ComboFix 12-03-28.02 - rockroland 03/28/2012 19:19:00.6.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8180.6228 [GMT -4:00] Running from: c:\installs\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 ))))))))))))))))))))))))))))))) . . 2012-03-28 23:22 . 2012-03-28 23:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-28 23:22 . 2012-03-28 23:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-03-28 23:03 . 2012-03-28 23:03 65536 ---hatw- C:\~klucens.pst.tmp 2012-03-28 15:28 . 2012-03-28 15:28 -------- d-----w- c:\users\rockroland\AppData\Roaming\Malwarebytes 2012-03-28 15:28 . 2012-03-28 15:28 -------- d-----w- c:\programdata\Malwarebytes 2012-03-28 01:57 . 2012-03-28 01:57 -------- d-----w- C:\regback 2012-03-27 23:36 . 2012-03-28 23:22 -------- d-----w- c:\users\rockroland\AppData\Local\temp 2012-03-27 22:45 . 2012-03-27 22:45 -------- d-----w- c:\programdata\Kaspersky Lab 2012-03-26 03:52 . 2012-03-26 03:52 -------- d-----w- C:\userback 2012-03-25 14:03 . 2012-03-25 14:03 -------- d-----w- C:\AVG 2012-03-25 09:41 . 2012-03-25 09:41 -------- d--h--w- c:\programdata\Common Files 2012-03-25 09:36 . 2012-03-25 17:23 -------- d-----w- c:\programdata\MFAData 2012-03-25 09:34 . 2012-03-25 09:34 5154304 ----a-w- c:\users\rockroland\WindowsDefender.msi 2012-03-24 23:06 . 2012-03-24 23:08 -------- d-----w- C:\flight 2012-03-24 23:01 . 2012-03-24 23:03 -------- d-----w- C:\Billboard 2012-03-23 20:55 . 2012-03-23 20:55 -------- d-----w- C:\MyDisc 2012-03-23 19:56 . 2012-03-23 19:57 -------- d-----w- c:\users\rockroland\Kaufman, Izabella 2012-03-23 19:55 . 2012-03-23 19:55 -------- d-----w- c:\users\rockroland\Batch 6 2012-03-23 15:28 . 2012-03-23 15:28 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd 2012-03-23 11:43 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{205E47FA-825F-435C-BCD4-30A3F64B0B80}\mpengine.dll 2012-03-22 14:08 . 2012-03-22 14:09 -------- d-----w- c:\users\rockroland\RR 2012-03-21 05:08 . 2012-03-21 05:08 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-03-19 23:59 . 2012-01-24 23:18 10989568 ----a-w- c:\windows\sspro.exe 2012-03-19 23:59 . 2011-06-21 10:00 224256 ----a-w- c:\windows\svcreng.dll 2012-03-19 23:59 . 2012-01-13 14:06 590848 ----a-w- c:\windows\utimcache.exe 2012-03-19 23:59 . 2012-01-13 13:38 420352 ----a-w- c:\windows\stidraw32.exe 2012-03-19 23:59 . 2012-01-13 14:00 646144 ----a-w- c:\windows\sysnadr64.exe 2012-03-19 23:59 . 2012-03-28 05:05 3609 ----a-w- c:\windows\memgprep.dll 2012-03-19 23:59 . 2012-01-24 23:12 3338752 ----a-w- c:\windows\diskediag.exe 2012-03-19 15:01 . 2012-03-19 15:01 -------- d-----w- c:\program files\7-Zip 2012-03-16 11:08 . 2012-02-08 01:13 149640 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2012-03-14 17:18 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 17:18 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-14 17:18 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 16:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 16:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 16:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 16:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 16:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 16:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 16:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 16:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 16:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 16:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-12 19:49 . 2012-03-12 19:49 -------- d-----w- c:\program files (x86)\WinDirStat 2012-03-12 17:32 . 2012-03-12 17:32 -------- d-----w- c:\program files\Google 2012-03-12 17:32 . 2012-03-25 09:31 -------- d-----w- c:\users\rockroland\AppData\Local\Google 2012-03-12 17:32 . 2012-03-12 17:32 -------- d-----w- c:\program files (x86)\Google 2012-03-10 23:39 . 2012-03-10 23:39 -------- d-----w- c:\users\rockroland\AppData\Local\Pleasant_Solutions 2012-03-10 23:21 . 2012-03-10 23:21 -------- d-----w- c:\programdata\Research In Motion 2012-03-10 23:21 . 2012-03-10 23:21 -------- d-----w- c:\program files (x86)\Research In Motion 2012-03-10 23:16 . 2012-03-10 23:16 -------- d-----w- c:\users\rockroland\AppData\Local\Programs 2012-03-07 21:03 . 2012-03-07 21:03 -------- d-----w- c:\program files\iPod 2012-03-07 21:01 . 2012-03-07 21:01 -------- d-----w- c:\program files\Bonjour 2012-03-07 21:01 . 2012-03-07 21:01 -------- d-----w- c:\program files (x86)\Bonjour 2012-03-06 03:08 . 2012-03-06 03:08 -------- d-----w- c:\users\rockroland\AppData\Local\Amazon 2012-03-06 03:08 . 2012-03-06 03:08 -------- d-----w- c:\program files (x86)\Amazon 2012-02-29 17:13 . 2012-02-29 17:13 -------- d-----w- c:\programdata\AOL Downloads 2012-02-28 10:35 . 2012-02-28 10:35 -------- d-----w- c:\users\rockroland\AppData\Roaming\Media Player Classic . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 13:18 . 