ComboFix 13-10-24.01 - Stefan 2013/10/24 17:33:17.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.27.1033.18.3583.2736 [GMT 2:00] Running from: c:\users\Stefan\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\DefaultTab c:\program files\DefaultTab\DefaultTab.crx c:\program files\DefaultTab\DefaultTabSearch.exe c:\program files\DefaultTab\uid c:\program files\ElectroLyrics-1 c:\program files\ElectroLyrics-1\41844.xpi c:\program files\ElectroLyrics-1\background.html c:\program files\ElectroLyrics-1\ElectroLyrics-1-bg.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-bho.dll c:\program files\ElectroLyrics-1\ElectroLyrics-1-buttonutil.dll c:\program files\ElectroLyrics-1\ElectroLyrics-1-buttonutil.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-codedownloader.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-enabler.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-firefoxinstaller.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-helper.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1-updater.exe c:\program files\ElectroLyrics-1\ElectroLyrics-1.ico c:\program files\ElectroLyrics-1\Installer.log c:\program files\ElectroLyrics-1\Uninstall.exe c:\program files\ElectroLyrics-1\utils.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\addon.ico c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DT.ico c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\update.exe c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome.manifest c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\asyncDB.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\background.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\browserAction.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\contextMenu.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\dbManager.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\dom_bg.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\fileManager.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\firefox.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\firefoxNotifications.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\firefoxOmnibox.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\message.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\pageAction.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\request.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\tabs.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\api\webRequest.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\background.html c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\baseObject.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\browser.xul c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\console.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\consts.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\delegate.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\extensionDataStore.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\folderIOWrapper.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\httpObserver.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\IDBWrapper.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\installer.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\logFile.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\prefs.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\progressListenerObserver.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\registry.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\reloadObserver.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\reports.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\requestObject.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\searchSettings.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\uninstallObserver.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\updateManager.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\utils.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\core\xhr.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\dialog.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\main.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\options.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\options.xul c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\chrome\content\search_dialog.xul c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\defaults\preferences\prefs.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\manifest.xml c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins.json c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\1_base.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\101_cortica_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\102_dealply_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\103_intext_5_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\104_jollywallet_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\105_corticas_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\107_coupish_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\108_icm_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\116_ads_only_5_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\117_coupons_intext_ads_5_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\119_similar_web_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\120_luck_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\123_intext_adv_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\125_arcadi2_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\126_revizer_ws_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\127_revizer_p_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\128_superfish_pricora_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\129_widdit_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\13_CrossriderAppUtils.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\135_arcadi3_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\138_getdeal_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\14_CrossriderUtils.