ComboFix 11-11-23.01 - Jeff 11/26/2011  12:40:51.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3885.2903 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jeff\AppData\Roaming\Microsoft\~DFK38a8dc.tmp
c:\users\Jeff\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Jeff\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\Jeff\AppData\Roaming\Microsoft\bass.dll
c:\users\Jeff\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Jeff\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Jeff\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Jeff\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Jeff\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Jeff\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Jeff\pod942.exe
c:\windows\jestertb.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-26 to 2011-11-26  )))))))))))))))))))))))))))))))
.
.
2011-11-26 17:53 . 2011-11-26 17:53	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-24 05:14 . 2011-07-13 04:53	8578896	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7CE86C52-7129-4B1D-ABAA-EEC4E09218CF}\mpengine.dll
2011-11-23 03:19 . 2011-11-23 03:19	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-11-12 00:59 . 2011-11-12 00:59	--------	d-----w-	c:\windows\system32\Macromed
2011-11-12 00:58 . 2011-11-12 01:00	--------	d--h--w-	c:\windows\AxInstSV
2011-11-11 21:35 . 2011-09-06 21:38	301912	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-11 21:35 . 2011-09-06 21:36	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-11 21:35 . 2011-09-06 21:36	58200	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-11 21:35 . 2011-09-06 21:36	42328	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-11 21:35 . 2011-09-06 21:38	601944	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-11 21:35 . 2011-09-06 21:36	65368	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-11-11 21:34 . 2011-09-06 21:45	41184	----a-w-	c:\windows\avastSS.scr
2011-11-11 21:34 . 2011-09-06 21:45	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-11-09 04:07 . 2011-11-09 05:43	--------	d-----w-	c:\windows\SysWow64\%Report%
2011-11-08 21:34 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-08 21:34 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-08 21:34 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-08 21:34 . 2011-09-29 04:03	3144704	----a-w-	c:\windows\system32\win32k.sys
2011-11-02 03:45 . 2011-09-06 20:45	254400	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-02 03:44 . 2011-11-11 21:34	--------	d-----w-	c:\programdata\AVAST Software
2011-11-02 03:44 . 2011-11-09 05:47	--------	d-----w-	c:\program files\AVAST Software
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-11-02 03:25 . 2011-11-02 03:25	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-11-02 03:24 . 2011-11-09 05:47	--------	d-----w-	c:\program files (x86)\QuickTime
2011-11-01 23:08 . 2011-11-09 05:51	--------	d-----w-	c:\program files (x86)\Common Files\xing shared
2011-10-31 15:59 . 2011-10-31 15:59	--------	d-----w-	c:\users\Jeff\AppData\Roaming\Yahoo!
2011-10-31 13:57 . 2011-11-09 05:51	--------	d-----w-	c:\program files (x86)\GridinSoft Trojan Killer
2011-10-29 19:28 . 2011-10-29 19:28	--------	d-----w-	c:\users\Jeff\AppData\Local\uTorrent
2011-10-29 19:22 . 2011-10-31 13:21	--------	d-----w-	c:\users\Jeff\AppData\Local\ElevatedDiagnostics
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-12 01:00 . 2011-05-17 23:26	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-09 05:00 . 2011-09-07 19:03	45056	----a-w-	c:\windows\system32\acovcnt.exe
2011-11-01 23:06 . 2010-03-08 22:48	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2011-11-01 23:06 . 2010-03-08 22:48	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2011-10-24 18:29 . 2011-10-24 18:29	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 18:29 . 2011-10-24 18:29	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2011-10-11 21:59 . 2011-10-11 22:00	917840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F91B8B1F-258E-4CC3-883C-19E89AAEFAF3}\gapaengine.dll
2011-10-07 04:16 . 2011-05-05 11:14	8570192	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-09-08 15:21 . 2011-09-08 15:21	800824	----a-w-	c:\users\Default\AppData\Roaming\DPInst.exe
2011-09-08 15:21 . 2011-09-08 15:21	36352	----a-w-	c:\users\Default\AppData\Roaming\PnPutil.exe
