ComboFix 14-02-24.02 - Beverly 02/28/2014 16:32:25.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2124 [GMT -4:00] Running from: c:\users\Beverly\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SearchProtect c:\program files (x86)\SearchProtect\EULA.txt c:\program files (x86)\SearchProtect\Main\bin\CltMngSvc.exe c:\program files (x86)\SearchProtect\Main\bin\SPTool.dll c:\program files (x86)\SearchProtect\Main\bin\uninstall.exe c:\program files (x86)\SearchProtect\Main\rep\SystemRepository.dat c:\program files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe c:\program files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll c:\program files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll c:\program files (x86)\SearchProtect\UI\bin\cltmngui.exe c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html c:\program files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js c:\program files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bg.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\hez.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\text-field.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\v.png c:\program files (x86)\SearchProtect\UI\dialogs\Images\x.png c:\program files (x86)\SearchProtect\UI\dialogs\libs\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\main.js c:\program files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js c:\program files (x86)\SearchProtect\UI\dialogs\protection\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.css c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.html c:\program files (x86)\SearchProtect\UI\dialogs\protection\protection.js c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html c:\program files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js c:\program files (x86)\SearchProtect\UI\dialogs\settings.html c:\program files (x86)\SearchProtect\UI\dialogs\settings\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.css c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.html c:\program files (x86)\SearchProtect\UI\dialogs\settings\settings.js c:\program files (x86)\SearchProtect\UI\dialogs\style.css c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html c:\program files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini c:\users\Beverly\AppData\Local\AnyProtectScannerSetup.exe Q:\AUTORUN.INF . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_Level Quality Watcher . . ((((((((((((((((((((((((( Files Created from 2014-01-28 to 2014-02-28 ))))))))))))))))))))))))))))))) . . 2014-02-28 20:45 . 2014-02-28 20:45 -------- d-----w- c:\users\TEMP\AppData\Local\temp 2014-02-28 20:45 . 2014-02-28 20:45 -------- d-----w- c:\users\TEMP.Beverly-THINK\AppData\Local\temp 2014-02-28 20:45 . 2014-02-28 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-28 20:45 . 2014-02-28 20:45 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2014-02-28 13:55 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDF7C0D5-6769-44AC-BA22-D5EC2EF8DF78}\mpengine.dll 2014-02-27 20:56 . 2014-02-27 20:56 -------- d-----w- c:\program files\SavingsbullFilter 2014-02-27 13:57 . 2014-02-27 13:57 -------- d-----w- c:\windows\Migration 2014-02-26 23:09 . 2014-02-26 23:09 -------- d-----w- c:\users\Beverly\AppData\Roaming\SparkTrust 2014-02-26 23:08 . 2014-02-26 23:08 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust 2014-02-26 23:08 . 2014-02-26 23:08 -------- d-----w- c:\programdata\SparkTrust 2014-02-26 23:08 . 2014-02-26 23:08 -------- d-----w- c:\program files (x86)\SparkTrust 2014-02-26 20:52 . 2014-02-26 20:52 -------- d-----w- c:\program files (x86)\Video-Saver-soft 2014-02-26 20:51 . 2014-02-26 23:55 -------- d-----w- c:\program files (x86)\FindRight 2014-02-26 20:51 . 2014-02-26 20:53 -------- d-----w- c:\users\Beverly\AppData\Roaming\mysearchdial 2014-02-26 20:51 . 2014-02-26 20:51 -------- d-----w- c:\program files (x86)\Mysearchdial 2014-02-26 20:51 . 2014-02-26 20:53 -------- d-----w- c:\program files (x86)\AnyProtectEx 2014-02-26 20:41 . 2014-02-26 20:41 -------- d-----w- c:\programdata\Systweak 2014-02-26 20:41 . 2014-02-26 20:41 -------- d-----w- c:\program files (x86)\Advanced System Protector 2014-02-26 20:41 . 2012-07-25 16:03 16896 ----a-w- c:\windows\system32\sasnative64.exe 2014-02-26 20:40 . 2014-02-26 20:50 -------- d-----w- c:\users\Beverly\AppData\Roaming\VOPackage 2014-02-26 20:40 . 2014-02-26 20:41 -------- d-----w- c:\users\Beverly\AppData\Roaming\Systweak 2014-02-24 17:33 . 