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\141_corticas_ru_m.js.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\142_intext_fa_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\155_ibario_pops_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\159_cortica_rollover_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\16_FFAppAPIWrapper.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\17_jQuery.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\170_icm1_5_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\171_arcadi2_sourceID_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\175_coolmirage_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\21_debug.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\22_resources.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\28_initializer.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\4_jquery_1_7_1.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\47_resources_background.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\64_appApiMessage.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\7_hooks.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\72_appApiValidation.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\78_CrossriderInfo.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\87_ginyas_wrapper.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\9_search_engine_hook.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\91_monetizationLoader.js.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\92_superfish_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\93_superfish_no_coupons_m.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\plugins\98_omniCommands.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\userCode\background.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\extensionData\userCode\extension.js c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\install.rdf c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\locale\en-US\translations.dtd c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\button1.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\button2.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\button3.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\button4.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\button5.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\crossrider_statusbar.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\icon128.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\icon16.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\icon24.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\icon48.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\panelarrow-up.png c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\popup.html c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\skin.css c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\extensions\bbf8c9b4-8e92-4864-a738-39b4d9d297ba@c61f16d8-dec3-4ab4-a153-723bd1d0f742.com\skin\update.css c:\users\Stefan\dxagvi.exe c:\users\Stefan\dxaleyl.exe c:\users\Stefan\dxayxcs.exe c:\users\Stefan\dxeccpws.exe c:\users\Stefan\dxemys.exe c:\users\Stefan\dxeriuw.exe c:\users\Stefan\dxfjnn.exe c:\users\Stefan\dxhbewgfq.exe c:\users\Stefan\dxhgyx.exe c:\users\Stefan\dxijldymn.exe c:\users\Stefan\dxivie.exe c:\users\Stefan\dxmfdot.exe c:\users\Stefan\dxnaku.exe c:\users\Stefan\dxnsqb.exe c:\users\Stefan\dxoaua.exe c:\users\Stefan\dxokxybd.exe c:\users\Stefan\dxqeuiurj.exe c:\users\Stefan\dxrkosal.exe c:\users\Stefan\dxuhweann.exe c:\users\Stefan\dxujed.exe c:\users\Stefan\dxupon.exe c:\users\Stefan\dxveae.exe c:\users\Stefan\dxxdag.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\roboot.exe c:\windows\system32\wpcap.dll . ----- File Replicators ----- . c:\frst\Quarantine\dxakokxu.exe c:\frst\Quarantine\dxavzr.exe c:\frst\Quarantine\dxbesgdoq.exe c:\frst\Quarantine\dxcadh.exe c:\frst\Quarantine\dxcbaathv.exe c:\frst\Quarantine\dxddoi.exe c:\frst\Quarantine\dxdjbu.exe c:\frst\Quarantine\dxgcftur.exe c:\frst\Quarantine\dxhuamnw.exe c:\frst\Quarantine\dxhvrn.exe c:\frst\Quarantine\dxiewkke.exe c:\frst\Quarantine\dxiynj.exe c:\frst\Quarantine\dxizkvbep.exe c:\frst\Quarantine\dxkdufa.exe c:\frst\Quarantine\dxlmhx.exe c:\frst\Quarantine\dxojim.exe c:\frst\Quarantine\dxoyiv.exe c:\frst\Quarantine\dxqafz.exe c:\frst\Quarantine\dxriojni.exe c:\frst\Quarantine\dxrjiy.exe c:\frst\Quarantine\dxrrblix.exe c:\frst\Quarantine\dxsezfjt.exe c:\frst\Quarantine\dxtjrk.exe c:\frst\Quarantine\dxtseu.exe c:\frst\Quarantine\dxudeh.exe c:\frst\Quarantine\dxxtwdeuo.exe c:\frst\Quarantine\dxyrsiu.exe c:\frst\Quarantine\dxzkhbwa.exe c:\users\Stefan\dxagvi.exe c:\users\Stefan\dxaleyl.exe c:\users\Stefan\dxayxcs.exe c:\users\Stefan\dxeccpws.exe c:\users\Stefan\dxemys.exe c:\users\Stefan\dxeriuw.exe c:\users\Stefan\dxfjnn.exe c:\users\Stefan\dxhbewgfq.exe c:\users\Stefan\dxhgyx.exe c:\users\Stefan\dxijldymn.exe c:\users\Stefan\dxivie.exe c:\users\Stefan\dxmfdot.exe c:\users\Stefan\dxnaku.exe c:\users\Stefan\dxnsqb.exe c:\users\Stefan\dxoaua.exe c:\users\Stefan\dxokxybd.exe c:\users\Stefan\dxqeuiurj.exe c:\users\Stefan\dxrkosal.exe c:\users\Stefan\dxuhweann.exe c:\users\Stefan\dxujed.exe c:\users\Stefan\dxupon.exe c:\users\Stefan\dxveae.exe c:\users\Stefan\dxxdag.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_NPF -------\Service_Run -------\Service_Registry Helper Service . . ((((((((((((((((((((((((( Files Created from 2013-09-24 to 2013-10-24 ))))))))))))))))))))))))))))))) . . 2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\Common Files\Plasmoo 2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\users\Stefan\AppData\Roaming\DVDVideoSoft 2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2013-10-22 17:25 . 2013-10-22 17:25 -------- d-----w- c:\program files\DVDVideoSoft 2013-10-08 06:18 . 2013-10-08 06:18 -------- d-----w- c:\program files\SevenZip 2013-10-08 06:15 . 