2010-08-10 03:52 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 16:01 . 2012-02-15 16:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 16:01 . 2012-02-15 16:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-07 18:00 . 2012-02-08 07:56 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2012-02-06 21:02 . 2012-02-06 21:02 24064 ----a-w- c:\windows\system32\SplitCamAudio.sys 2012-01-30 09:29 . 2012-01-30 09:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-17 12:31 . 2012-01-17 12:31 23040 ----a-w- c:\windows\system32\drivers\SplitCamAudio.sys 2012-01-04 10:44 . 2012-02-14 19:49 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-01-04 08:58 . 2012-02-14 19:49 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl 2012-01-03 07:03 . 2012-02-01 00:17 810496 ----a-w- c:\windows\system32\xvidcore.dll 2012-01-03 07:03 . 2012-02-01 00:17 80896 ----a-w- c:\windows\system32\ff_vfw.dll 2012-01-03 07:03 . 2012-02-01 00:17 183808 ----a-w- c:\windows\system32\xvidvfw.dll 2012-01-03 07:03 . 2012-02-06 20:48 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx 2012-01-03 07:03 . 2012-02-06 20:48 389120 ----a-w- c:\windows\system32\actskn43.ocx 2011-12-30 06:26 . 2012-02-14 19:49 515584 ----a-w- c:\windows\system32\timedate.cpl 2011-12-30 05:27 . 2012-02-14 19:49 478720 ----a-w- c:\windows\SysWow64\timedate.cpl . . ((((((((((((((((((((((((((((( SnapShot@2012-03-27_23.38.08 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-18 16:49 . 2012-03-28 00:08 61482 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-28 23:04 52692 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2010-08-10 03:33 . 2012-03-27 23:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-10 03:33 . 2012-03-28 06:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-08-10 03:33 . 2012-03-27 23:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-08-10 03:33 . 2012-03-28 06:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-28 06:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-27 23:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-08-22 21:42 . 2012-03-28 15:32 2440 c:\windows\system32\wdi\ERCQueuedResolutions.dat - 2010-08-22 21:42 . 2012-03-18 08:32 2440 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2010-08-10 04:01 . 2012-03-28 23:04 9930 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-850405567-2436268138-2046711074-1000_UserData.bin + 2012-03-28 03:57 . 2012-03-28 03:57 9560 c:\windows\system32\NetworkList\Icons\{80D2C45A-BEA8-4EA9-ADA0-97BA551912E2}_48.bin + 2012-03-28 03:57 . 2012-03-28 03:57 4280 c:\windows\system32\NetworkList\Icons\{80D2C45A-BEA8-4EA9-ADA0-97BA551912E2}_32.bin + 2012-03-28 03:57 . 2012-03-28 03:57 2456 c:\windows\system32\NetworkList\Icons\{80D2C45A-BEA8-4EA9-ADA0-97BA551912E2}_24.bin + 2012-03-28 19:22 . 2012-03-28 23:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-27 23:37 . 2012-03-27 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-28 19:22 . 2012-03-28 23:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-27 23:37 . 2012-03-27 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-03-27 23:37 . 2009-10-07 05:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll + 2012-03-28 23:02 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll + 2009-07-14 04:54 . 2012-03-28 05:19 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-03-27 22:44 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-08-10 15:32 . 2012-03-28 13:13 464848 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-08-10 05:31 . 2012-03-28 22:41 461760 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2012-03-27 23:11 627082 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-28 23:07 627082 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-03-27 23:11 107366 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-03-28 23:07 107366 c:\windows\system32\perfc009.dat + 2009-07-14 04:46 . 2012-03-28 04:53 112304 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 05:01 . 2012-03-27 23:37 372072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-03-28 19:17 372072 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2012-03-27 23:37 . 2012-03-27 23:37 372840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-850405567-2436268138-2046711074-1000-4096.dat + 2012-03-27 23:37 . 2012-03-28 15:32 372840 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-850405567-2436268138-2046711074-1000-4096.dat - 2009-07-14 04:54 . 2012-03-27 22:44 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-28 05:19 2211840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-28 05:19 3473408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-27 22:44 3473408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-27 22:43 . 2012-03-28 15:32 1389964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-850405567-2436268138-2046711074-1000-8192.dat - 2010-08-24 02:44 . 