ComboFix 12-04-23.02 - Sean 04/23/2012 15:33:29.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6569 [GMT -7:00] Running from: c:\users\Sean\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll c:\users\Sean\g2mdlhlpx.exe c:\windows\AutoRun.ini c:\windows\system32\jucheck.exe c:\windows\system32\jusched.exe c:\windows\SysWow64\DEBUG.log c:\windows\SysWow64\html c:\windows\SysWow64\html\calendar.html c:\windows\SysWow64\html\calendarbottom.html c:\windows\SysWow64\html\calendartop.html c:\windows\SysWow64\html\crystalexportdialog.htm c:\windows\SysWow64\html\crystalprinthost.html c:\windows\SysWow64\images c:\windows\SysWow64\images\toolbar\calendar.gif c:\windows\SysWow64\images\toolbar\crlogo.gif c:\windows\SysWow64\images\toolbar\export.gif c:\windows\SysWow64\images\toolbar\export_over.gif c:\windows\SysWow64\images\toolbar\exportd.gif c:\windows\SysWow64\images\toolbar\First.gif c:\windows\SysWow64\images\toolbar\first_over.gif c:\windows\SysWow64\images\toolbar\Firstd.gif c:\windows\SysWow64\images\toolbar\gotopage.gif c:\windows\SysWow64\images\toolbar\gotopage_over.gif c:\windows\SysWow64\images\toolbar\gotopaged.gif c:\windows\SysWow64\images\toolbar\grouptree.gif c:\windows\SysWow64\images\toolbar\grouptree_over.gif c:\windows\SysWow64\images\toolbar\grouptreed.gif c:\windows\SysWow64\images\toolbar\grouptreepressed.gif c:\windows\SysWow64\images\toolbar\Last.gif c:\windows\SysWow64\images\toolbar\last_over.gif c:\windows\SysWow64\images\toolbar\Lastd.gif c:\windows\SysWow64\images\toolbar\Next.gif c:\windows\SysWow64\images\toolbar\next_over.gif c:\windows\SysWow64\images\toolbar\Nextd.gif c:\windows\SysWow64\images\toolbar\Prev.gif c:\windows\SysWow64\images\toolbar\prev_over.gif c:\windows\SysWow64\images\toolbar\Prevd.gif c:\windows\SysWow64\images\toolbar\print.gif c:\windows\SysWow64\images\toolbar\print_over.gif c:\windows\SysWow64\images\toolbar\printd.gif c:\windows\SysWow64\images\toolbar\Refresh.gif c:\windows\SysWow64\images\toolbar\refresh_over.gif c:\windows\SysWow64\images\toolbar\refreshd.gif c:\windows\SysWow64\images\toolbar\Search.gif c:\windows\SysWow64\images\toolbar\search_over.gif c:\windows\SysWow64\images\toolbar\searchd.gif c:\windows\SysWow64\images\toolbar\up.gif c:\windows\SysWow64\images\toolbar\up_over.gif c:\windows\SysWow64\images\toolbar\upd.gif c:\windows\SysWow64\images\tree\begindots.gif c:\windows\SysWow64\images\tree\beginminus.gif c:\windows\SysWow64\images\tree\beginplus.gif c:\windows\SysWow64\images\tree\blank.gif c:\windows\SysWow64\images\tree\blankdots.gif c:\windows\SysWow64\images\tree\dots.gif c:\windows\SysWow64\images\tree\lastdots.gif c:\windows\SysWow64\images\tree\lastminus.gif c:\windows\SysWow64\images\tree\lastplus.gif c:\windows\SysWow64\images\tree\Magnify.gif c:\windows\SysWow64\images\tree\minus.gif c:\windows\SysWow64\images\tree\minusbox.gif c:\windows\SysWow64\images\tree\plus.gif c:\windows\SysWow64\images\tree\plusbox.gif c:\windows\SysWow64\images\tree\singleminus.gif c:\windows\SysWow64\images\tree\singleplus.gif E:\Autorun.inf E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2012-03-23 to 2012-04-23 ))))))))))))))))))))))))))))))) . . 2012-04-23 22:55 . 2012-04-23 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-22 22:23 . 2012-04-22 22:23 -------- d-----w- c:\programdata\Kaspersky Lab 2012-04-22 20:52 . 2012-04-22 21:56 -------- d-----w- c:\program files (x86)\Robo TraderFX 2012-04-22 20:40 . 2012-04-22 20:40 197632 ----a-w- c:\windows\SysWow64\RoboTraderFXMT.dll 2012-04-22 20:40 . 2012-04-22 20:40 210432 ----a-w- c:\windows\SysWow64\RoboTraderFXI.dll 2012-04-22 19:21 . 2012-04-22 19:21 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2012-04-22 14:01 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe 2012-04-22 14:01 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2012-04-18 13:53 . 2012-04-18 13:53 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-04-17 04:13 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-17 04:13 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-17 04:13 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-14 14:43 . 2012-04-14 14:43 -------- d-----w- c:\windows\system32\SPReview 2012-04-14 14:42 . 2012-04-14 14:43 -------- d-----w- c:\windows\system32\EventProviders 2012-04-14 01:04 . 2012-04-14 01:04 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-14 01:04 . 2012-04-14 01:04 -------- d-----w- c:\windows\system32\Macromed 2012-04-13 22:42 . 