ComboFix 13-12-26.01 - Franklin 12/27/2013 20:58:57.2.6 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5733 [GMT -5:00] Running from: c:\users\Franklin\Pictures\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-11-28 to 2013-12-28 ))))))))))))))))))))))))))))))) . . 2013-12-28 02:05 . 2013-12-28 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-12-27 21:40 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys 2013-12-27 20:33 . 2013-12-27 23:46 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F147E49-1A33-445B-A171-C5A3965639D2}\offreg.dll 2013-12-27 20:22 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F147E49-1A33-445B-A171-C5A3965639D2}\mpengine.dll 2013-12-27 17:17 . 2013-12-27 17:17 -------- d-----w- c:\programdata\APN 2013-12-26 21:57 . 2013-12-26 21:57 -------- d-----w- c:\programdata\ATI 2013-12-26 21:57 . 2013-12-26 21:57 -------- d-----w- c:\program files (x86)\AMD AVT 2013-12-26 21:32 . 2013-12-26 21:32 -------- d-----w- c:\program files\AMD 2013-12-26 08:22 . 2013-12-27 23:10 -------- d-----w- C:\FRST 2013-12-26 08:12 . 2013-12-26 08:12 -------- d-----w- c:\windows\ERUNT 2013-12-26 07:59 . 2013-12-26 08:00 -------- d-----w- C:\AdwCleaner 2013-12-26 03:26 . 2013-12-26 03:28 -------- d-----w- c:\users\Franklin\Doctor_Who_2005.2013_Christmas_Special.The_Time_of_The_Doctor.HDTV_x264-FoV[rarbg] 2013-12-25 21:07 . 2013-12-25 22:14 -------- d-----w- c:\users\Franklin\Books for Children and Parents 2013-12-25 20:54 . 2013-12-25 21:00 -------- d-----w- c:\users\Franklin\Kindle Books - K 2013-12-25 20:53 . 2013-12-25 20:56 -------- d-----w- c:\users\Franklin\Kindle Books - Q, R 2013-12-25 20:53 . 2013-12-25 20:57 -------- d-----w- c:\users\Franklin\Kindle Books - W, X, Y, Z 2013-12-25 19:26 . 2013-12-25 19:28 -------- d-----w- c:\users\Franklin\Kindle Books - C 2013-12-25 19:16 . 2013-12-25 19:16 -------- d-----w- c:\users\Franklin\Suzanne Collins 2013-12-25 06:20 . 2013-12-25 06:20 -------- d-----w- c:\users\Franklin\AppData\Roaming\Malwarebytes 2013-12-25 06:20 . 2013-12-25 06:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-12-25 06:20 . 2013-12-25 06:20 -------- d-----w- c:\programdata\Malwarebytes 2013-12-25 06:20 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-12-22 13:15 . 2013-12-22 13:15 -------- d-----w- c:\users\Franklin\.android 2013-12-22 13:15 . 2013-12-22 13:15 -------- d-----w- c:\users\Franklin\AppData\Local\cache 2013-12-22 13:15 . 2013-12-22 13:15 -------- d-----w- c:\users\Franklin\AppData\Local\genienext 2013-12-20 05:06 . 2013-12-20 05:11 -------- d-----w- c:\users\Franklin\The Monster Squad [1987] 1080p BluRay AAC x264-tomcat12[ETRG] 2013-12-18 08:27 . 2013-12-22 07:07 -------- d-----w- c:\users\Franklin\NCIS Los Angeles S05E12 HDTV x264-LOL[ettv] 2013-12-18 08:27 . 2013-12-18 08:32 -------- d-----w- c:\users\Franklin\Uncovering Aliens S01E01 Black Ops Conspiracy HDTV x264-SPASM 2013-12-13 18:31 . 2013-12-13 18:31 -------- d-----w- c:\users\Franklin\Penthouse Letters January 2013 [azizex666] 2013-12-12 08:13 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe 2013-12-12 08:13 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2013-12-12 08:13 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe 2013-12-12 08:13 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL 2013-12-12 08:13 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll 2013-12-11 19:58 . 2013-12-11 19:58 9293192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-12-11 08:05 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE 2013-12-11 08:02 . 2013-12-11 08:02 97880 ----a-w- c:\program files (x86)\Internet Explorer\pdmproxy100.dll 2013-12-10 06:51 . 