ComboFix 11-08-19.02 - Zinja 08/20/2011 9:30.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1602 [GMT -5:00] Running from: c:\users\Zinja\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Downloaded Installers c:\program files (x86)\Downloaded Installers\{87e60394-2e62-400d-99c0-c1bea2f9a439}\setup.msi . . ((((((((((((((((((((((((( Files Created from 2011-07-20 to 2011-08-20 ))))))))))))))))))))))))))))))) . . 2011-08-20 15:29 . 2011-08-20 15:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-08-19 23:54 . 2011-08-19 23:54 -------- d-----w- c:\programdata\Kaspersky Lab 2011-08-19 22:14 . 2011-08-19 22:14 -------- d-----w- c:\users\Zinja\AppData\Roaming\Uniblue 2011-08-19 22:14 . 2011-08-19 22:14 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-08-19 22:14 . 2011-08-19 22:14 -------- d-----w- c:\program files (x86)\Uniblue 2011-08-19 22:14 . 2011-08-19 22:14 -------- d-----w- c:\users\Zinja\AppData\Local\PackageAware 2011-08-19 19:59 . 2011-08-19 19:59 -------- d-----w- c:\programdata\LockItTight 2011-08-19 19:59 . 2011-08-19 19:59 -------- d-----w- c:\program files (x86)\LockItTight 2011-08-19 19:58 . 2011-08-19 19:58 -------- d-----w- c:\program files (x86)\openpages.info 2011-08-19 08:24 . 2011-08-20 13:31 -------- d-----w- c:\programdata\SystemExplorer 2011-08-19 08:24 . 2011-08-19 08:24 -------- d-----w- c:\program files (x86)\System Explorer 2011-08-19 07:49 . 2011-08-19 07:50 -------- d-----w- c:\program files (x86)\Lunascape 2011-08-19 07:06 . 2011-08-19 07:06 -------- d-----w- c:\program files (x86)\Hamster Soft 2011-08-19 05:21 . 2011-08-19 05:50 -------- d-----w- c:\program files (x86)\Safari 2011-08-19 05:18 . 2011-08-19 05:18 -------- d-----w- c:\users\Zinja\AppData\Local\Secunia PSI 2011-08-19 04:49 . 2011-08-19 04:49 -------- d-----w- c:\users\Zinja\AppData\Roaming\CBS Interactive 2011-08-19 04:22 . 2011-08-20 15:29 -------- d-----w- c:\users\Zinja\AppData\Local\temp 2011-08-18 22:27 . 2011-08-18 22:27 -------- d-----w- c:\program files (x86)\Foxit Software 2011-08-18 21:36 . 2011-08-18 21:36 -------- d-----w- c:\programdata\Skype 2011-08-18 21:12 . 2011-08-19 05:51 -------- d-----w- c:\users\Zinja\AppData\Roaming\Apple Computer 2011-08-18 21:12 . 2011-08-19 05:22 -------- d-----w- c:\users\Zinja\AppData\Local\Apple Computer 2011-08-18 21:11 . 2011-08-18 21:11 -------- d-----w- c:\program files\iPod 2011-08-18 21:11 . 2011-08-18 21:12 -------- d-----w- c:\program files\iTunes 2011-08-18 21:11 . 2011-08-18 21:12 -------- d-----w- c:\program files (x86)\iTunes 2011-08-18 21:10 . 2011-08-18 21:10 -------- d-----w- c:\program files\Common Files\Apple 2011-08-18 15:24 . 2011-08-18 21:11 -------- d-----w- c:\programdata\Apple Computer 2011-08-18 15:24 . 2011-08-18 15:25 -------- d-----w- c:\program files (x86)\QuickTime 2011-08-18 10:29 . 2011-08-18 10:29 -------- d-----w- c:\programdata\yahoo! 2011-08-18 00:40 . 2011-08-18 00:41 -------- d-----w- c:\program files\CCleaner 2011-08-17 23:18 . 2011-08-18 15:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2011-08-17 23:18 . 2011-08-18 15:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2011-08-17 23:18 . 2011-08-18 15:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-08-17 23:18 . 2011-08-18 15:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-08-17 23:18 . 2011-08-18 15:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-08-17 23:18 . 2011-08-18 15:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-08-17 23:18 . 2011-08-18 15:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-08-17 15:23 . 2011-08-17 15:23 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2011-08-17 15:22 . 2011-08-19 05:45 -------- d-----w- c:\users\Zinja\AppData\Local\Adobe 2011-08-17 05:21 . 2011-08-17 05:22 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2011-08-17 05:20 . 2011-08-17 05:20 -------- d-----w- c:\programdata\Apple 2011-08-17 05:09 . 2011-08-17 05:09 -------- d-----w- c:\users\Zinja\AppData\Local\Diagnostics 2011-08-17 05:04 . 2011-08-17 05:04 -------- d-----w- c:\program files (x86)\WinZip Courier 2011-08-17 05:04 . 2011-08-17 05:04 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP 2011-08-17 05:03 . 