ComboFix 12-10-29.05 - Aspire 5740 10/30/2012 5:27.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1781.841 [GMT 8:00]
Running from: c:\users\Aspire 5740\Downloads\Programs\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e81b1c58961dfce1.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-29 )))))))))))))))))))))))))))))))
.
.
2012-10-29 21:42 . 2012-10-29 21:42--------d-----w-c:\users\Default\AppData\Local\temp
2012-10-29 21:20 . 2012-10-11 14:566918632----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A2C5CA2-DB99-4D4A-B0A3-8999E9005107}\mpengine.dll
2012-10-29 07:31 . 2012-10-29 07:32--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-10-29 07:31 . 2012-09-29 11:5422856----a-w-c:\windows\system32\drivers\mbam.sys
2012-10-29 04:31 . 2012-10-29 06:52--------d-----w-c:\program files\Mozilla Maintenance Service
2012-10-28 14:43 . 2012-10-11 14:566918632----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-27 18:26 . 2012-10-27 18:54--------d-----w-c:\program files\Advanced PC Tweaker
2012-10-26 04:20 . 2012-10-26 04:20--------d-----w-c:\programdata\BROWSE~1
2012-10-26 03:52 . 2012-10-26 03:52--------d-----w-c:\users\Aspire 5740\AppData\Roaming\Babylon
2012-10-26 03:52 . 2012-10-26 03:52--------d-----w-c:\programdata\Babylon
2012-10-25 23:49 . 2012-10-25 23:49--------d-----w-c:\users\Aspire 5740\AppData\Local\Wondershare
2012-10-25 23:49 . 2012-10-25 23:49--------d-----w-c:\program files\Common Files\Wondershare
2012-10-25 23:48 . 2012-10-25 23:49--------d-----w-c:\users\Aspire 5740\AppData\Roaming\Wondershare
2012-10-25 12:33 . 2012-10-25 12:39--------d-----w-c:\users\Aspire 5740\AppData\Roaming\calibre
2012-10-25 10:40 . 2012-10-25 10:41--------d-----w-c:\program files\Amazon
2012-10-24 03:01 . 2012-10-24 03:01740784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CF98EB6-5360-4F96-80A1-28AAC70A6A4C}\gapaengine.dll
2012-10-24 03:01 . 2012-01-31 12:44237072------w-c:\windows\system32\MpSigStub.exe
2012-10-24 02:38 . 2012-10-24 02:39--------d-----w-c:\program files\Microsoft Security Client
2012-10-24 02:38 . 2010-04-09 07:241285000----a-w-c:\windows\system32\drivers\tcpip.sys
2012-10-24 02:38 . 2010-04-09 07:24240008----a-w-c:\windows\system32\drivers\netio.sys
2012-10-20 02:54 . 2012-10-20 02:54--------d-----w-c:\users\Aspire 5740\AppData\Local\SlimWare Utilities Inc
2012-10-20 02:52 . 2012-10-25 08:39--------d-----w-c:\program files\SlimCleaner
2012-10-19 09:57 . 2012-10-19 09:57--------d-----w-c:\users\Aspire 5740\AppData\Roaming\ParetoLogic
2012-10-19 09:57 . 2012-10-19 09:57--------d-----w-c:\users\Aspire 5740\AppData\Roaming\DriverCure
2012-10-19 09:56 . 2012-10-19 11:02--------d-----w-c:\programdata\ParetoLogic
2012-10-18 05:30 . 2012-10-18 05:30--------d-----w-c:\users\Aspire 5740\AppData\Roaming\Acapela Group
2012-10-17 19:25 . 2012-10-17 19:25--------d-----w-c:\users\Aspire 5740\AppData\Local\DDMSettings
2012-10-17 17:21 . 2012-10-18 09:14--------d-----w-c:\program files\Common Files\Symantec Shared
2012-10-17 16:43 . 2012-10-18 09:38--------d-----w-c:\programdata\Symantec
2012-10-17 16:43 . 2012-10-18 09:38--------d-----w-c:\programdata\Norton
2012-10-11 03:03 . 2012-10-11 03:0311776----a-w-c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2012-10-11 03:03 . 2012-10-11 03:03150736----a-w-c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2012-10-11 03:02 . 2012-10-11 03:02129176----a-w-c:\program files\Mozilla Firefox\plugins\nprpplugin.dll
2012-10-08 05:14 . 2012-06-02 22:1953784----a-w-c:\windows\system32\wuauclt.exe
2012-10-08 05:14 . 2012-06-02 22:1945080----a-w-c:\windows\system32\wups2.dll
2012-10-08 05:14 . 2012-06-02 22:191933848----a-w-c:\windows\system32\wuaueng.dll
2012-10-08 05:14 . 2012-06-02 22:122422272----a-w-c:\windows\system32\wucltux.dll
2012-10-08 05:14 . 2012-06-02 22:1935864----a-w-c:\windows\system32\wups.dll
2012-10-08 05:14 . 2012-06-02 22:19577048----a-w-c:\windows\system32\wuapi.dll
2012-10-08 05:14 . 2012-06-02 22:1288576----a-w-c:\windows\system32\wudriver.dll
2012-10-08 05:13 . 2012-06-02 07:19171904----a-w-c:\windows\system32\wuwebv.dll
2012-10-08 05:13 . 2012-06-02 07:1233792----a-w-c:\windows\system32\wuapp.exe