2013-10-08 06:15 -------- d-----w- c:\users\Stefan\AppData\Local\SwvUpdater 2013-10-08 04:50 . 2013-10-24 15:28 -------- d-----w- C:\FRST 2013-10-07 14:22 . 2013-10-07 14:23 -------- d-----w- c:\programdata\MFAData 2013-10-07 14:22 . 2013-10-07 14:22 -------- d--h--w- c:\programdata\Common Files 2013-10-07 14:22 . 2013-10-07 14:22 -------- d-----w- c:\users\Stefan\AppData\Local\MFAData 2013-10-07 14:22 . 2013-10-07 14:22 -------- d-----w- c:\users\Stefan\AppData\Local\Avg2014 2013-10-07 12:29 . 2013-10-24 15:41 -------- d-----w- c:\users\Stefan\AppData\Roaming\NetSpeedMonitor 2013-10-07 12:29 . 2013-10-07 12:29 -------- d-----w- c:\program files\NetSpeedMonitor 2013-10-01 15:07 . 2013-10-01 15:07 -------- d-----w- c:\program files\Firaxis Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-27 20:00 . 2013-02-24 10:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-27 20:00 . 2013-02-24 10:07 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-09-20 13:45 . 2013-09-20 13:45 389120 ----a-w- c:\windows\system32\RegistryHelperLM.ocx 2013-08-23 13:24 . 2013-08-23 13:24 87392 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_10EBE4A00F514DB49EA9B218A1E9D3F5.exe 2013-08-23 13:24 . 2013-08-23 13:24 87392 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\NewShortcut4_941FA141AAB14924B185046EE8E1BDD9.exe 2013-08-23 13:24 . 2013-08-23 13:24 71008 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_BF4E5749C8A942ACA48E229C02AC7D3D.exe 2013-08-23 13:24 . 2013-08-23 13:24 71008 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\ARPPRODUCTICON.exe 2013-08-23 13:24 . 2013-08-23 13:24 136544 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{90481BEA-8F52-4FE7-A0D6-BBFAB003D997}\VideoConverter5_St_4949825D36F8486CAED8D1FA37A2B641.exe 2013-07-30 15:36 . 2013-07-30 15:36 4608 ----a-w- c:\windows\system32\w95inf32.dll 2013-07-30 15:36 . 2013-07-30 15:36 2272 ----a-w- c:\windows\system32\w95inf16.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2013-03-26 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2012-06-20 74752] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "EKAiO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-03-01 2421760] "MobileBroadband"="c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2011-04-19 408576] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SolidWorks Background Downloader.lnk - c:\program files\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe /launch_from 0 [2013-7-18 1826600] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-10-05 87336] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-04-18 102784] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2011-04-18 11136] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-04-18 85760] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-04-18 26496] R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2011-04-18 168448] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-26 1343400] R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-10-26 2799808] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-24 242240] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [2011-03-09 366000] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272] S2 VmbService;Vodafone Mobile Broadband Service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [2011-04-19 9216] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-04-18 72832] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2009-07-13 311808] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc . Contents of the 'Scheduled Tasks' folder . 2013-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 20:00] . 2013-10-24 c:\windows\Tasks\AmiUpdXp.job - c:\users\Stefan\AppData\Local\SwvUpdater\Updater.exe [2013-10-08 06:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5 mStart Page = hxxp://websearch.youwillfind.info/?pid=658&r=2013/05/02&hid=763785938&lg=EN&cc=ZA IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.42.129 TCP: Interfaces\{131B5047-1B2C-449F-9AAC-DC252D82C1E1}: NameServer = 196.207.36.251 196.207.36.254 TCP: Interfaces\{17F7B7DA-3406-4F8D-9541-EA905EED8D4A}: NameServer = 196.207.36.251 196.207.36.254 TCP: Interfaces\{C775872A-FCC3-42EA-AAFA-AD8B5396A367}: NameServer = 196.207.36.251 196.207.36.254 TCP: Interfaces\{CB318F49-15F3-407F-9EBE-BBA23BBCC213}: NameServer = 196.207.36.251 196.207.36.254 FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\ltu82yf4.default\ FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={5CD6CB79-8ADD-4852-82CF-00ED47F6214E}&serpv=5 . - - - - ORPHANS REMOVED - - - - . HKLM-Run-Conime - c:\windows\system32\conime.exe HKLM-Run-Registry Helper - c:\program files\Registry Helper\RegistryHelper.Exe AddRemove-DefaultTab - c:\users\Stefan\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe AddRemove-ElectroLyrics-1 - c:\program files\ElectroLyrics-1\Uninstall.exe AddRemove-Registry Helper - c:\program files\Registry Helper\uninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆL ( L ( ˜—5lÇW] @Class="Shell" @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**ˆL ( L ( ˜—5lÇW\OpenWithList] @Class="Shell" "a"="vlc.exe" "MRUList"="a" . [HKEY_USERS\S-1-5-21-2482761239-3750086217-1899643328-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.**ˆL ( L ( ˜—5lÇW] @Allowed: (Read) (RestrictedCode) "0"=hex:44,3a,5c,4d,75,73,69,63,20,76,69,64,65,6f,73,5c,42,65,65,20,47,65,65, 73,20,2d,20,49,6e,20,54,68,65,20,28,4f,72,69,67,69,6e,61,6c,20,31,39,36,35,\ "MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\AUDIODG.EXE c:\program files\NVIDIA Corporation\Display\nvxdsync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\System32\rundll32.exe c:\program files\NVIDIA Corporation\Display\nvtray.exe c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2013-10-24 17:43:47 - machine was rebooted ComboFix-quarantined-files.txt 2013-10-24 15:43 . Pre-Run: 3 218 190 336 bytes free Post-Run: 3 553 181 696 bytes free . - - End Of File - - 6F44EDAF8F8BC53FD95CB9C13EFCC856 A36C5E4F47E84449FF07ED3517B43A31