2011-08-17 05:03 -------- d-----w- c:\users\Zinja\AppData\Local\WinZip 2011-08-17 05:02 . 2011-08-17 05:03 -------- d-----w- c:\programdata\WinZip 2011-08-17 04:21 . 2011-08-17 04:21 -------- d-----w- c:\users\Zinja\AppData\Local\Mozilla 2011-08-16 08:35 . 2011-08-16 08:35 -------- d-----w- c:\users\Zinja\AppData\Roaming\Malwarebytes 2011-08-16 06:34 . 2011-08-16 06:34 -------- d-----w- c:\programdata\Malwarebytes 2011-08-16 06:34 . 2011-08-19 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-08-16 03:18 . 2011-08-16 03:18 -------- d-----w- c:\users\Zinja\AppData\Local\Apps 2011-08-15 15:12 . 2011-08-15 19:22 -------- d-----w- c:\users\Zinja\AppData\Roaming\QuickScan 2011-08-14 20:42 . 2011-07-04 11:43 253888 ----a-w- c:\windows\system32\aswBoot.exe 2011-08-14 20:41 . 2011-08-14 20:41 -------- d-----w- c:\program files\AVAST Software 2011-08-14 20:37 . 2011-08-19 03:31 -------- d-----w- c:\program files (x86)\Trend Micro 2011-08-14 20:37 . 2011-08-14 20:37 388096 ----a-r- c:\users\Zinja\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-14 20:32 . 2011-08-14 20:32 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-08-14 20:26 . 2011-08-14 20:26 -------- d-----w- c:\users\Zinja\AppData\Local\Microsoft Help 2011-08-14 20:25 . 2011-08-20 00:56 -------- d-----w- c:\programdata\Microsoft Help 2011-08-14 20:09 . 2011-08-20 07:12 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2011-08-14 20:00 . 2011-08-14 20:00 -------- d-----w- c:\users\Zinja\AppData\Local\ATI 2011-08-14 19:49 . 2011-08-14 19:49 -------- d-----w- c:\programdata\ATI 2011-08-14 16:49 . 2000-01-01 00:00 651776 ------w- c:\windows\system32\stapi64.dll 2011-08-14 16:46 . 2000-01-01 00:00 520192 ----a-w- c:\windows\system32\drivers\stwrt64.sys 2011-08-14 16:46 . 2000-01-01 00:00 431616 ----a-w- c:\windows\system32\stcplx64.dll 2011-08-14 16:46 . 2000-01-01 00:00 1499136 ----a-w- c:\windows\system32\stapo64.dll 2011-08-14 16:45 . 2011-08-14 19:16 -------- d-----w- c:\program files\IDT 2011-08-14 16:35 . 2000-01-01 00:00 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2011-08-14 16:17 . 2011-08-14 16:17 -------- d-----w- c:\users\Zinja\AppData\Local\SlimWare Utilities Inc 2011-08-14 16:17 . 2011-08-19 19:49 -------- d-----w- c:\program files (x86)\SlimDrivers 2011-08-14 13:45 . 2009-10-02 16:46 68664 ----a-w- c:\windows\system32\drivers\amdsata.sys 2011-08-14 13:45 . 2009-10-02 16:46 29240 ----a-w- c:\windows\system32\drivers\amdxata.sys 2011-08-14 13:45 . 2009-10-02 16:46 16440 ----a-w- c:\windows\system32\drivers\AtiPcie.sys 2011-08-13 23:42 . 2010-02-09 00:19 8038944 ----a-w- c:\windows\system32\RTSUSTORicon.dll 2011-08-13 23:42 . 2010-02-09 02:57 239136 ----a-w- c:\windows\system32\drivers\RtsUStor.sys 2011-08-13 23:42 . 2010-02-09 00:19 422432 ----a-w- c:\windows\system32\RtsUStor.dll 2011-08-13 23:24 . 2011-05-27 22:58 1284712 ----a-w- c:\windows\RtlExUpd.dll 2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\program files\Common Files\ATI Technologies 2011-08-13 22:41 . 2011-08-13 22:41 -------- d-----w- c:\users\Zinja\AppData\Local\AMD 2011-08-13 22:39 . 2011-08-13 22:39 -------- d-----w- c:\programdata\AMD 2011-08-13 22:39 . 2010-02-18 14:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys 2011-08-13 22:33 . 2011-08-14 19:15 -------- d-----w- c:\program files\ATI Technologies 2011-08-11 05:14 . 2011-08-11 05:14 -------- d-----w- c:\users\Zinja\AppData\Roaming\PrimoPDF 2011-08-11 04:59 . 2011-02-28 22:37 95008 ----a-w- c:\windows\system32\Primomonnt.dll 2011-08-10 20:55 . 2011-08-10 20:55 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2011-08-10 08:02 . 2011-08-10 08:02 -------- d-sh--w- c:\windows\system32\%APPDATA% 2011-08-10 08:02 . 2011-07-22 05:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-08-10 08:02 . 2011-07-22 02:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-08-09 22:25 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe 2011-08-09 22:24 . 2011-07-16 05:21 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-08-09 01:27 . 2011-06-22 16:51 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll 2011-08-06 01:21 . 