2012-10-08 04:27 . 2012-10-08 04:28--------d-----w-c:\programdata\AVG
2012-10-08 04:27 . 2012-10-08 04:27--------d-sh--w-c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-10-07 19:45 . 2012-10-07 19:45--------d-----w-c:\users\Aspire 5740\AppData\Roaming\Nitro PDF
2012-10-07 19:43 . 2012-09-12 17:4427152----a-w-c:\windows\system32\nitrolocalmon2.dll
2012-10-07 19:43 . 2012-09-12 17:4418448----a-w-c:\windows\system32\nitrolocalui2.dll
2012-10-07 19:43 . 2012-10-07 19:43--------d-----w-c:\programdata\Nitro PDF
2012-10-07 19:43 . 2012-10-07 19:43--------d-----w-c:\program files\Nitro PDF
2012-10-07 19:43 . 2012-10-07 19:43--------d-----w-c:\program files\Common Files\Nitro PDF
2012-10-07 19:39 . 2009-11-25 19:4749472----a-w-c:\windows\system32\netfxperf.dll
2012-10-07 19:39 . 2009-11-25 19:47297808----a-w-c:\windows\system32\mscoree.dll
2012-10-07 19:39 . 2009-11-25 19:4799176----a-w-c:\windows\system32\PresentationHostProxy.dll
2012-10-07 19:39 . 2009-11-25 19:47295264----a-w-c:\windows\system32\PresentationHost.exe
2012-10-07 19:39 . 2009-11-25 19:471130824----a-w-c:\windows\system32\dfshim.dll
2012-10-07 19:34 . 2012-10-07 19:34--------d-----w-c:\programdata\Freemake
2012-10-07 19:34 . 2012-10-07 19:34--------d-----w-c:\users\Aspire 5740\AppData\Roaming\OpenCandy
2012-10-07 19:34 . 2012-10-07 19:34--------d-----w-c:\program files\Freemake
2012-10-07 01:39 . 2012-10-07 01:39--------d-----w-c:\programdata\Uniblue
2012-10-06 05:50 . 2012-10-08 11:17--------d-----w-c:\users\Aspire 5740\AppData\Local\WMTools Downloaded Files
2012-10-06 05:46 . 2012-10-06 05:46--------d-----w-c:\program files\Movie Maker 2.6
2012-10-04 03:37 . 2012-10-04 03:37--------d-----w-c:\users\Aspire 5740\AppData\Roaming\com.eslevier.saunders.QA.nclexrn.4e.8288D116C4BB0E42CE038F51E5C88B9A1A22B7A0.1
2012-10-01 03:49 . 2012-10-01 03:49--------d-----w-c:\users\Aspire 5740\AppData\Roaming\Kodak
2012-10-01 03:49 . 2012-10-01 03:49--------d-----w-c:\program files\Common Files\Kodak
2012-10-01 03:49 . 2012-10-01 03:49--------d-----w-c:\program files\Kodak
2012-10-01 03:48 . 2012-10-01 03:48--------d-----w-c:\programdata\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 03:02 . 2010-07-10 13:44499712----a-w-c:\windows\system32\msvcp71.dll
2012-10-11 03:02 . 2010-07-10 13:44348160----a-w-c:\windows\system32\msvcr71.dll
2012-10-09 15:18 . 2012-06-05 20:42696760----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-10-09 15:18 . 2012-01-17 17:1373656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 14:03 . 2012-08-30 14:0399272----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 14:03 . 2012-08-30 14:03193552----a-w-c:\windows\system32\drivers\MpFilter.sys
2012-08-27 03:29 . 2012-08-27 03:2920893456----a-w-c:\windows\Camera_Suyin_App_v2.0.7.1_Driver_v5.8.33.501_XP.zip
2012-08-22 11:48 . 2012-08-22 11:4840064----a-w-C:\things_we_said.zip
2012-08-22 11:46 . 2012-08-22 11:46559713----a-w-C:\jellyka_kings_hat.zip
2012-08-03 11:41 . 2012-08-03 11:41739840----a-w-c:\windows\system32\d2d1.dll
2012-08-03 11:41 . 2012-08-03 11:41283648----a-w-c:\windows\system32\XpsGdiConverter.dll
2012-08-03 11:41 . 2012-08-03 11:411619456----a-w-c:\windows\system32\WMVDECOD.DLL
2012-08-03 11:41 . 2012-08-03 11:41135168----a-w-c:\windows\system32\XpsRasterService.dll
2012-08-03 11:41 . 2012-08-03 11:411074176----a-w-c:\windows\system32\DWrite.dll
2012-08-03 11:41 . 2012-08-03 11:41801792----a-w-c:\windows\system32\FntCache.dll
2012-08-03 11:41 . 2012-08-03 11:41728448----a-w-c:\windows\system32\drivers\dxgkrnl.sys
2012-08-03 11:41 . 2012-08-03 11:41219008----a-w-c:\windows\system32\drivers\dxgmms1.sys
2012-08-03 11:41 . 2012-08-03 11:41218624----a-w-c:\windows\system32\d3d10_1core.dll
2012-08-03 11:41 . 2012-08-03 11:41161792----a-w-c:\windows\system32\d3d10_1.dll
2012-08-03 11:41 . 2012-08-03 11:411495040----a-w-c:\windows\system32\ExplorerFrame.dll
2012-08-03 11:41 . 2012-08-03 11:411170944----a-w-c:\windows\system32\d3d10warp.dll
2012-08-03 11:41 . 2012-08-03 11:41107520----a-w-c:\windows\system32\cdd.dll
2012-08-03 11:41 . 2012-08-03 11:41442880----a-w-c:\windows\system32\XpsPrint.dll
2012-08-03 11:41 . 2012-08-03 11:413181568----a-w-c:\windows\system32\mf.dll