2014-02-26 14:53 -------- d-----w- c:\program files (x86)\Optimizer Pro 2014-02-24 17:32 . 2014-02-26 20:39 -------- d-----w- c:\users\Beverly\AppData\Local\SearchProtect 2014-02-18 19:12 . 2014-02-18 19:12 -------- d-----w- c:\programdata\BrowserProtect 2014-02-18 19:12 . 2014-02-18 19:12 -------- d-----w- c:\programdata\Browser Manager 2014-02-18 19:12 . 2014-02-18 19:12 -------- d-----w- c:\programdata\BitGuard 2014-02-18 17:47 . 2014-02-26 14:53 -------- d-----w- c:\programdata\Wincert 2014-02-18 17:47 . 2014-02-18 17:47 -------- d-----w- c:\users\Beverly\AppData\Local\ilividmoviestoolbar181 2014-02-18 17:46 . 2014-02-26 14:57 -------- d-----w- c:\program files (x86)\Movies Toolbar 2014-02-14 14:16 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll 2014-02-14 14:16 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-02-14 14:13 . 2014-02-01 10:56 775344 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2014-02-12 14:13 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-28 20:48 . 2013-11-13 13:55 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2014-02-21 23:28 . 2012-03-29 22:09 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-02-21 23:28 . 2011-06-30 12:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-16 14:23 . 2010-03-05 22:19 88567024 ----a-w- c:\windows\system32\MRT.exe 2013-12-18 11:13 . 2011-04-19 23:55 270496 ------w- c:\windows\system32\MpSigStub.exe 2013-12-17 20:09 . 2013-12-17 20:09 61592 ----a-w- c:\windows\system32\drivers\netfilter64.sys 2013-12-03 15:47 . 2010-08-14 16:32 57584 ------w- c:\windows\system32\iolobtdfg.exe 2013-12-03 15:47 . 2010-08-14 16:32 26184 ------w- c:\windows\system32\smrgdf.exe 2013-12-03 15:01 . 2013-12-11 12:20 2155152 ------w- c:\windows\system32\Incinerator64.dll 2013-12-03 15:01 . 2013-12-11 12:20 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-02-08 1520776] "{0134af61-7a0c-4649-aeca-90d776060cb3}"= "c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll" [2013-09-11 226592] "{94625830-343a-4df0-88c1-444d195064d0}"= "c:\program files (x86)\InternetHelper3.6\prxtbInte.dll" [2013-10-01 226592] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{0134af61-7a0c-4649-aeca-90d776060cb3}] . [HKEY_CLASSES_ROOT\clsid\{94625830-343a-4df0-88c1-444d195064d0}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0134af61-7a0c-4649-aeca-90d776060cb3}] 2013-09-11 12:05 226592 ----a-w- c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}] 2014-02-18 14:17 86800 ----a-w- c:\program files (x86)\SavingsBull\IEOptimizer.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2c774641-5504-46a8-b63f-6715ae3fe376}] 2014-02-26 05:19 249632 ----a-w- c:\program files (x86)\FindRight\FindRightBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{94625830-343a-4df0-88c1-444d195064d0}] 2013-10-01 14:03 226592 ----a-w- c:\program files (x86)\InternetHelper3.6\prxtbInte.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}] 2014-02-26 20:51 279960 ----a-w- c:\program files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{0134af61-7a0c-4649-aeca-90d776060cb3}"= "c:\program files (x86)\KeyBar_1.12\prxtbKeyB.dll" [2013-09-11 226592] "{94625830-343a-4df0-88c1-444d195064d0}"= "c:\program files (x86)\InternetHelper3.6\prxtbInte.dll" [2013-10-01 226592] "{3004627E-F8E9-4E8B-909D-316753CBA923}"= "c:\program files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll" [2014-02-26 288664] . [HKEY_CLASSES_ROOT\clsid\{0134af61-7a0c-4649-aeca-90d776060cb3}] . [HKEY_CLASSES_ROOT\clsid\{94625830-343a-4df0-88c1-444d195064d0}] . [HKEY_CLASSES_ROOT\clsid\{3004627e-f8e9-4e8b-909d-316753cba923}] [HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\mysearchdial.mysearchdialdskBnd] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2011-12-01 1631808] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-02-08 1644680] "BrowserSafeguard"="c:\program files (x86)\Browsersafeguard\BrowserSafeguard.exe" [2014-01-28 413696] . c:\users\Beverly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Beverly\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328] MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2014-2-18 2889256] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2011-6-13 1090848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 PCDSRVC{184E4FA0-DE8C26D4-06000000}_0;PCDSRVC{184E4FA0-DE8C26D4-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms;c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x] R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x] R4 CltMngSvc;Search Protect by Conduit Service;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe;c:\progra~2\SearchProtect\Main\bin\CltMngSvc.exe [x] R4 DDNIService;DDNIService;c:\program files (x86)\DDNI\DIBS\DDNIService.exe;c:\program files (x86)\DDNI\DIBS\DDNIService.