ComboFix 12-07-10.01 - Steve 07/11/2012  17:23:20.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4062.2240 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --> c:\windows\system32\services.exe
.
(((((((((((((((((((((((((   Files Created from 2012-06-11 to 2012-07-11  )))))))))))))))))))))))))))))))
.
.
2012-07-11 21:30 . 2012-07-11 21:30	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2012-07-11 21:30 . 2012-07-11 21:30	--------	d-----w-	c:\users\Lisa\AppData\Local\temp
2012-07-11 21:30 . 2012-07-11 21:30	--------	d-----w-	c:\users\iTunes\AppData\Local\temp
2012-07-11 21:30 . 2012-07-11 21:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-11 21:30 . 2012-07-11 21:30	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-07-11 17:33 . 2012-07-11 17:33	--------	d-----w-	C:\_OTL
2012-07-11 01:26 . 2012-07-11 01:26	--------	d-----w-	c:\users\Steve\AppData\Roaming\Malwarebytes
2012-07-11 01:26 . 2012-07-11 01:26	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-11 01:26 . 2012-07-11 01:26	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-11 01:26 . 2012-04-04 19:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-08 23:37 . 2012-07-09 00:34	--------	d-----w-	c:\users\Steve\AppData\Local\NPE
2012-07-08 22:12 . 2012-07-08 22:12	--------	d-----w-	c:\users\Steve\AppData\Roaming\SPE
2012-07-08 18:40 . 2012-07-08 18:40	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-07-08 18:01 . 2012-07-08 18:01	--------	d-----w-	c:\users\Steve\AppData\Local\FingerPrint
2012-07-08 18:00 . 2012-07-08 18:00	--------	d-----w-	c:\program files (x86)\FingerPrint
2012-07-08 02:52 . 2012-07-08 02:52	--------	d-----w-	c:\users\Steve\AppData\Local\LogMeIn
2012-07-08 02:51 . 2012-05-11 14:41	59776	----a-w-	c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-07-08 02:51 . 2012-05-11 14:41	34688	----a-w-	c:\windows\system32\LMIport.dll
2012-07-08 02:51 . 2012-05-11 14:41	87456	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2012-07-08 02:51 . 2012-04-02 16:17	72216	----a-w-	c:\windows\system32\drivers\LMIRfsDriver.sys
2012-07-08 02:51 . 2012-05-11 14:41	80768	----a-w-	c:\windows\system32\LMIinit.dll
2012-07-08 02:51 . 2012-07-11 17:21	--------	d-----w-	c:\programdata\LogMeIn
2012-07-08 02:50 . 2012-07-08 05:35	--------	d-----w-	c:\program files (x86)\LogMeIn
2012-07-07 03:55 . 2012-07-07 03:55	--------	d-----w-	c:\users\Steve\temp
2012-07-07 03:54 . 2012-07-02 10:23	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2012-07-07 03:54 . 2012-07-07 03:54	--------	d-----w-	c:\program files (x86)\TeamViewer
2012-07-06 06:47 . 2012-05-31 04:04	9013136	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{070DBBAA-C94A-4BB6-9F50-19653984A166}\mpengine.dll
2012-07-05 20:36 . 2010-11-11 22:40	80448	----a-w-	c:\windows\system32\MMCEDT5.exe
2012-07-05 20:36 . 2010-09-21 13:07	312184	----a-w-	c:\windows\system32\drivers\ArcSec.sys
2012-07-05 20:33 . 2012-07-05 20:37	--------	d-----w-	c:\program files (x86)\ArcSoft
2012-07-05 20:10 . 2012-07-05 20:15	--------	d-----w-	c:\users\Steve\AppData\Roaming\YourFileDownloader
2012-07-05 16:59 . 2012-02-01 15:31	1815552	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-07-05 16:55 . 2012-04-03 08:22	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-07-05 16:54 . 2012-03-30 12:45	1423744	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-07-05 16:42 . 2012-07-05 21:54	--------	d-----w-	c:\users\Steve\AppData\Roaming\ArcSoft
2012-07-05 16:35 . 2012-07-05 16:35	--------	d-----w-	c:\users\Steve\AppData\Local\ArcSoft
2012-07-05 16:35 . 2012-07-05 21:55	--------	d-----w-	c:\programdata\ArcSoft
2012-07-05 16:06 . 2012-07-05 16:11	--------	d-----w-	c:\users\Steve\AppData\Roaming\VSO
2012-07-05 16:05 . 2012-02-21 14:25	217127	----a-w-	c:\windows\SysWow64\drv43260.dll
2012-07-05 16:05 . 2012-02-21 14:25	65602	----a-w-	c:\windows\SysWow64\cook3260.dll
2012-07-05 16:05 . 2012-02-21 14:25	208935	----a-w-	c:\windows\SysWow64\drv33260.dll
2012-07-05 16:05 . 2012-02-21 14:25	176165	----a-w-	c:\windows\SysWow64\drv23260.dll
2012-07-05 16:05 . 2012-07-05 16:05	--------	d-----w-	c:\program files (x86)\VSO
2012-07-05 15:48 . 2012-07-05 15:48	--------	d-----w-	c:\program files (x86)\Elaborate Bytes
2012-07-05 15:30 . 2012-07-05 15:30	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-03 02:07 . 2012-07-05 05:11	--------	d-----w-	c:\users\Steve\AppData\Roaming\dvdcss
2012-06-30 05:04 . 2012-06-30 05:04	--------	d-----w-	c:\users\Steve\AppData\Local\Ilivid Player
2012-06-30 05:04 . 2012-06-30 05:04	--------	d-----w-	c:\program files (x86)\iLivid
2012-06-30 04:23 . 2012-06-30 04:23	--------	d-----w-	c:\users\Steve\AppData\Roaming\AVS4YOU
2012-06-30 04:16 . 2012-03-26 16:27	11137024	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2012-06-30 04:14 . 2012-06-30 04:14	--------	d-----w-	c:\programdata\AVS4YOU
