE286134959F15F07FB1E4ECB15AA89661BAE36352D4E4A5AF0B22E5C67F5C23196390852051A95228B8164A1F879BA8"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-20 15:24:10

ComboFix-quarantined-files.txt 2012-07-20 19:24

ComboFix2.txt 2012-07-17 03:40

ComboFix3.txt 2012-07-16 08:41

ComboFix4.txt 2012-07-16 08:26

ComboFix5.txt 2012-07-20 19:21

.

Pre-Run: 290,894,376,960 bytes free

Post-Run: 290,576,490,496 bytes free

.

- - End Of File - - CEACC4C57EABDC0779D8C0C881051C98

[Maniac]

What is the situation now? Any progress?

[NtrNetSrfr]

Amazing! Thank you SO much! HAPPY BIRTHDAY!

[Maniac]

Thanks!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!