2012-04-15 19:45 -------- d-----w- C:\852b8a6f7a39a0e989cdeb36ac2d 2012-04-13 22:39 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-13 22:39 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-13 22:39 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-13 22:39 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-13 22:39 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-13 22:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-13 22:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-13 22:36 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll 2012-04-13 22:36 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll 2012-04-13 22:34 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll 2012-04-13 22:33 . 2010-11-20 13:27 762368 ----a-w- c:\windows\system32\sdcpl.dll 2012-04-13 22:32 . 2010-11-20 13:25 14848 ----a-w- c:\windows\system32\BWUnpairElevated.dll 2012-04-13 22:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll 2012-04-13 22:31 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2012-04-13 22:31 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-04-13 22:31 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-04-13 22:31 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-04-13 22:31 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-04-13 22:29 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-04-13 22:29 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-04-13 22:29 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-04-13 22:25 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-04-13 22:25 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-04-13 22:25 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-04-13 22:25 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-04-13 22:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-04-13 22:14 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-04-13 22:14 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-04-13 22:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-04-13 22:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-04-13 22:13 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-04-13 22:13 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-04-13 16:09 . 2012-04-13 16:09 -------- d-----w- c:\program files\CCleaner 2012-04-12 20:01 . 2012-04-13 16:52 -------- d-----w- c:\program files (x86)\PC Tools 2012-04-12 19:58 . 2012-04-13 16:52 -------- d-----w- c:\program files (x86)\Common Files\PC Tools 2012-04-12 19:58 . 2012-03-20 20:50 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys 2012-04-12 19:55 . 2012-04-13 16:51 -------- d-----w- c:\programdata\PC Tools 2012-04-12 19:55 . 2012-04-12 19:55 -------- d-----w- c:\users\Sean\AppData\Roaming\TestApp 2012-04-11 23:00 . 2012-04-14 01:04 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-11 22:54 . 2012-04-23 22:19 -------- d-sh--w- c:\windows\Installer 2012-04-06 02:10 . 2012-03-26 22:58 45056 ----a-w- c:\windows\SysWow64\cid2.dll 2012-04-03 21:54 . 2012-04-22 20:44 6656 ----a-w- c:\windows\SysWow64\RoboTraderFX.dll 2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-15 19:53 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-04-15 19:53 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-04-14 01:04 . 2011-09-24 18:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 22:56 . 2011-07-23 18:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-12 22:15 . 2012-03-15 16:10 196608 ----a-w- c:\windows\SysWow64\RBT1GLock32.dll 2012-03-05 22:38 . 2012-03-05 22:38 10 ----a-w- c:\windows\Fonts\wfonts.key 2012-02-25 00:52 . 2012-02-25 00:52 102400 ----a-w- c:\windows\SysWow64\DBTCustomerCheck.dll 2012-02-22 22:22 . 2012-02-22 22:26 676864 ----a-w- c:\windows\system32\RTTDataMC64.dll 2012-02-21 18:02 . 2012-02-21 20:12 254464 ----a-w- c:\windows\system32\RTTMCCheck64.dll 2012-02-21 18:02 . 2012-02-21 18:07 254464 ----a-w- c:\windows\SysWow64\RTTMCCheck64.dll 2012-02-20 22:26 . 2012-02-20 22:06 217088 ----a-w- c:\windows\SysWow64\RTTMCCheck.dll 2012-02-20 22:14 . 2012-02-20 22:14 217088 ----a-w- c:\windows\SysWow64\RTTCustCheckMT.dll 2012-02-05 22:52 . 2012-02-05 22:52 0 ----a-w- c:\windows\system32\AESEncrypt.dll 2012-01-28 02:53 . 2012-01-28 02:53 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-01-28 02:53 . 2012-01-28 02:53 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-01-28 02:53 . 2012-01-28 02:53 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-01-28 02:53 . 2012-01-28 02:53 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-01-28 02:53 . 2012-01-28 02:53 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-01-28 02:53 . 2012-01-28 02:53 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-01-28 02:53 . 2012-01-28 02:53 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-01-28 02:53 . 2012-01-28 02:53 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-01-28 02:53 . 