ComboFix 11-10-30.02 - Marzi Wolfen 10/30/2011 14:46:24.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6143.1664 [GMT -8:00] Running from: I:\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Marzi Wolfen\AppData\Local\.# c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\iun6002.exe c:\windows\system32\consrv.dll c:\windows\System64 c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll c:\windows\usgwmt c:\windows\usgwmt\BReWErS.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 ))))))))))))))))))))))))))))))) . . 2011-10-30 23:08 . 2011-10-30 23:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-30 23:08 . 2011-10-30 23:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-30 17:17 . 2011-10-30 23:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2585F73E-1F3F-45BF-B81F-B8753C57AB97}\offreg.dll 2011-10-30 17:17 . 2011-10-18 10:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2585F73E-1F3F-45BF-B81F-B8753C57AB97}\mpengine.dll 2011-10-30 00:57 . 2011-10-30 00:57 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-10-30 00:56 . 2011-10-30 00:57 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2011-10-30 00:40 . 2011-10-30 01:17 -------- d-----w- c:\program files (x86)\CAPCOM 2011-10-30 00:20 . 2011-10-30 00:20 526392 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-10-29 02:33 . 2011-10-29 02:33 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\SUPERAntiSpyware.com 2011-10-29 02:33 . 2011-10-29 02:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-10-29 00:02 . 2011-10-29 02:18 -------- d-----w- c:\program files (x86)\PC Tools Security 2011-10-28 22:05 . 2011-10-29 01:57 -------- d-----w- c:\programdata\PC Tools 2011-10-28 01:34 . 2011-10-28 01:48 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\AtomZombieData 2011-10-28 01:34 . 2011-10-28 01:46 -------- d-----w- c:\program files (x86)\Atom Zombie Smasher 2011-10-27 17:45 . 2011-10-27 17:45 -------- d-----w- c:\program files (x86)\SEGA 2011-10-26 17:13 . 2011-10-26 17:13 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-26 15:51 . 2011-10-26 15:54 -------- d-----w- c:\users\Marzi Wolfen\.tectonicus 2011-10-26 15:51 . 2011-10-26 15:51 -------- d-----w- c:\users\Marzi Wolfen\Minetographer 2011-10-26 15:14 . 2011-10-26 15:14 -------- d-----w- c:\program files\Firebird 2011-10-26 15:08 . 2011-10-26 15:08 -------- d-----w- c:\users\Marzi Wolfen\AppData\Local\SpacialAudio 2011-10-26 00:32 . 2011-10-26 00:32 -------- d-----w- c:\program files (x86)\APC 2011-10-26 00:31 . 2011-10-26 00:31 6918144 ----a-w- c:\users\Marzi Wolfen\PCPE_3.0.msi 2011-10-23 15:04 . 2011-10-23 15:04 -------- d-----w- c:\programdata\Media Center Programs 2011-10-21 23:51 . 2011-10-21 23:51 -------- d-----w- c:\programdata\LogiShrd 2011-10-21 23:50 . 2011-10-21 23:50 -------- d-----w- c:\programdata\Logitech 2011-10-21 23:50 . 2011-10-21 23:50 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\Leadertech 2011-10-21 23:49 . 2011-10-21 23:49 -------- d-----w- c:\program files\Logitech 2011-10-21 23:49 . 2011-10-21 23:49 -------- d-----w- c:\program files (x86)\Logitech 2011-10-21 23:48 . 2011-10-21 23:48 -------- d-----w- c:\users\Marzi Wolfen\AppData\Local\Downloaded Installations 2011-10-21 23:30 . 2009-08-21 18:55 375808 ----a-w- c:\windows\system32\vsnp2uvc.dll 2011-10-21 23:30 . 2009-08-14 04:33 239616 ----a-w- c:\windows\SysWow64\rsnp2uvc.dll 2011-10-21 23:30 . 2009-08-14 04:33 238080 ----a-w- c:\windows\system32\rsnp2uvc.dll 2011-10-21 23:30 . 2009-08-21 18:55 306176 ----a-w- c:\windows\SysWow64\vsnp2uvc.dll 2011-10-21 23:30 . 2009-08-20 18:42 3531136 ----a-w- c:\windows\system32\drivers\snp2uvc.sys 2011-10-21 23:30 . 2009-08-12 23:06 662016 ----a-w- c:\windows\vsnp2uvc.exe 2011-10-21 23:30 . 2009-02-17 02:33 306176 ----a-w- c:\windows\system32\csnp2uvc.dll 2011-10-21 23:30 . 2008-12-30 01:14 35456 ----a-w- c:\windows\system32\drivers\sncduvc.sys 2011-10-21 23:30 . 2011-10-21 23:30 -------- d-----w- c:\program files (x86)\Common Files\SNP2UVC 2011-10-21 21:55 . 2011-10-21 21:55 -------- d-----w- c:\users\Marzi Wolfen\AppData\Local\PAYDAY 2011-10-21 21:55 . 2011-10-21 21:55 -------- d-----w- c:\programdata\RELOADED 2011-10-20 09:41 . 2011-10-20 09:41 -------- d-----w- c:\program files (x86)\Trendy Entertainment 2011-10-14 06:44 . 2011-10-14 06:46 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\wargaming.net 2011-10-12 15:27 . 2011-10-12 15:30 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\savedata 2011-10-12 15:24 . 2011-10-12 15:24 -------- d-----w- c:\program files (x86)\AKABEiSOFT2 2011-10-11 10:28 . 2011-10-11 10:49 -------- d-----w- c:\program files (x86)\IONCROSS Freelancer Character Editor 2011-10-10 09:45 . 2011-10-10 09:45 -------- d-----w- c:\users\Marzi Wolfen\AppData\Local\Freelancer 2011-10-06 23:22 . 2011-10-06 23:22 -------- d-----w- c:\program files (x86)\KnuckleCracker 2011-10-06 01:00 . 2011-10-06 01:00 -------- d-----w- c:\users\Marzi Wolfen\AppData\Roaming\Prism 2011-10-06 01:00 . 