ComboFix 13-04-12.02 - K-OK 04/12/2013 23:35:59.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.3678 [GMT -4:00] Running from: c:\users\K-OK\Desktop\ComboFix.exe AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll c:\programdata\PCDr\6032\AddOnDownloaded\2d5007b2-cc36-4b97-a231-d0c427a69035.dll c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll c:\programdata\PCDr\6032\AddOnDownloaded\75609d46-7fbb-40a8-a578-eec234c38e9a.dll c:\programdata\PCDr\6032\AddOnDownloaded\827ed839-f1a1-460d-82db-7790aaf0bceb.dll c:\programdata\PCDr\6032\AddOnDownloaded\c870b857-9ba2-408a-b058-928ff7135168.dll c:\programdata\PCDr\6032\AddOnDownloaded\ca39d363-7f7b-442f-9d1a-7cf8e06b7b08.dll c:\users\K-OK\AppData\Roaming\WTouch c:\users\K-OK\AppData\Roaming\WTouch\WTouch.xml c:\users\K-OK\g2mdlhlpx.exe c:\users\K-OK\GoToAssistDownloadHelper.exe . . ((((((((((((((((((((((((( Files Created from 2013-03-13 to 2013-04-13 ))))))))))))))))))))))))))))))) . . 2013-04-13 03:42 . 2013-04-13 03:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-11 20:48 . 2013-04-11 20:48 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-04-11 20:45 . 2013-04-11 20:44 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-11 01:05 . 2013-04-11 01:05 -------- d-----w- c:\programdata\Kaspersky Lab 2013-04-10 08:05 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 08:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-04-10 08:05 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll 2013-04-10 08:05 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll 2013-04-10 08:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll 2013-04-10 08:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll 2013-04-10 08:05 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-04-10 08:05 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 08:00 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-04-10 08:00 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 08:00 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-04-10 08:00 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-04-10 08:00 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 08:00 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-04-10 08:00 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe 2013-04-08 02:30 . 2013-04-08 02:30 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-04-08 02:30 . 2013-04-08 02:30 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs 2013-04-08 02:26 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2013-04-08 02:26 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2013-04-08 02:26 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2013-04-08 02:26 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2013-04-08 02:12 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-04-08 02:12 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-04-08 02:12 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-04-08 02:12 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-04-08 02:11 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2013-04-08 02:11 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2013-04-08 02:11 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2013-04-08 02:11 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2013-04-08 02:11 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2013-04-08 02:11 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2013-04-08 02:11 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2013-04-07 20:44 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-04-07 20:44 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-04-07 20:44 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2013-04-07 20:44 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2013-04-07 20:44 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2013-04-07 20:44 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2013-04-07 20:44 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2013-04-07 20:44 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2013-04-07 20:42 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll 2013-04-07 20:41 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys 2013-04-07 20:41 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2013-04-07 20:41 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2013-04-07 20:41 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-04-07 20:41 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll 2013-04-07 20:41 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll 2013-04-07 20:41 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll 2013-04-07 20:41 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2013-04-07 20:41 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll 2013-04-07 20:41 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2013-04-07 20:40 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll 2013-04-07 20:40 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe 2013-04-07 20:40 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe 2013-04-07 20:40 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-04-07 20:40 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2013-04-07 20:40 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-04-07 20:40 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-04-07 20:40 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-04-07 20:40 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-04-07 16:11 . 2013-04-07 16:11 -------- d-----w- C:\_OTL 2013-04-03 02:24 . 2013-04-03 02:29 -------- d-----w- c:\users\K-OK\AppData\Local\Akamai 2013-03-30 17:12 . 2013-03-30 17:12 -------- d-----w- c:\program files (x86)\RealNetworks 2013-03-30 17:11 . 2013-03-30 17:11 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2013-03-28 19:48 . 2013-03-28 19:47 310688 ----a-w- c:\windows\system32\javaws.exe 2013-03-28 19:48 . 2013-03-28 19:47 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-28 19:48 . 2013-03-28 19:47 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-03-28 19:48 . 2013-03-28 19:47 188832 ----a-w- c:\windows\system32\javaw.exe 2013-03-28 19:48 . 2013-03-28 19:47 188320 ----a-w- c:\windows\system32\java.exe 2013-03-28 03:03 . 2013-04-13 03:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2013-03-27 23:20 . 2013-03-27 23:20 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2013-03-27 23:20 . 2013-03-27 23:20 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys 2013-03-27 23:20 . 2013-03-27 23:20 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2013-03-27 20:21 . 2013-03-27 20:37 -------- d-----w- c:\program files (x86)\AOL Desktop 9.7 2013-03-25 00:50 . 2013-04-13 03:33 -------- d-----w- c:\users\Guest 2013-03-22 19:40 . 2013-03-30 17:11 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-11 20:44 . 2012-07-22 21:53 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-11 20:44 . 2010-07-12 21:30 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-11 02:03 . 2010-06-29 15:56 72702784 ----a-w- c:\windows\system32\MRT.exe 2013-03-30 23:41 . 2012-06-19 21:24 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-30 23:41 . 2012-06-19 21:24 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-28 19:47 . 2010-07-26 05:52 963488 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-27 20:19 . 2011-02-16 18:07 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe 2013-02-12 05:45 . 2013-04-07 20:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-04-07 20:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-04-07 20:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-04-07 20:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-04-07 20:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-04-07 20:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files (x86)\Freecorder 6\tbcore3.dll" [2012-08-01 2711928] . [HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SansaDispatch"="c:\users\K-OK\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-10-01 79872] "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2011-11-23 652048] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "Akamai NetSession Interface"="c:\users\K-OK\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416] "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7\AOL.EXE" [2013-03-22 72760] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312] "VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-30 295512] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392] "HostManager"="c:\program files (x86)\Common Files\AOL\1277846187\ee\AOLSoftware.exe" [2010-03-08 41800] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2010-07-21 165184] . c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . c:\users\K-OK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2010-04-04 15:43 144712 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-03 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-10 79360] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 NANMp50;NANMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANMp50.sys [x] R3 NANSp50;NANSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NANSp50.sys [x] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-06-10 79360] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-10-05 18288] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-08-12 55856] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-03-27 28600] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-07 140672] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\AESTSr64.exe [2009-03-02 89600] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-03-27 86752] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-11-20 321064] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER . Contents of the 'Scheduled Tasks' folder . 2013-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2403251468-2243473187-2498939095-1001Core.job - c:\users\K-OK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 06:12] . 2013-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2403251468-2243473187-2498939095-1001UA.job - c:\users\K-OK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-17 06:12] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-09-16 497648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.buddyrhodespresents.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local; IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: dell.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\K-OK\AppData\Roaming\Mozilla\Firefox\Profiles\dlyb8s0n.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - Google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q= FF - ExtSQL: 2013-03-30 13:12; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) Wow6432Node-HKLM-Run-FAStartup - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{C73A3942-84C8-4597-9F9B-EE227DCBA758} - c:\programdata\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}\delldock.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe c:\program files (x86)\AOL Desktop 9.7\waol.exe c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe c:\program files (x86)\AOL Desktop 9.7\shellmon.exe . ************************************************************************** . Completion time: 2013-04-12 23:54:50 - machine was rebooted ComboFix-quarantined-files.txt 2013-04-13 03:54 . Pre-Run: 29,045,456,896 bytes free Post-Run: 29,351,989,248 bytes free . - - End Of File - - A5961D0E6BC82FC620DF62B4E70A0A13