ComboFix 12-12-20.02 - Adam & Ben 12/20/2012 16:08:07.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2169 [GMT -5:00] Running from: c:\users\Adam & Ben\Desktop\ComboFix.exe AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\FunWebProducts c:\program files (x86)\Incredibar.com c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\program files (x86)\MyWebSearch c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S c:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat c:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S c:\programdata\4169a15755482011a8aeb23496aaa0f1_c c:\users\Ben\AppData\Local\rbrfmy.exe c:\windows\svchost.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_MyWebSearchService . . ((((((((((((((((((((((((( Files Created from 2012-11-20 to 2012-12-20 ))))))))))))))))))))))))))))))) . . 2012-12-20 21:18 . 2012-12-20 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-20 21:18 . 2012-12-20 21:18 -------- d-----w- c:\users\Ben\AppData\Local\temp 2012-12-16 02:26 . 2012-12-16 02:26 -------- d-----w- c:\users\Adam & Ben\.javafxcache 2012-12-16 02:05 . 2012-12-16 02:09 -------- d-----w- c:\users\Adam & Ben\AppData\Local\Temporary Projects 2012-12-12 02:14 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 02:13 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 02:13 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-09 02:07 . 2012-12-09 02:05 17384 ----a-w- c:\windows\system32\kdcom-.dll 2012-12-08 19:54 . 2012-12-08 19:55 -------- d-----w- C:\rei 2012-12-08 19:54 . 2012-12-08 19:54 -------- d-----w- c:\program files\Reimage 2012-12-08 19:49 . 2012-12-08 19:49 -------- d-----w- c:\users\Adam & Ben\AppData\Roaming\PC Cleaners 2012-12-08 19:49 . 2012-12-08 19:48 4590392 ----a-w- c:\windows\uninst.exe 2012-12-08 19:49 . 2012-12-08 19:49 -------- d-----w- c:\users\Adam & Ben\AppData\Roaming\PCPro 2012-12-08 19:49 . 2012-12-08 19:49 -------- d-----w- c:\programdata\PC1Data 2012-12-08 19:46 . 2012-12-08 19:46 -------- d-----w- c:\users\Adam & Ben\AppData\Roaming\DriverCure 2012-12-08 19:46 . 2012-12-08 19:46 -------- d-----w- c:\users\Adam & Ben\AppData\Roaming\SpeedyPC Software 2012-12-08 19:46 . 2012-12-08 19:46 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-12-08 19:46 . 2012-12-08 19:46 -------- d-----w- c:\programdata\SpeedyPC Software 2012-12-08 19:46 . 2012-12-08 19:46 -------- d-----w- c:\program files (x86)\SpeedyPC Software 2012-12-08 16:51 . 2012-12-08 17:34 -------- d-----w- c:\program files (x86)\Free Window Registry Repair 2012-12-08 16:51 . 2012-12-08 16:51 -------- d-----w- c:\program files (x86)\Perion 2012-12-08 16:51 . 2012-12-08 17:02 -------- d-----w- c:\windows\SysWow64\WNLT 2012-12-08 16:51 . 2012-12-08 16:51 -------- d-----w- c:\program files\IB Updater 2012-12-08 16:51 . 2012-12-08 16:51 -------- d-----w- c:\users\Adam & Ben\AppData\Local\Coupon Companion 2012-12-08 16:51 . 2012-12-08 16:51 -------- d-----w- c:\program files (x86)\Coupon Companion 2012-12-08 16:35 . 2012-12-08 16:46 -------- d-----w- c:\programdata\ErrorEND64 2012-12-06 23:26 . 2012-12-06 23:26 -------- d-----w- c:\users\Ben\AppData\Local\White_Sky,_Inc 2012-12-05 23:33 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-05 23:33 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-05 23:33 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-05 23:33 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-05 23:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-05 23:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-05 23:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-05 23:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-05 23:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-05 23:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-05 23:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-05 03:23 . 2012-12-07 00:33 -------- d-----w- c:\program files (x86)\PC Checkup 2012-12-05 03:23 . 2012-12-05 03:23 -------- d-----w- c:\users\Adam & Ben\AppData\Local\Programs 2012-12-05 03:17 . 2012-12-05 03:17 -------- d-----w- c:\users\Adam & Ben\AppData\Local\White_Sky,_Inc 2012-12-05 03:01 . 2012-12-05 03:01 -------- d-----w- c:\programdata\Symantec 2012-12-05 02:58 . 2012-12-05 02:58 -------- d-----w- c:\users\Adam & Ben\AppData\Roaming\PCCUStubInstaller 2012-12-05 02:51 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-12-05 02:50 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 19:45 . 2012-04-01 01:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-15 19:45 . 2011-05-19 23:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-13 01:04 . 2011-06-02 19:41 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-12-05 02:51 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-05 02:51 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-05 02:51 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:40 . 2012-12-12 02:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4d95229d-bcd1-51b4-d184-411b9857a1f4}"= "c:\program files (x86)\Bucksbee Loyalty Plugin - 100815\Helper.dll" [2012-04-09 378880] . [HKEY_CLASSES_ROOT\clsid\{4d95229d-bcd1-51b4-d184-411b9857a1f4}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{8DA6D85F-D1C0-10F4-618A-592FF65E4A02}] [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}] 2012-12-08 16:51 617344 ----a-w- c:\program files (x86)\Coupon Companion\Coupon Companion.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2012-10-04 19:06 170840 ----a-w- c:\program files\IB Updater\Extension32.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}] 2012-04-01 13:32 88576 ----a-w- c:\program files\PrivacySafeGuard\PrivacySafeGuard.