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x] S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x] S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x] S2 70e6ca8c;Optimizer Pro Crash Monitor;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] S2 DDNIMSGService;DDNIMSGService;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe;c:\program files (x86)\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [x] S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x] S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x] S2 SavingsbullFilterService64;SavingsbullFilterService64;c:\program files\SavingsbullFilter\SavingsbullFilterService64.exe;c:\program files\SavingsbullFilter\SavingsbullFilterService64.exe [x] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x] S2 Update FindRight;Update FindRight;c:\program files (x86)\FindRight\updateFindRight.exe;c:\program files (x86)\FindRight\updateFindRight.exe [x] S2 Util FindRight;Util FindRight;c:\program files (x86)\FindRight\bin\utilFindRight.exe;c:\program files (x86)\FindRight\bin\utilFindRight.exe [x] S2 video-saver;video-saver;c:\program files (x86)\Video-Saver-soft\video-saver155.exe;c:\program files (x86)\Video-Saver-soft\video-saver155.exe [x] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-26 20:51 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 23:28] . 2014-02-27 c:\windows\Tasks\APSnotifierPP1.job - c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-02-26 20:53] . 2014-02-28 c:\windows\Tasks\APSnotifierPP2.job - c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-02-26 20:53] . 2014-02-26 c:\windows\Tasks\APSnotifierPP3.job - c:\program files (x86)\AnyProtectEx\AnyProtect.exe [2014-02-26 20:53] . 2014-02-28 c:\windows\Tasks\DriverUpdate Startup.job - c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 20:26] . 2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 05:42] . 2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-26 05:42] . 2014-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242505160-1997802447-1459611069-1000Core.job - c:\users\Beverly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 13:19] . 2014-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-242505160-1997802447-1459611069-1000UA.job - c:\users\Beverly\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-16 13:19] . 2014-02-27 c:\windows\Tasks\ParetoLogic Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2014-02-28 c:\windows\Tasks\ParetoLogic Update Version3 Startup Task.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52] . 2014-02-26 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2013-06-20 20:52] . 2014-02-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44] . 2014-02-28 c:\windows\Tasks\RegClean Pro_DEFAULT.job - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-02-26 22:36] . 2014-02-26 c:\windows\Tasks\RegClean Pro_UPDATES.job - c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2014-02-26 22:36] . 2014-02-27 c:\windows\Tasks\RegCure Pro.job - c:\program files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-06-11 23:50] . 2014-02-28 c:\windows\Tasks\SparkTrust PC Cleaner Plus_sch_F8C6CFF3-9F3A-11E3-9F14-506313C5C23A.job - c:\program files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-01-23 21:18] . 2014-02-27 c:\windows\Tasks\SparkTrust Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2014-02-28 c:\windows\Tasks\SparkTrust Update Version3 Startup Task.job - c:\program files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23 21:18] . 2014-02-26 c:\windows\Tasks\SparkTrust Update Version3.job - c:\program files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2014-01-23 21:18] . 2014-02-28 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-10-08 21:44] . 2014-02-28 c:\windows\Tasks\Video-Saver Update.job - c:\program files (x86)\Video-Saver-soft\Video.exe [2014-02-26 20:52] . 