2011-08-06 01:21 -------- d-----w- c:\users\Zinja\AppData\Roaming\U3 2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\SysWow64\dpl100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-19 05:19 . 2011-05-14 19:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-16 04:26 . 2011-08-09 22:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-13 14:43 . 2011-07-13 14:43 74272 ----a-w- c:\windows\system32\RtNicProp64.dll 2011-07-13 14:43 . 2011-07-13 14:43 344680 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2011-07-13 14:43 . 2010-05-21 08:41 107552 ----a-w- c:\windows\system32\RTNUninst64.dll 2011-07-13 14:40 . 2010-05-21 08:42 6656 ----a-w- c:\windows\system32\bcmwlrc.dll 2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 16:34 . 2011-07-12 16:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-08 04:37 . 2011-07-08 04:37 60416 ----a-w- c:\windows\system32\OVDecode64.dll 2011-07-08 04:37 . 2011-07-08 04:37 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-07-08 04:37 . 2011-07-08 04:37 51200 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-08 04:37 . 2011-07-08 04:37 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll 2011-07-08 04:36 . 2011-07-08 04:36 16907776 ----a-w- c:\windows\system32\amdocl64.dll 2011-07-08 04:36 . 2011-07-08 04:36 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-07-07 00:52 . 2011-02-21 06:45 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-07-01 09:46 . 2011-07-01 09:46 31232 ----a-w- c:\windows\system32\drivers\tap0901.sys 2011-06-16 08:34 . 2011-06-16 08:34 79872 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll 2011-06-16 08:34 . 2011-06-16 08:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll 2011-06-16 08:34 . 2011-06-16 08:34 2117632 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll 2011-06-16 08:34 . 2011-06-16 08:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll 2011-06-11 03:07 . 2011-07-13 13:37 3137536 ----a-w- c:\windows\system32\win32k.sys 2011-06-10 19:23 . 2011-02-21 01:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-10 19:19 . 2011-02-21 03:45 525544 ----a-w- c:\windows\system32\deployJava1.dll 2011-06-10 19:02 . 2011-01-13 11:19 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-06-10 19:02 . 2011-01-13 11:19 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-05-24 11:42 . 2011-06-28 21:38 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-28 21:37 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-28 21:37 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-28 21:38 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-28 21:38 252928 ----a-w- c:\windows\SysWow64\drvinst.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-08-19_04.12.55 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-08-19 04:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-08-20 07:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-08-19 04:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-08-20 07:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-08-20 07:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-08-19 04:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-08-19 04:42 . 2011-08-19 04:42 87940 c:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe + 2011-08-02 12:54 . 2011-08-02 12:54 86016 c:\windows\SysWOW64\Adobe\Shockwave 11\SwMenu.dll + 2011-07-15 11:39 . 2011-07-15 11:39 73408 c:\windows\SysWOW64\Adobe\Shockwave 11\gtapi.dll + 2011-07-15 11:39 . 2011-07-15 11:39 64512 c:\windows\SysWOW64\Adobe\Shockwave 11\gcapi_dll.dll + 2011-08-02 12:55 . 2011-08-02 12:55 12800 c:\windows\SysWOW64\Adobe\Shockwave 11\DynaPlayer.dll + 2010-04-25 16:42 . 2011-08-20 07:14 79750 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-08-20 07:14 62248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-02-21 00:27 . 2011-08-20 07:14 25242 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1115849333-2882087070-3583721905-1000_UserData.bin + 2011-02-21 02:23 . 2011-08-20 08:14 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-21 02:23 . 2011-08-18 00:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-02-21 02:23 . 2011-08-18 00:41 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-02-21 02:23 . 