ComboFix 12-12-25.02 - Matt 12/25/2012 22:42:04.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2309 [GMT -5:00] Running from: d:\mydata\Desktop\ComboFix.exe Command switches used :: d:\mydata\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-11-26 to 2012-12-26 ))))))))))))))))))))))))))))))) . . 2012-12-26 03:49 . 2012-12-26 03:49 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-26 03:49 . 2012-12-26 03:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-26 03:49 . 2012-12-26 03:49 -------- d-----w- c:\users\Admin\AppData\Local\temp 2012-12-26 03:49 . 2012-12-26 03:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2682D75C-58C6-4340-942F-B91A047DF32C}\offreg.dll 2012-12-25 09:23 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-12-25 09:23 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-12-25 09:23 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-12-25 08:37 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2682D75C-58C6-4340-942F-B91A047DF32C}\mpengine.dll 2012-12-25 04:42 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-12-25 04:41 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-25 04:41 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-25 04:41 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-25 04:36 . 2012-11-28 20:58 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-25 04:24 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-25 04:24 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-25 04:24 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll 2012-12-25 04:24 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2012-12-25 04:24 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-25 04:24 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-25 04:23 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-25 04:23 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-25 04:23 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-25 04:23 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-25 04:23 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-25 04:23 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-25 04:23 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-25 04:20 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-12-25 04:20 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-12-25 04:20 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-12-25 04:20 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-12-25 04:20 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-12-25 04:11 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-12-25 04:11 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-12-25 04:11 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2012-12-25 04:11 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-12-25 04:11 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-12-25 04:11 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-12-25 04:11 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-12-25 04:11 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-12-25 04:11 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-12-25 04:11 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-12-25 04:11 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-12-25 03:46 . 2012-12-25 03:46 -------- d-----w- c:\windows\ERUNT 2012-12-25 03:46 . 2012-12-25 03:46 -------- d-----w- C:\JRT 2012-12-24 14:47 . 2012-12-24 14:47 -------- d-----w- c:\program files (x86)\Seagate 2012-12-24 14:05 . 2012-12-24 14:05 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2012-12-24 14:03 . 2012-12-01 05:49 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-12-24 14:03 . 2012-12-01 05:49 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-12-24 14:03 . 2012-12-01 05:49 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-12-24 14:03 . 2012-12-01 05:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe 2012-12-24 14:03 . 2012-12-01 05:48 6223208 ----a-w- c:\windows\system32\nvcpl.dll 2012-12-24 14:03 . 2012-12-01 05:48 3311464 ----a-w- c:\windows\system32\nvsvc64.dll 2012-12-24 14:02 . 2012-12-03 15:47 60776 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-24 14:02 . 2012-12-03 15:47 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-12-24 14:01 . 2012-12-24 14:01 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-12-24 09:06 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-12-24 09:06 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2012-12-24 09:06 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-12-24 09:06 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2012-12-24 09:06 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2012-12-24 09:06 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-12-24 09:06 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-24 09:06 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-12-24 09:06 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-12-24 09:04 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll 2012-12-24 09:03 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-24 09:02 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-24 09:01 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-12-24 09:00 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll 2012-12-24 09:00 . 2011-03-03 06:24 357888 ----a-w- c:\windows\system32\dnsapi.dll 2012-12-24 09:00 . 2011-03-03 06:21 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2012-12-24 09:00 . 2011-03-03 05:36 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2012-12-24 09:00 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-12-24 09:00 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-12-24 09:00 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-12-24 08:58 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-12-24 08:58 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-12-24 08:58 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-12-24 08:58 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2012-12-24 08:58 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2012-12-24 08:58 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-24 08:58 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-24 08:56 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2012-12-24 08:55 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2012-12-24 08:55 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2012-12-24 08:55 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll 2012-12-24 08:55 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2012-12-24 08:30 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-12-24 08:30 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-12-24 08:28 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-12-24 08:28 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-12-24 08:28 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-12-24 08:28 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2012-12-24 08:27 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-12-24 08:27 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-12-24 08:27 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-24 08:27 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-24 08:27 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-12-24 08:27 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-12-24 08:24 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-12-24 08:24 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-12-24 05:51 . 