2012-03-27 23:37 21145404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-850405567-2436268138-2046711074-1000-12288.dat + 2010-08-24 02:44 . 2012-03-28 15:32 21145404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-850405567-2436268138-2046711074-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2011-10-15 00:39 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Launch_CC"="c:\program files\OSD\Launch_CC.exe" [2009-02-19 20480] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-12 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "OSD_LAUNCH"="c:\program files (x86)\OSD\Launch_OSD.exe" [2010-07-18 32768] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-04 98304] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-07 421736] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] . c:\users\rockroland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ shortcut_xprint.lnk - c:\program files (x86)\Informatik Inc\Informatik xPrint\xPrintFileWatcher.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176] R2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2009-12-30 16384] R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 ALSysIO;ALSysIO;c:\users\ROCKRO~1\AppData\Local\Temp\ALSysIO64.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 136176] R3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTVE.sys [x] R3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXPE.sys [x] R3 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 59904] R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [x] R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [x] R3 iSSetup;iSSetup;c:\windows\system32\DRIVERS\iSSetup.sys [x] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech QuickCam Fusion(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 PEERNET Spooler Service 9.0;PEERNET Spooler Service 9.0;c:\windows\system32\spool\DRIVERS\x64\3\PNSvc9.exe [2011-01-21 159048] R3 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDFV6\SolidConverterPDFServicex64.exe [2009-10-24 320512] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] R4 CustomSvc;Vista Session Launcher Service;c:\program files\OSD\Service1.exe [2009-02-20 13312] R4 ElcomSoftDistributedPasswordRecoveryServer;Elcomsoft Distributed Password Recovery Server;c:\program files (x86)\ElcomSoft\Distributed Password Recovery\esdprs.exe [x] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152] S0 ioatdma;Intel(R) QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [x] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [x] S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/09/09 16:52];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-08-28 22:36 146928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ec0230c23ac63514\AESTSr64.exe [2009-03-03 89600] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x] S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\amd64\novacomd.exe [2011-06-25 72192] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 17:32] . 2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-12 17:32] . 2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000Core.job - c:\users\rockroland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 07:39] . 2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-850405567-2436268138-2046711074-1000UA.job - c:\users\rockroland\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-25 07:39] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay] @="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}" [HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}] 2011-10-15 00:39 191504 ----a-w- c:\windows\System32\CbFsMntNtf3.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2463232] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "pdfFactory3"="c:\windows\system32\spool\DRIVERS\x64\3\fppdis3a.exe" [2010-08-16 759296] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-12-03 487424] "AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs obvious MREMP50a64 sfilter vci . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-850405567-2436268138-2046711074-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):ee,4f,c8,67,7f,e2,a9,e6,7f,ef,06,e2,d5,a3,49,72,0e,67,bb,4a,0d, 77,4d,8e,43,8a,dc,c2,9e,d0,d7,6a,f6,f6,b0,ac,0c,a7,a1,ad,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-850405567-2436268138-2046711074-1000_Classes\Wow6432Node\CLSID\{c89322cc-8a39-4865-893a-438eac00bec7}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000015c "Therad"=dword:0000001b "MData"=hex(0):65,7c,1e,a1,67,2d,81,8e,56,fd,2f,16,f0,1b,e1,e5,fc,12,ee,82,b9, f0,86,cd,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-28 19:24:54 ComboFix-quarantined-files.txt 2012-03-28 23:24 ComboFix2.txt 2012-03-28 21:18 ComboFix3.txt 2012-03-28 19:25 ComboFix4.txt 2012-03-28 00:01 ComboFix5.txt 2012-03-28 23:18 . Pre-Run: 40,351,072,256 bytes free Post-Run: 40,389,619,712 bytes free . - - End Of File - - 76F2A7357DBED1B884AA102DF43ACC22