2013-12-10 06:55 -------- d-----w- c:\users\Franklin\The Mortal Instruments City of Bones (2013) 2013-12-10 05:16 . 2013-12-10 05:16 -------- d-----w- c:\users\Franklin\The Park Service Book One of Series - Ryan Winfield 2013-12-07 22:14 . 2013-12-07 22:27 -------- d-----w- c:\users\Franklin\Dexter.S08.Season.8.720p.WEB-DL.H264-BS [PublicHD] 2013-12-07 17:29 . 2013-12-07 17:30 -------- d-----w- c:\users\Franklin\Insidious Chapter 2 [2013] BRRip XViD[AC3]-juggs[ETRG] 2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\atimpc64.dll 2013-12-06 22:07 . 2013-12-06 22:07 78432 ----a-w- c:\windows\system32\amdpcom64.dll 2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll 2013-12-06 22:07 . 2013-12-06 22:07 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2013-12-06 22:02 . 2013-12-06 22:02 98496 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2013-12-06 22:00 . 2013-12-06 22:00 9753752 ----a-w- c:\windows\system32\atidxx64.dll 2013-12-06 21:59 . 2013-12-06 21:59 8287008 ----a-w- c:\windows\SysWow64\atiumdva.dll 2013-12-06 21:58 . 2013-12-06 21:58 6630232 ----a-w- c:\windows\SysWow64\atiumdag.dll 2013-12-06 21:52 . 2013-12-06 21:52 13207552 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2013-12-06 21:49 . 2013-12-06 21:49 51200 ----a-w- c:\windows\system32\kdbsdk64.dll 2013-12-06 21:44 . 2013-12-06 21:44 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll 2013-12-06 21:38 . 2013-12-06 21:38 230912 ----a-w- c:\windows\system32\clinfo.exe 2013-12-06 21:38 . 2013-12-06 21:38 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe 2013-12-06 21:38 . 2013-12-06 21:38 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe 2013-12-06 21:38 . 2013-12-06 21:38 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe 2013-12-06 21:38 . 2013-12-06 21:38 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe 2013-12-06 21:38 . 2013-12-06 21:38 99840 ----a-w- c:\windows\system32\OpenVideo64.dll 2013-12-06 21:38 . 2013-12-06 21:38 83968 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2013-12-06 21:38 . 2013-12-06 21:38 86528 ----a-w- c:\windows\system32\OVDecode64.dll 2013-12-06 21:38 . 2013-12-06 21:38 73728 ----a-w- c:\windows\SysWow64\OVDecode.dll 2013-12-06 21:37 . 2013-12-06 21:37 29382144 ----a-w- c:\windows\system32\amdocl64.dll 2013-12-06 21:35 . 2013-12-06 21:35 24860160 ----a-w- c:\windows\SysWow64\amdocl.dll 2013-12-06 21:33 . 2013-12-06 21:33 63488 ----a-w- c:\windows\system32\OpenCL.dll 2013-12-06 21:33 . 2013-12-06 21:33 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-12-06 21:26 . 2013-12-06 21:26 129536 ----a-w- c:\windows\system32\coinst_13.251.dll 2013-12-06 21:16 . 2013-12-06 21:16 26352128 ----a-w- c:\windows\system32\atio6axx.dll 2013-12-06 21:13 . 2013-12-06 21:13 368640 ----a-w- c:\windows\system32\atiapfxx.exe 2013-12-06 21:12 . 2013-12-06 21:12 62464 ----a-w- c:\windows\system32\aticalrt64.dll 2013-12-06 21:12 . 2013-12-06 21:12 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll 2013-12-06 21:12 . 2013-12-06 21:12 55808 ----a-w- c:\windows\system32\aticalcl64.dll 2013-12-06 21:12 . 2013-12-06 21:12 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll 2013-12-06 21:12 . 2013-12-06 21:12 15716352 ----a-w- c:\windows\system32\aticaldd64.dll 2013-12-06 21:09 . 2013-12-06 21:09 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll 2013-12-06 20:58 . 2013-12-06 20:58 22157824 ----a-w- c:\windows\SysWow64\atioglxx.dll 2013-12-06 20:53 . 2013-12-06 20:53 442368 ----a-w- c:\windows\system32\atidemgy.dll 2013-12-06 20:53 . 2013-12-06 20:53 31232 ----a-w- c:\windows\system32\atimuixx.dll 2013-12-06 20:53 . 2013-12-06 20:53 588288 ----a-w- c:\windows\system32\atieclxx.exe 2013-12-06 20:52 . 