2011-08-20 08:14 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-08-20 08:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-08-18 00:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-08-20 07:20 91248 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2011-02-21 06:21 . 2011-02-21 06:21 49152 c:\windows\Installer\{470F8054-C07E-43C5-B2DC-4869E7FAF879}\NewShortcut1.exe + 2011-02-21 06:21 . 2011-08-19 19:58 49152 c:\windows\Installer\{470F8054-C07E-43C5-B2DC-4869E7FAF879}\NewShortcut1.exe + 2011-08-20 07:12 . 2011-08-20 07:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-19 04:10 . 2011-08-19 04:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-08-19 04:10 . 2011-08-19 04:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-08-20 07:12 . 2011-08-20 07:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-02-21 06:21 . 2011-02-21 06:21 9662 c:\windows\Installer\{470F8054-C07E-43C5-B2DC-4869E7FAF879}\ARPPRODUCTICON.exe + 2011-02-21 06:21 . 2011-08-19 19:58 9662 c:\windows\Installer\{470F8054-C07E-43C5-B2DC-4869E7FAF879}\ARPPRODUCTICON.exe + 2011-08-19 05:19 . 2011-08-19 05:19 243360 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe + 2011-08-19 05:19 . 2011-08-19 05:19 328864 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.dll + 2011-02-22 22:58 . 2011-08-20 07:12 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2011-02-22 22:58 . 2011-08-19 04:11 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-07-15 11:39 . 2011-07-15 11:39 279992 c:\windows\SysWOW64\Adobe\Shockwave 11\SymCCIS.dll + 2011-08-02 12:54 . 2011-08-02 12:54 114176 c:\windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe + 2011-08-02 12:55 . 2011-08-02 12:55 434176 c:\windows\SysWOW64\Adobe\Shockwave 11\Proj.dll + 2011-08-02 12:54 . 2011-08-02 12:54 365056 c:\windows\SysWOW64\Adobe\Shockwave 11\Plugin.dll + 2011-08-02 12:43 . 2011-08-02 12:43 990208 c:\windows\SysWOW64\Adobe\Shockwave 11\iml32.dll + 2011-08-02 12:56 . 2011-08-02 12:56 892416 c:\windows\SysWOW64\Adobe\Shockwave 11\gi.dll + 2011-08-02 12:53 . 2011-08-02 12:53 542720 c:\windows\SysWOW64\Adobe\Shockwave 11\Control.dll + 2011-08-02 13:01 . 2011-08-02 13:01 112568 c:\windows\SysWOW64\Adobe\Director\SWDNLD.EXE + 2011-08-02 13:01 . 2011-08-02 13:01 279480 c:\windows\SysWOW64\Adobe\Director\SwDir.dll + 2011-08-02 12:55 . 2011-08-02 12:55 145920 c:\windows\SysWOW64\Adobe\Director\np32dsw.dll + 2011-02-21 14:13 . 2011-08-20 13:09 403534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2011-08-19 05:17 . 2011-08-19 05:17 261584 c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe + 2011-08-19 05:17 . 2011-08-19 05:17 349136 c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.dll - 2009-07-14 05:01 . 2011-08-19 04:09 445544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-08-20 07:11 445544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-23 14:45 . 2011-08-14 20:07 445544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1003-12288.dat + 2011-06-23 14:45 . 2011-08-20 07:11 445544 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1003-12288.dat + 2011-02-21 05:29 . 2011-08-20 05:54 625700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1000-4096.dat - 2011-02-21 05:29 . 2011-08-18 17:34 625700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1000-4096.dat + 2011-08-19 19:49 . 2011-08-19 19:49 131072 c:\windows\Installer\{87E60394-2E62-400D-99C0-C1BEA2F9A439}\Icon.exe + 2011-08-19 05:50 . 2011-08-19 05:50 897024 c:\windows\Installer\{735619D4-B42A-437A-958C-199BFCAEDB38}\SafariIco.exe + 2011-04-15 15:09 . 2011-08-19 05:22 897024 c:\windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe - 2011-04-15 15:09 . 2011-06-29 21:01 897024 c:\windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe + 2011-08-02 13:01 . 2011-08-02 13:01 1040824 c:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe + 2011-07-29 09:40 . 2011-07-29 09:40 2376368 c:\windows\SysWOW64\Adobe\Shockwave 11\gt.exe + 2011-08-02 12:45 . 2011-08-02 12:45 1740800 c:\windows\SysWOW64\Adobe\Shockwave 11\dirapi.dll + 2009-07-14 04:45 . 2011-08-20 06:00 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2011-08-19 03:26 7100862 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2011-05-16 22:08 . 