2012-12-24 12:40 -------- d-----w- c:\windows\Panther 2012-12-24 05:31 . 2012-12-24 04:48 -------- d-----w- C:\$WINDOWS.~Q 2012-12-24 05:24 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-12-24 05:24 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-12-24 05:24 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-12-24 05:17 . 2012-12-24 05:24 -------- d-----w- C:\$INPLACE.~TR 2012-12-24 05:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-12-24 05:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-12-24 05:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-12-24 05:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-12-24 05:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-12-24 05:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-12-24 05:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-12-24 05:15 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-12-24 05:15 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-12-24 04:22 . 2012-12-24 04:22 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-12-24 03:06 . 2012-12-25 15:07 -------- d-----w- c:\users\Matt 2012-12-24 03:03 . 2009-11-19 09:01 33792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\sugw2pc.dll 2012-12-24 03:01 . 2012-12-24 14:03 -------- d-----w- c:\program files\NVIDIA Corporation 2012-12-24 03:00 . 2012-12-24 03:00 -------- d-----w- c:\program files\Synaptics 2012-12-24 02:59 . 2012-12-24 02:59 -------- d-----w- c:\program files\Realtek 2012-12-24 02:59 . 2012-12-25 15:33 -------- d-----w- c:\windows\SysWow64\RTCOM 2012-12-24 02:53 . 2012-12-25 20:17 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-12-23 23:27 . 2012-12-15 19:33 -------- d-----w- C:\Windows Loader . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-25 20:20 . 2011-07-31 06:40 44544 ----a-w- c:\windows\SysWow64\agremove.exe 2012-12-23 22:33 . 2012-12-23 22:18 305008 ----a-w- C:\MGlogs.zip 2012-12-11 22:01 . 2012-04-13 14:16 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-11 22:01 . 2011-08-01 18:30 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 23:51 . 2011-07-31 13:23 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 23:51 . 2011-07-31 13:23 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 23:51 . 2011-07-31 13:23 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51 . 2011-07-31 13:23 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 23:51 . 2011-07-31 13:23 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 23:51 . 2011-07-31 13:22 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 23:50 . 2011-07-31 13:22 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 23:50 . 2011-07-31 05:48 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-17 09:31 . 2012-11-09 16:13 741480 ----a-w- c:\windows\system32\HPDiscoPM5912.dll 2012-10-16 08:38 . 2012-12-24 08:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-12-24 08:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-12-24 08:57 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 16:59 . 2012-02-26 17:00 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-04 22:29 . 2012-10-04 22:29 269176 ----a-w- c:\windows\system32\PDBoot.exe 2012-10-04 16:40 . 2012-12-24 09:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-09-30 00:54 . 2011-07-31 06:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:51 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416] "AltDrag"="c:\program files (x86)\AltDrag\AltDrag.exe" [2011-02-01 34304] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-29 2446648] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960] "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-06-28 75048] "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R3 CVCompressionService;CVision Compression Service;c:\program files (x86)\CVision\Services\CVCompressionService.exe [2006-06-26 167936] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-01-13 129440] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856] R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 se64a;EnTech softEngine;c:\windows\system32\drivers\se64a.sys [2007-05-03 14032] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-25 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys [2011-06-18 313696] R4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [2011-06-18 431456] S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-03-25 35392] S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/12/02 20:09];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-06-29 03:50 146928] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\DfsdkS64.exe [2009-08-25 544768] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10_50.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [2011-06-18 62111072] S2 PDFSFilter;PDFSFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-23 83224] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-28 81408] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] S2 SCAppMgr;Smart Client Manager;c:\program files (x86)\Ellie Mae\SCAppMgr\SCAppMgr.exe [2012-12-07 59392] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-11-19 11576] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560] . . Contents of the 'Scheduled Tasks' folder . 2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 22:01] . 2012-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076991497-3898917214-2073273038-1000Core.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 05:32] . 2012-12-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2076991497-3898917214-2073273038-1000UA.job - c:\users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 05:32] . 2012-12-16 c:\windows\Tasks\One-Click Optimizer.job - c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2012-12-16 17:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2012-08-29 18:43 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;192.168.*.* IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 Trusted Zone: etrac.biz Trusted Zone: oasissoftware.biz\www TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run- - (no file) AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-25 22:51:58 ComboFix-quarantined-files.txt 2012-12-26 03:51 ComboFix2.txt 2012-12-25 15:16 . Pre-Run: 31,958,028,288 bytes free Post-Run: 31,752,957,952 bytes free . - - End Of File - - 514011277A7F3F6A147BF09D19CF620C