2012-08-03 11:41 . 2012-08-03 11:41196608----a-w-c:\windows\system32\mfreadwrite.dll
2012-08-01 18:13 . 2012-08-01 18:1335560----a-w-c:\windows\system32\drivers\hssdrv6.sys
2012-08-01 18:13 . 2012-08-01 18:1333512----a-w-c:\windows\system32\drivers\taphss.sys
2012-10-24 17:50 . 2012-10-29 04:30261600----a-w-c:\program files\mozilla firefox\components\browsercomps.dll
2004-05-07 07:31 . 2012-09-26 17:55348160----a-w-c:\program files\mozilla firefox\components\MSVCR71.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:5021864----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-12-29 3462552]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2012-07-27 1261512]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Facebook Update"="c:\users\Aspire 5740\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-28 138096]
"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
"ChikkaV5"="c:\users\Aspire 5740\AppData\Roaming\Chikka Messenger\Chikka v.5\ChikkaLauncher.exe" [2011-02-25 40960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2009-07-22 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 166424]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2010-02-25 1289296]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-07-31 2345592]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Tutorials"="c:\program files\Tuto4pc\sangguni.exe" [2012-06-11 3674984]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\users\Aspire 5740\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Aspire 5740^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office Groove.lnk]
backup=c:\windows\pss\Microsoft Office Groove.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [x]
R2 HssWd;Hotspot Shield Monitoring Service; [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 15:18]
.
2012-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1667783729-939607240-2383125832-1000Core.job
- c:\users\Aspire 5740\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 10:53]
.
2012-10-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1667783729-939607240-2383125832-1000UA.job
- c:\users\Aspire 5740\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 10:53]
.
2012-10-28 c:\windows\Tasks\One-Click Tweak.job
- c:\program files\Advanced PC Tweaker\OneClick.exe [2012-10-27 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=112457&tt=4312_8&babsrc=HP_ss&mntrId=d20de60200000000000070f1a1147a62
mStart Page = hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzutAtN2Y1L1QzuyBtD0FtC0AtCtCyEyB0AyCtB0EyCtDtBtN0D0TzutBtDtCtBtDyCtByD&cr=1170999599
IE: &Block This Image (ABP)
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Upload to Facebook
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{98AE5FAC-F128-47F9-B21B-792AA22C52DF}: NameServer = 86.51.34.24 86.51.35.24
TCP: Interfaces\{B189CD74-BFEA-4D7B-ADA0-F82555B91495}: NameServer = 86.51.34.18 86.51.35.18
TCP: Interfaces\{FC2216C1-64ED-463E-A964-13E48F33AECF}: NameServer = 86.51.34.24 86.51.35.24
FF - ProfilePath - c:\users\Aspire 5740\AppData\Roaming\Mozilla\Firefox\Profiles\c5eo8ltr.default\
FF - prefs.js: browser.startup.homepage - hxxps://
www.facebook.com/
FF - ExtSQL: 2012-09-18 00:44; {1E73965B-8B48-48be-9C8D-68B920ABC1C4}; c:\program files\AVG\AVG10\Firefox4
FF - ExtSQL: 2012-10-08 03:34;
fmconverter@gmail.com; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF - ExtSQL: 2012-10-11 11:03; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-10-17 19:54; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1667783729-939607240-2383125832-1000_Classes\CLSID\{24db6e2c-ffbc-4ebc-b6ca-d0a488754792}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000057
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-1667783729-939607240-2383125832-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):e7,7f,30,36,b2,cd,d7,1d,16,6f,cb,30,2f,c0,0b,4c,8b,59,1f,f0,f3,
78,9d,c4,10,66,0d,4d,9e,5a,04,b7,9e,3a,25,69,ee,c7,9d,7a,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-30 05:44:52
ComboFix-quarantined-files.txt 2012-10-29 21:44
.
Pre-Run: 25,261,367,296 bytes free
Post-Run: 25,354,665,984 bytes free
.
- - End Of File - - DE4CFBB1423C631C22426A2A7A79DDCA