2011-08-14 20:07 2133064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-16 22:08 . 2011-08-20 07:11 2133064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-02-21 01:32 . 2011-08-20 07:11 5018744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1000-8192.dat + 2011-02-21 04:21 . 2011-08-20 07:11 1810196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1115849333-2882087070-3583721905-1000-12288.dat + 2011-06-06 20:45 . 2011-06-06 20:45 2318848 c:\windows\Installer\46a71e.msi + 2011-06-06 11:29 . 2011-06-06 11:29 1933312 c:\windows\Installer\17c7efc.msi + 2011-08-02 19:00 . 2011-08-02 19:00 5394944 c:\windows\Installer\17192.msi + 2010-07-15 02:10 . 2010-07-15 02:10 2818048 c:\windows\Installer\1110d.msi + 2011-02-21 06:20 . 2011-08-19 19:58 1032704 c:\windows\Downloaded Installations\{6E7480B5-B13E-4072-8BE6-58767EEFEC6E}\Process And Port Analyzer.msi - 2011-02-21 06:20 . 2011-02-21 06:20 1032704 c:\windows\Downloaded Installations\{6E7480B5-B13E-4072-8BE6-58767EEFEC6E}\Process And Port Analyzer.msi + 2011-08-15 13:22 . 2011-08-15 13:22 29323264 c:\windows\Installer\4a1da8.msi + 2011-07-06 01:38 . 2011-07-06 01:38 18754560 c:\windows\Installer\46a843.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A8FB70FA-0FDF-4601-9DC4-BFA1B357204F}] 2011-05-19 08:00 193864 ----a-r- c:\progra~2\WINZIP~1\wzwmcie.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemExplorerAutoStart"="c:\program files (x86)\System Explorer\SystemExplorer.exe" [2011-08-11 3027784] "RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-07-12 67456] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "HFALoader"="c:\program files (x86)\Hamster Soft\Free Zip Archiver\Hamster.Archiver.UI.exe" [2011-05-10 2925056] "Google Desktop Search"="c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2011-08-19 30192] . c:\users\Zinja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CNET TechTracker.lnk - c:\users\Zinja\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-4-28 2619904] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoStrCmpLogical"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\Google\GOBCA7~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968] R3 ATP;Comodo EasyVPN Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x] R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2011-08-10 21712] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-08-19 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WefiEngSvc;WeFi Engine Service;c:\program files (x86)\WeFi\WefiEngSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] R4 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [x] R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x] R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x] R4 RumorServer;McAfee Peer Distribution Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs64.sys [x] S1 Cox_Business_CBOBFilter;Cox_Business_CBOBFilter;c:\windows\system32\DRIVERS\Cox_Business_CBOB.sys [x] S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-08-09 328536] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2000-01-01 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-08 365568] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-02-26 127984] S2 Cox_Business_CBOBbackup;Online Backup Backup Service;c:\program files\Online Backup\Cox_Business_CBOBbackup.exe [2011-02-25 47432] S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-03-06 338168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848] S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416] S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2011-05-18 62184] S3 ALSysIO;ALSysIO;c:\users\Zinja\AppData\Local\Temp\ALSysIO64.sys [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000Core.job - c:\users\Zinja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 21:31] . 2011-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1115849333-2882087070-3583721905-1000UA.job - c:\users\Zinja\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-14 21:31] . 2011-08-20 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-08-19 06:47] . 