2011-09-08 15:21 . 2011-09-08 15:21	106496	----a-w-	c:\users\Default\AppData\Roaming\gacutil.exe
2011-09-01 05:24 . 2011-10-13 07:02	2309120	----a-w-	c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-13 07:02	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-13 07:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-13 07:02	1798144	----a-w-	c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-13 07:02	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-13 07:02	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2011-09-01 00:08 . 2011-09-01 00:08	167704	----a-w-	c:\windows\system32\igfxtray.exe
2011-09-01 00:08 . 2011-09-01 00:08	510232	----a-w-	c:\windows\system32\igfxsrvc.exe
2011-09-01 00:08 . 2011-09-01 00:08	416024	----a-w-	c:\windows\system32\igfxpers.exe
2011-09-01 00:08 . 2011-09-01 00:08	239896	----a-w-	c:\windows\system32\igfxext.exe
2011-09-01 00:08 . 2011-09-01 00:08	392472	----a-w-	c:\windows\system32\hkcmd.exe
2011-09-01 00:08 . 2011-09-01 00:08	4378392	----a-w-	c:\windows\system32\GfxUI.exe
2011-09-01 00:08 . 2011-09-01 00:08	179992	----a-w-	c:\windows\system32\difx64.exe
2011-08-31 23:58 . 2011-08-31 23:58	90112	----a-w-	c:\windows\system32\igfxCoIn_v2509.dll
2011-08-31 23:53 . 2011-08-31 23:53	12306848	----a-w-	c:\windows\system32\drivers\igdkmd64.sys
2011-08-31 23:53 . 2011-08-31 23:53	8312320	----a-w-	c:\windows\system32\igdumd64.dll
2011-08-31 23:51 . 2011-08-31 23:51	867020	----a-w-	c:\windows\system32\igkrng575.bin
2011-08-31 23:51 . 2011-08-31 23:51	128204	----a-w-	c:\windows\system32\igcompkrng575.bin
2011-08-31 23:51 . 2011-08-31 23:51	105608	----a-w-	c:\windows\system32\igfcg575m.bin
2011-08-31 23:47 . 2009-11-06 07:44	6322688	----a-w-	c:\windows\SysWow64\igdumd32.dll
2011-08-31 23:45 . 2009-11-06 07:38	581120	----a-w-	c:\windows\SysWow64\igdumdx32.dll
2011-08-31 23:42 . 2009-11-06 07:34	14598656	----a-w-	c:\windows\system32\igd10umd64.dll
2011-08-31 23:37 . 2011-02-11 23:04	12340224	----a-w-	c:\windows\SysWow64\igd10umd32.dll
2011-08-31 23:31 . 2011-08-31 23:31	18641408	----a-w-	c:\windows\system32\ig4icd64.dll
2011-08-31 23:26 . 2011-08-31 23:26	13903872	----a-w-	c:\windows\SysWow64\ig4icd32.dll
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrrom.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrsky.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrhrv.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrtrk.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrslv.lrc
2011-08-31 23:22 . 2011-08-31 23:22	287232	----a-w-	c:\windows\system32\igfxresn.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrsve.lrc
2011-08-31 23:22 . 2011-08-31 23:22	285696	----a-w-	c:\windows\system32\igfxrtha.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrrus.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrptg.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrplk.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrptb.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrnor.lrc
2011-08-31 23:22 . 2011-08-31 23:22	283136	----a-w-	c:\windows\system32\igfxrkor.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrita.lrc
2011-08-31 23:22 . 2011-08-31 23:22	283648	----a-w-	c:\windows\system32\igfxrjpn.lrc
2011-08-31 23:22 . 2011-08-31 23:22	287232	----a-w-	c:\windows\system32\igfxrell.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrdeu.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrhun.lrc
2011-08-31 23:22 . 2011-08-31 23:22	285184	----a-w-	c:\windows\system32\igfxrheb.lrc
2011-08-31 23:22 . 2011-08-31 23:22	287232	----a-w-	c:\windows\system32\igfxrfra.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrnld.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286208	----a-w-	c:\windows\system32\igfxrfin.lrc
2011-08-31 23:22 . 2011-08-31 23:22	286720	----a-w-	c:\windows\system32\igfxrcsy.lrc
2011-08-31 23:22 . 2011-08-31 23:22	285696	----a-w-	c:\windows\system32\igfxrdan.lrc
2011-08-31 23:22 . 2011-08-31 23:22	282624	----a-w-	c:\windows\system32\igfxrcht.lrc
2011-08-31 23:22 . 2011-08-31 23:22	285184	----a-w-	c:\windows\system32\igfxrara.lrc
2011-08-31 23:22 . 2011-08-31 23:22	282624	----a-w-	c:\windows\system32\igfxrchs.lrc
2011-08-31 23:22 . 2011-08-31 23:22	126976	----a-w-	c:\windows\system32\igfxcpl.cpl
2011-08-31 23:21 . 2011-08-31 23:21	375808	----a-w-	c:\windows\system32\igfxpph.dll