2011-10-06 01:00 -------- d-----w- c:\users\Marzi Wolfen\AppData\Local\Prism 2011-10-03 19:08 . 2011-10-03 19:08 -------- d-----w- c:\program files (x86)\EA Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-22 00:53 . 2011-06-12 11:23 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-10-03 13:06 . 2010-11-03 21:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-08-17 07:36 . 2011-08-17 07:36 61440 ----a-w- c:\windows\SysWow64\RAASMM.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-11-24 17:35 433648 ----a-w- c:\programdata\Partner\Partner.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TBPanel"="c:\program files (x86)\Vtune\TBPanel.exe" [2010-07-31 2158592] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-14 3077528] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160] "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-05-26 800768] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016] "tsnp2uvc"="c:\program files (x86)\Common Files\SNP2UVC\tsnp2uvc.exe" [2009-08-12 241664] "Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736] NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2010-10-27 4562944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files (x86)\Google\Gmail Notifier\gnotify.exe . R0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] R1 SASDIFSV;SASDIFSV;c:\users\MARZIW~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\MARZIW~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 X6va003;X6va003;c:\users\MARZIW~1\AppData\Local\Temp\003C131.tmp [x] R3 X6va005;X6va005;c:\users\MARZIW~1\AppData\Local\Temp\0052523.tmp [x] R4 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-08-28 1150496] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 135664] R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-11-24 332272] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\APC PowerChute Personal Edition\dataserv.exe [2010-09-15 21880] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-28 1974080] S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160] S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552] S3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [x] S3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-10-30 c:\windows\Tasks\At1.job - c:\windows\SysWOW64\getmacc.exe [2009-07-13 01:14] . 2010-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 06:05] . 2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 06:05] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2009-11-24 17:35 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Marzi Wolfen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016] "combofix"="c:\combofix\CF14567.3XE" [2009-07-14 344576] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1331g&r=17361010g406p0425v135r4501s216 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = ;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Marzi Wolfen\AppData\Roaming\Mozilla\Firefox\Profiles\zu565iz8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard FF - Ext: Personas Rotator: {6e73f6b7-b9ab-44b8-b744-6393e3c2e351} - %profile%\extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: 4chan: {9AA46F4F-4DC7-4c06-97AF-5035170633FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} FF - Ext: Better Kongregate: betterkongregate@matthewammann.com - %profile%\extensions\betterkongregate@matthewammann.com FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.protocol-handler.warn-external.dnupdate - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file) BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Toolbar-Locked - (no file) Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-73149864.sys Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe AddRemove-FireWarriorA00 - c:\windows\iun6002.exe AddRemove-majikoi - c:\program files (x86)\Majikoi\????!\Uninstall.exe AddRemove-UnityWebPlayer - c:\users\Marzi Wolfen\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003] "ImagePath"="\??\c:\users\MARZIW~1\AppData\Local\Temp\003C131.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005] "ImagePath"="\??\c:\users\MARZIW~1\AppData\Local\Temp\0052523.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2803747968-1984679724-1468698776-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEE079EC-6AC9-0443-D91E-85D6724D7827}*] "iainlapmglopjjappc"=hex:6b,61,65,6d,6d,6f,67,66,6f,68,69,66,61,67,6a,6f,61,63, 63,69,68,70,00,00 "hagmnkkpebdjakal"=hex:6b,61,65,6d,6d,6f,67,66,6f,68,69,66,61,67,6a,6f,61,63, 63,69,68,70,00,00 "iaeofeecmfbjgannnd"=hex:63,61,6e,63,70,6d,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe . ************************************************************************** . Completion time: 2011-10-30 15:33:34 - machine was rebooted ComboFix-quarantined-files.txt 2011-10-30 23:33 . Pre-Run: 203,381,764,096 bytes free Post-Run: 202,713,489,408 bytes free . - - End Of File - - BDE8446B14030BDCFC07D844926FB937