2012-01-28 02:53 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-01-28 02:53 . 2012-01-28 02:53 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-01-28 02:53 . 2012-01-28 02:53 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-01-28 02:53 . 2012-01-28 02:53 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-01-28 02:53 . 2012-01-28 02:53 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-01-28 02:53 . 2012-01-28 02:53 448512 ----a-w- c:\windows\system32\html.iec 2012-01-28 02:53 . 2012-01-28 02:53 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-01-28 02:53 . 2012-01-28 02:53 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-01-28 02:53 . 2012-01-28 02:53 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-01-28 02:53 . 2012-01-28 02:53 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-01-28 02:53 . 2012-01-28 02:53 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-01-28 02:53 . 2012-01-28 02:53 222208 ----a-w- c:\windows\system32\msls31.dll 2012-01-28 02:53 . 2012-01-28 02:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-01-28 02:53 . 2012-01-28 02:53 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-01-28 02:53 . 2012-01-28 02:53 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-01-28 02:53 . 2012-01-28 02:53 160256 ----a-w- c:\windows\system32\wextract.exe 2012-01-28 02:53 . 2012-01-28 02:53 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-01-28 02:53 . 2012-01-28 02:53 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-01-28 02:53 . 2012-01-28 02:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-01-28 02:53 . 2012-01-28 02:53 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-01-28 02:53 . 2012-01-28 02:53 12288 ----a-w- c:\windows\system32\mshta.exe 2012-01-28 02:53 . 2012-01-28 02:53 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-01-28 02:53 . 2012-01-28 02:53 114176 ----a-w- c:\windows\system32\admparse.dll 2012-01-28 02:53 . 2012-01-28 02:53 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-01-28 02:53 . 2012-01-28 02:53 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-01-28 02:53 . 2012-01-28 02:53 101888 ----a-w- c:\windows\SysWow64\admparse.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2010-07-15 546200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-23 1675160] "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] . c:\users\Sean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264] ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-5-28 1159168] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mrtRate;mrtRate; [x] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-09-23 4476096] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536] S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168] S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 01:04] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001Core.job - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 02:14] . 2012-04-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3366800603-694017702-1191280905-1001UA.job - c:\users\Sean\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-08 02:14] . 2012-04-23 c:\windows\Tasks\TradeStation Backup - Daily.job - c:\program files (x86)\TradeStation 9.0\Program\TSBackupRestore.exe [2012-02-15 22:38] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp] @="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}" [HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}] 2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending] @="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}" [HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}] 2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot] @="{A759AFF6-5851-457D-A540-F4ECED148351}" [HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}] 2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared] @="{1574C9EF-7D58-488F-B358-8B78C1538F51}" [HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}] 2011-11-11 08:36 405504 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}] @Denied: (A) (Everyone) "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0] "Key"="ActionsPane" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\AstSrv.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\TeamViewer\Version5\TeamViewer.exe c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe . ************************************************************************** . Completion time: 2012-04-23 17:04:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-24 00:04 . Pre-Run: 662,135,361,536 bytes free Post-Run: 662,508,740,608 bytes free . - - End Of File - - 95D5426A80A9C855CDF6C6ED28DE4209