2012-06-30 03:55 . 2012-06-30 03:55	--------	d-----w-	c:\program files (x86)\pazera-software
2012-06-21 14:03 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 14:03 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 14:03 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 14:03 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 14:02 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 14:02 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 14:02 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 14:02 . 2012-06-02 22:12	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-21 14:02 . 2012-06-02 22:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-21 14:02 . 2012-06-02 22:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-21 14:02 . 2012-06-02 19:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-21 14:02 . 2012-06-02 19:12	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-21 14:02 . 2012-06-02 19:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 14:02 . 2012-06-02 19:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 15:36 . 2012-06-13 15:36	--------	d-----w-	c:\program files\iPod
2012-06-13 15:35 . 2012-06-13 15:37	--------	d-----w-	c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 15:30 . 2010-06-26 19:07	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-01 23:35 . 2012-05-01 23:35	138360	----a-w-	c:\windows\SysWow64\drivers\AnyDVD.sys
2012-05-01 23:35 . 2012-05-01 23:35	138360	----a-w-	c:\windows\system32\drivers\AnyDVD.sys
2012-04-19 00:56 . 2012-04-19 00:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-11_19.11.47   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-16 21:37 . 2012-07-11 19:32	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-16 21:37 . 2012-07-11 18:36	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-07-11 18:21 . 2012-07-11 18:36	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-11 18:21 . 2012-07-11 19:32	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-16 21:37 . 2012-07-11 19:32	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-16 21:37 . 2012-07-11 18:36	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-14 01:56 . 2012-07-11 19:32	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-14 01:56 . 2012-07-11 18:36	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-10-16 2363392]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-05-10 6090360]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UVS10 Preload"="c:\program files (x86)\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 36864]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-10-24 480768]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-24 68592]
"TVAgent"="c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-04-23 206120]
"hpbdfawep"="c:\program files (x86)\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 1214976]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"CalPC Client"="c:\program files (x86)\SpectraCal\CalPC Client\CalPC Client.exe" [2011-12-01 3094344]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoThumbnail"= 0 (0x0)
"HideSCABattery"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_86727c20\AESTSr64.exe [2008-06-27 89088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-10-16 17:49	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 01:44]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 01:44]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3504466865-3409088393-3790347574-1000Core.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-05 02:17]
.
2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3504466865-3409088393-3790347574-1000UA.job
- c:\users\Steve\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-05 02:17]
.
2012-07-11 c:\windows\Tasks\HP WEP.job
- c:\program files (x86)\Hp\Dfawep\bin\hpbdfawep.exe [2007-04-25 18:27]
.
2012-06-30 c:\windows\Tasks\HPCeeScheduleForSteve.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-27 18:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 3432448]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-24 15959584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-24 82464]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-04-02 57928]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {D00CB680-081D-4F94-97D5-75DEDDC374ED} - hxxps://www36.verizon.com/CallAssistant/MyAccount/unprotected/VCAWebCntrl.CAB
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-11  17:33:03
ComboFix-quarantined-files.txt  2012-07-11 21:33
ComboFix2.txt  2012-07-11 19:21
.
Pre-Run: 63,688,323,072 bytes free
Post-Run: 63,670,063,104 bytes free
.
- - End Of File - - DAD44A2BF4D28F7A6A54E37BCF9A6B34