2013-12-06 20:52 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2013-12-06 20:50 . 2013-12-06 20:50 190976 ----a-w- c:\windows\system32\atitmm64.dll 2013-12-06 20:22 . 2013-12-06 20:22 1144320 ----a-w- c:\windows\system32\atiadlxx.dll 2013-12-06 20:22 . 2013-12-06 20:22 825344 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2013-12-06 20:22 . 2013-12-06 20:22 74752 ----a-w- c:\windows\system32\atig6pxx.dll 2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2013-12-06 20:22 . 2013-12-06 20:22 69632 ----a-w- c:\windows\system32\atiglpxx.dll 2013-12-06 20:22 . 2013-12-06 20:22 100352 ----a-w- c:\windows\system32\atig6txx.dll 2013-12-06 20:21 . 2013-12-06 20:21 96768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2013-12-06 20:21 . 2013-12-06 20:21 626176 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2013-12-06 20:18 . 2013-12-06 20:18 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2013-12-02 05:29 . 2013-12-02 05:29 -------- d-----w- c:\users\Franklin\Witches of East End S01E09 HDTV x264-KILLERS[ettv] 2013-12-02 05:25 . 2013-12-02 05:27 -------- d-----w- c:\users\Franklin\The Walking Dead S04E08 HDTV x264-2HD[ettv] 2013-12-01 05:02 . 2013-12-01 05:05 -------- d-----w- c:\users\Franklin\[www.Glotorrents.com] - Atlantis.2013.S01E09.Pandoras.Box.HDTV.x264-4PlayHD 2013-11-30 01:52 . 2013-11-30 01:58 -------- d-----w- c:\users\Franklin\Riddick[2013] DVDRip XViD[AC3]-juggs[ETRG] . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-26 21:14 . 2012-05-11 09:25 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-12-26 21:14 . 2011-06-13 17:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-14 08:00 . 2011-03-20 21:52 90708896 ----a-w- c:\windows\system32\MRT.exe 2013-12-06 22:04 . 2011-01-27 02:12 143304 ----a-w- c:\windows\system32\atiuxp64.dll 2013-12-06 22:03 . 2012-09-28 01:11 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2013-12-06 22:03 . 2012-12-19 19:31 115512 ----a-w- c:\windows\system32\atiu9p64.dll 2013-12-06 22:01 . 2012-12-19 20:08 1318552 ----a-w- c:\windows\system32\aticfx64.dll 2013-12-06 22:01 . 2012-09-28 01:43 1100216 ----a-w- c:\windows\SysWow64\aticfx32.dll 2013-12-06 21:59 . 2012-09-28 01:39 8406024 ----a-w- c:\windows\SysWow64\atidxx32.dll 2013-12-06 21:57 . 2012-12-19 19:59 8927704 ----a-w- c:\windows\system32\atiumd6a.dll 2013-12-06 21:56 . 2012-12-19 19:44 7751920 ----a-w- c:\windows\system32\atiumd64.dll 2013-11-22 00:39 . 2013-09-28 09:40 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-11-19 08:33 . 2011-03-20 03:38 267936 ------w- c:\windows\system32\MpSigStub.exe 2013-10-12 02:30 . 2013-11-13 10:17 830464 ----a-w- c:\windows\system32\nshwfp.dll 2013-10-12 02:29 . 2013-11-13 10:17 859648 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-12 02:29 . 2013-11-13 10:17 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-10-12 02:03 . 2013-11-13 10:17 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll 2013-10-12 02:01 . 2013-11-13 10:17 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL 2013-10-05 20:25 . 2013-11-13 10:18 1474048 ----a-w- c:\windows\system32\crypt32.dll 2013-10-05 19:57 . 2013-11-13 10:18 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-10-04 02:28 . 2013-11-13 10:17 190464 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll 2013-10-04 02:25 . 2013-11-13 10:17 197120 ----a-w- c:\windows\system32\credui.dll 2013-10-04 02:24 . 2013-11-13 10:17 1930752 ----a-w- c:\windows\system32\authui.dll 2013-10-04 01:58 . 2013-11-13 10:17 152576 ----a-w- c:\windows\SysWow64\SmartcardCredentialProvider.dll 2013-10-04 01:56 . 2013-11-13 10:17 168960 ----a-w- c:\windows\SysWow64\credui.dll 2013-10-04 01:56 . 