2014-02-28 c:\windows\Tasks\Video-Saver_wd.job - c:\program files (x86)\Video-Saver-soft\video-saver_wd.exe [2014-02-26 20:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 164016 ----a-w- c:\users\Beverly\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800] "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976] "LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904] "TpShocks"="TpShocks.exe" [2009-07-09 380704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir= mStart Page = hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir= mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:13828 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm Trusted Zone: gmail.com TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Beverly\AppData\Roaming\Mozilla\Firefox\Profiles\8ungfprm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3315827&CUI=UN42230060398211103&UM=2&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Mysearchdial FF - prefs.js: browser.startup.homepage - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir= FF - prefs.js: keyword.URL - FF - user.js: extensions.BabylonToolbar_i.id - c237f4070000000000000026c70f3770 FF - user.js: extensions.BabylonToolbar_i.hardId - c237f4070000000000000026c70f3770 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15501 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:04 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_8_ FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.mysearchdial.hmpg - true FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir= FF - user.js: extensions.mysearchdial.dfltSrch - true FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial FF - user.js: extensions.mysearchdial.dnsErr - true FF - user.js: extensions.mysearchdial_i.newTab - false FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir= FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ch&cd=2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=841362185&ir=&q= FF - user.js: extensions.mysearchdial.id - 506313C5C23AF407 FF - user.js: extensions.mysearchdial.instlDay - 16127 FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0 FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0 FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.016:51 FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial FF - user.js: extensions.mysearchdial.prdct - mysearchdial FF - user.js: extensions.mysearchdial.aflt - irmsd0202ch FF - user.js: extensions.mysearchdial_i.smplGrp - none FF - user.js: extensions.mysearchdial.tlbrId - base FF - user.js: extensions.mysearchdial.instlRef - FF - user.js: extensions.mysearchdial.dfltLng - FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} FF - user.js: extensions.mysearchdial.excTlbr - false FF - user.js: extensions.mysearchdial_i.hmpg - true FF - user.js: extensions.mysearchdial.cr - 841362185 FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R FF - user.js: extensions.mysearchdial.AL - 2 FF - user.js: extensions.irmysearch.aflt - irmsd0202ch FF - user.js: extensions.irmysearch.instlRef - FF - user.js: extensions.irmysearch.cr - 841362185 FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuyDtDyCtAtCtA0CyD0CtBtA0A0FyEtDyBtN0D0Tzu0CyBzzzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) Wow6432Node-HKLM-Run- - (no file) BHO-{31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file) BHO-{93DBF2BB-A2B3-4683-A92E-57E60751F346} - c:\program files\Conduit\ValueApps\IE\ValueAppsLoader.dll Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{0134AF61-7A0C-4649-AECA-90D776060CB3} - (no file) WebBrowser-{94625830-343A-4DF0-88C1-444D195064D0} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-SearchProtect - c:\progra~2\SearchProtect\Main\bin\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{184E4FA0-DE8C26D4-06000000}_0] "ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-242505160-1997802447-1459611069-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-242505160-1997802447-1459611069-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.12" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe c:\windows\SysWOW64\rundll32.exe c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe c:\program files (x86)\Advanced System Protector\AdvancedSystemProtector.exe c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe c:\program files (x86)\Lenovo\System Update\SUService.exe c:\program files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe . ************************************************************************** . Completion time: 2014-02-28 16:56:51 - machine was rebooted ComboFix-quarantined-files.txt 2014-02-28 20:56 . Pre-Run: 220,159,860,736 bytes free Post-Run: 220,037,922,816 bytes free . - - End Of File - - 8DB1C20710187E9F702A29C34DC67AC1 5F5A918DA24C481814079F26143FCAAE