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}] 2012-03-19 14:59 13632 ----a-w- c:\program files (x86)\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2011-12-09 01:11 194848 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-06-03 3218792] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896] "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528] . c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\users\Adam & Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-10-16 5958256] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cpuz134;cpuz134;c:\users\ADAM&B~1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\System32\drivers\SMR300.SYS [2012-06-21 96376] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS [2011-01-27 450680] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS [2011-03-15 912504] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240] S1 GIDv2;GIDv2; [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.2.1\Definitions\IPSDefs\20120406.002\IDSvia64.sys [2012-03-07 488568] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS [2010-11-16 171128] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502020.003\SYMNETS.SYS [2011-04-21 386168] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752] S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2012-10-04 188760] S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-10-16 61552] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe [2011-04-17 130008] S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-15 132056] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-02-03 793048] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-03-17 138360] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg] 2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe . Contents of the 'Scheduled Tasks' folder . 2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 19:45] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19] . 2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521395612-3970332785-1077300659-1001Core.job - c:\users\Adam & Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:12] . 2012-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3521395612-3970332785-1077300659-1001UA.job - c:\users\Adam & Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-10 22:12] . 2012-12-10 c:\windows\Tasks\RMSchedule.job - c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-03-16 17:34] . 2012-12-08 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-11-26 18:02] . 2012-12-14 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-12-20 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02] . 2012-12-08 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-11-26 18:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs SNDO763 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 . - - - - ORPHANS REMOVED - - - - . BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL BHO-{07B18EA1-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL BHO-{1036AD63-AEAC-460B-9060-C96005D4DC86} - (no file) BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll Toolbar-Locked - (no file) Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL Toolbar-{F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll Wow6432Node-HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe Wow6432Node-HKLM-Run-MyWebSearch Email Plugin - c:\progra~2\MYWEBS~1\bar\1.bin\mwsoemon.exe Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-BasicScan - c:\program files (x86)\BasicScan\uninstall.exe AddRemove-Democracy 2 Demo_is1 - c:\users\Adam & Ben\Desktop\Democracy2 Demo\unins000.exe AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe AddRemove-MuseScore - c:\users\Adam & Ben\Desktop\MuseScore\Uninstall.exe AddRemove-nbi-alice-3.0.3.2.0 - c:\users\Adam & Ben\Desktop\Alice3Beta\uninstall.exe AddRemove-WIDI Recognition System Standard 4.1 - c:\users\Adam & Ben\Desktop\WIDI 4.1 Std\Uninstall.exe AddRemove-RPG Builder V0.3.59.03 Rebuild - c:\users\Adam & Ben\Desktop\Uninstal.exe AddRemove-shamrockspringSA - c:\users\Adam & Ben\AppData\Local\shamrockspringSA\bin\1.0.18.0\ShamrockSpringUninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8, 7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de "{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,38,12,7f,9b,9b, 9c,1f,0a,b3,0c,e6,c1,9f,c6,6e,b6,39,a8 "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{A531D99C-5A22-449B-83DA-872725C6D0ED}"=hex:51,66,7a,6c,4c,1d,38,12,f2,da,22, a1,10,14,f5,01,fc,cc,c4,67,20,98,94,f9 "{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5, 04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09 "{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{2EECD738-5844-4A99-B4B6-146BF802613B}"=hex:51,66,7a,6c,4c,1d,38,12,56,d4,ff, 2a,76,16,f7,0f,cb,a0,57,2b,fd,5c,25,2f "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39, 64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40, 69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18 "{85F5CF95-EC8F-49FC-BB3F-38C79455CBA2}"=hex:51,66,7a,6c,4c,1d,38,12,fb,cc,e6, 81,bd,a2,92,0c,c4,29,7b,87,91,0b,8f,b6 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE}"=hex:51,66,7a,6c,4c,1d,38,12,da,2d,3e, a0,03,93,db,0e,f5,b3,ce,0e,01,de,29,aa "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{B84CDBE7-1B46-494B-A188-01D4C52DEB61}"=hex:51,66,7a,6c,4c,1d,38,12,89,d8,5f, bc,74,55,25,0c,de,9e,42,94,c0,73,af,75 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}"=hex:51,66,7a,6c,4c,1d,38,12,90,a2,d1, e1,e9,c8,da,c2,6e,e6,59,e2,52,c0,c5,c9 "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db, f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00 "{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61, f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc "{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}"=hex:51,66,7a,6c,4c,1d,38,12,49,e1,1e, 1a,d6,12,cd,0b,d4,1a,c8,43,e4,f4,32,a8 "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,08,8a,67, 1a,82,e9,65,3d,9d,e9,17,af,a2,b0,e5,ab . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:ea,a1,94,81,34,46,cd,01 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-20 16:29:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-20 21:29 . Pre-Run: 214,176,563,200 bytes free Post-Run: 214,626,889,728 bytes free . - - End Of File - - B8D5EE6080D5BDC6DC1FAFB7BD3992DE