2013-11-13 10:17 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-10-03 02:23 . 2013-11-13 10:17 404480 ----a-w- c:\windows\system32\gdi32.dll 2013-10-03 02:00 . 2013-11-13 10:17 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cbox"="c:\program files (x86)\Cbox\Cbox" [X] "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656] "OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-06-11 3407496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-16 2245120] "RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "lxddmon.exe"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496] "lxddamon"="c:\program files (x86) (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208] . c:\users\Franklin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2011-3-19 0] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ NETGEAR WNDA3100v2 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe [2011-3-19 3280896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxddserv.exe [x] R2 WSWNDA3100;WSWNDA3100;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys;c:\windows\SYSNATIVE\DRIVERS\S3XXx64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe;c:\windows\SysWOW64\AsHookDevice.exe [x] S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe;c:\windows\SYSNATIVE\lxddcoms.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2013-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-11 21:14] . 2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-13 03:21] . 2013-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-13 03:21] . 2013-12-24 c:\windows\Tasks\Norton Security Scan for Franklin.job - c:\progra~2\NORTON~2\Engine\376~1.5\Nss.exe [2012-11-15 03:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "lxddmon.exe"="c:\program files (x86)\Lexmark 2500 Series\lxddmon.exe" [2009-04-27 291496] "lxddamon"="c:\program files (x86)\Lexmark 2500 Series\lxddamon.exe" [2009-04-27 25256] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm mSearchAssistant = hxxp://www.google.com IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 Trusted Zone: af.mil\www.my TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\users\Franklin\AppData\Roaming\Mozilla\Firefox\Profiles\mjqudjd9.default\ FF - prefs.js: browser.search.selectedEngine - Ask Search FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1080978737-3567266213-3042980569-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFD0831A-E881-4365-9F66-EA3A0FC03CD9}*ALID*] @Allowed: (Read) (RestrictedCode) "AppName"="Roblox.exe" "Policy"=dword:00000003 "AppPath"="c:\\Users\\Franklin\\AppData\\Local\\Roblox\\Versions\\version-fa4cea1530284e83\\" . [HKEY_USERS\S-1-5-21-1080978737-3567266213-3042980569-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-1080978737-3567266213-3042980569-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.eml.14" . [HKEY_USERS\S-1-5-21-1080978737-3567266213-3042980569-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-1080978737-3567266213-3042980569-1000) @Denied: (2) (LocalSystem) "Progid"="Outlook.File.vcf.14" . [HKEY_USERS\S-1-5-21-1080978737-3567266213-3042980569-1000\Software\SecuROM\License information*] "datasecu"=hex:cb,ea,62,94,8c,36,a8,4d,5b,9b,ce,1a,c3,08,44,7b,af,5b,b9,2a,08, 9a,00,d5,01,e0,a2,7f,89,cc,74,bb,43,bb,fa,a4,71,94,aa,5d,10,c4,b7,a2,9d,b9,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-12-27 21:07:32 ComboFix-quarantined-files.txt 2013-12-28 02:07 ComboFix2.txt 2013-12-28 00:12 . Pre-Run: 517,808,250,880 bytes free Post-Run: 517,503,246,336 bytes free . - - End Of File - - EFF654D11354C0D584CB5B20A647B832 4976D4A7A40B83FC7F06EE4BDD84EB9B