2011-08-20 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2011-08-15 13:21] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter] @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}" [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter] @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}" [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter] @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}" [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter] @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}" [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter] @="{855156F0-2A0F-11DE-8C30-0800200C9A66}" [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}] 2010-12-18 01:40 2210304 ----a-w- c:\program files (x86)\Zecter\ZumoDrive\ShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cox_Business_CBOB] @="{0c5ad048-552c-fbe6-c6b0-6a08559c9c7d}" [HKEY_CLASSES_ROOT\CLSID\{0c5ad048-552c-fbe6-c6b0-6a08559c9c7d}] 2011-02-25 15:19 4345160 ----a-w- c:\program files\Online Backup\Cox_Business_CBOBshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cox_Business_CBOB2] @="{660ab6ed-0dcb-8263-f187-c9e122de6608}" [HKEY_CLASSES_ROOT\CLSID\{660ab6ed-0dcb-8263-f187-c9e122de6608}] 2011-02-25 15:19 4345160 ----a-w- c:\program files\Online Backup\Cox_Business_CBOBshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Cox_Business_CBOB3] @="{08e527d9-6623-f035-7753-07126ac1c440}" [HKEY_CLASSES_ROOT\CLSID\{08e527d9-6623-f035-7753-07126ac1c440}] 2011-02-25 15:19 4345160 ----a-w- c:\program files\Online Backup\Cox_Business_CBOBshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Zinja\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896] "HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072] "HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832] "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [BU] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2000-01-01 525312] . ------- Supplementary Scan ------- . uStart Page = about:blank uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://search.foxtab.com/?s=0&chnl=dcom&cd=2XzutBtN2Y1L1QzuyBtD0FtAzyyDtAyDyBzytAtA0E0FyByD0FtN0D0TzutBtDtCtCtDzztCyE&cr=455734634 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Free YouTube Download IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send image to &Bluetooth Device... IE: Send page to &Bluetooth Device... IE: Tux Messenger share IE: {{E6B2C7F7-B5C8-45D2-8820-E17C03C99ED1} Trusted Zone: facebook.com\www Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: //about.htm/ Trusted Zone: //Exclude.htm/ Trusted Zone: //LanguageSelection.htm/ Trusted Zone: //Message.htm/ Trusted Zone: //MyAgttryCmd.htm/ Trusted Zone: //MyAgttryNag.htm/ Trusted Zone: //MyNotification.htm/ Trusted Zone: //NOCLessUpdate.htm/ Trusted Zone: //quarantine.htm/ Trusted Zone: //ScanNow.htm/ Trusted Zone: //strings.vbs/ Trusted Zone: //Template.htm/ Trusted Zone: //Update.htm/ Trusted Zone: //VirFound.htm/ Trusted Zone: mcafee.com\* Trusted Zone: mcafeeasap.com\betavscan Trusted Zone: mcafeeasap.com\vs Trusted Zone: mcafeeasap.com\www TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F5AD79AC-758E-47A4-8BFA-762DB7ECF4CC}\2456C6B696E6F574F505C65737F5D494D4F4F5833463545413: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{F5AD79AC-758E-47A4-8BFA-762DB7ECF4CC}\C4964747C656F52427561646F534F6D60716E697: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{F5AD79AC-758E-47A4-8BFA-762DB7ECF4CC}\F4A71627B6E41647572716C664F6F64637: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Zinja\AppData\Roaming\Mozilla\Firefox\Profiles\6w4rqzwk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ShellIconOverlayIdentifiers-{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} - (no file) ShellIconOverlayIdentifiers-{62CCD8E3-9C21-41E1-B55E-1E26DFC68511} - (no file) ShellIconOverlayIdentifiers-{A759AFF6-5851-457D-A540-F4ECED148351} - (no file) ShellIconOverlayIdentifiers-{1574C9EF-7D58-488F-B358-8B78C1538F51} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-20 10:52:53 ComboFix-quarantined-files.txt 2011-08-20 15:52 ComboFix2.txt 2011-08-19 04:22 . Pre-Run: 40,612,524,032 bytes free Post-Run: 40,748,064,768 bytes free . - - End Of File - - 90F7441AFC75F7E47C69FAAEFBC846B9