2011-08-31 23:21 . 2011-08-31 23:21	378368	----a-w-	c:\windows\system32\igfxTMM.dll
2011-08-31 23:21 . 2011-08-31 23:21	28672	----a-w-	c:\windows\system32\igfxexps.dll
2011-08-31 23:21 . 2011-02-11 22:46	62464	----a-w-	c:\windows\system32\igfxsrvc.dll
2011-08-31 23:20 . 2011-02-11 22:45	110080	----a-w-	c:\windows\system32\hccutils.dll
2011-08-31 23:20 . 2011-08-31 23:20	4096	----a-w-	c:\windows\system32\IGFXDEVLib.dll
2011-08-31 23:20 . 2011-08-31 23:20	146432	----a-w-	c:\windows\system32\gfxSrvc.dll
2011-08-31 23:20 . 2011-08-31 23:20	390144	----a-w-	c:\windows\system32\igfxdev.dll
2011-08-31 23:20 . 2011-08-31 23:20	285696	----a-w-	c:\windows\system32\igfxrenu.lrc
2011-08-31 23:20 . 2011-08-31 23:20	142336	----a-w-	c:\windows\system32\igfxdo.dll
2011-08-31 23:20 . 2011-02-11 22:45	9014784	----a-w-	c:\windows\system32\igfxress.dll
2011-08-31 23:16 . 2011-08-31 23:16	24576	----a-w-	c:\windows\SysWow64\igfxexps32.dll
2011-08-31 23:15 . 2011-08-31 23:15	294400	----a-w-	c:\windows\SysWow64\igfxdv32.dll
2011-08-31 23:13 . 2011-08-31 23:13	98304	----a-w-	c:\windows\SysWow64\iglhcp32.dll
2011-08-31 23:13 . 2011-08-31 23:13	98304	----a-w-	c:\windows\system32\iglhcp64.dll
2011-08-31 23:13 . 2011-08-31 23:13	94208	----a-w-	c:\windows\system32\IccLibDll_x64.dll
2011-08-31 23:13 . 2011-08-31 23:13	376832	----a-w-	c:\windows\SysWow64\iglhsip32.dll
2011-08-31 23:13 . 2011-08-31 23:13	376832	----a-w-	c:\windows\system32\iglhsip64.dll
2011-08-31 23:13 . 2011-08-31 23:13	162816	----a-w-	c:\windows\SysWow64\igfxcmrt32.dll
2011-08-31 23:13 . 2011-08-31 23:13	140288	----a-w-	c:\windows\system32\igfxcmrt64.dll
2011-08-31 21:00 . 2010-05-02 16:53	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05	96104	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05	85864	----a-w-	c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05	212840	----a-w-	c:\windows\system32\dnssdX.dll
2011-08-31 03:05 . 2011-08-31 03:05	83816	----a-w-	c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05	73064	----a-w-	c:\windows\SysWow64\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05	178536	----a-w-	c:\windows\SysWow64\dnssdX.dll
2009-04-08 18:31 . 2009-04-08 18:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 20:54	175912	----a-w-	c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}]
2011-01-17 20:54	175912	----a-w-	c:\program files (x86)\NCH_EN\prxtbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files (x86)\NCH_EN\prxtbNCH_.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"Facebook Update"="c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"TkBellExe"="c:\program files (x86)\Real\realplayer\update\realsched.exe" [2011-11-01 273528]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-12-27 1044648]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-7-23 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
R2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 136176]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2011-08-15 31408]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17	302592	----a-w-	c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2063328634-3213256024-2412217711-1001Core.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:02]
.
2011-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2063328634-3213256024-2412217711-1001UA.job
- c:\users\Jeff\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 03:02]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 20:03]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 20:03]
.
2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2063328634-3213256024-2412217711-1001Core.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 04:31]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2063328634-3213256024-2412217711-1001UA.job
- c:\users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-26 04:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"combofix"="c:\combofix\CF2304.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF2304.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
AddRemove-ASUS_U_Series_Screensaver - c:\windows\system32\ASUS_U_Series_Screensaver.scr
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-26  14:42:49 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-26 19:42
.
Pre-Run: 136,266,956,800 bytes free
Post-Run: 135,724,593,152 bytes free
.
- - End Of File - - 6925AE9B5E4B71877ED493D3FCCFA9F0