ComboFix 13-04-15.01 - Home Office 04/16/2013 17:25:13.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4899 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\07287f2e-4f82-4848-8132-7055ef322318.dll
c:\programdata\PCDr\6032\AddOnDownloaded\330761e0-2594-472d-8455-796592cf88dc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3d9332d1-0b48-40cc-9189-068cf64600b6.dll
c:\users\Public\desktop(14402).ini
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-03-16 to 2013-04-16 )))))))))))))))))))))))))))))))
.
.
2013-04-16 22:28 . 2013-04-16 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-16 22:28 . 2013-04-16 22:28 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-04-16 21:37 . 2013-04-16 21:37 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-16 19:30 . 2013-04-16 19:30 -------- d-----w- c:\users\Home Office\AppData\Roaming\PCDr
2013-04-16 19:30 . 2013-04-16 19:30 -------- d-----w- c:\programdata\VirtualizedApplications
2013-04-16 19:26 . 2013-04-16 19:26 -------- d-----w- c:\users\Home Office\AppData\Roaming\HpUpdate
2013-04-16 19:21 . 2013-04-16 19:21 -------- d-----w- c:\users\Home Office\AppData\Roaming\Roxio
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\users\Home Office\AppData\Roaming\Malwarebytes
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-16 17:37 . 2013-04-16 17:37 -------- d-----w- c:\programdata\Malwarebytes
2013-04-16 17:37 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-16 17:36 . 2013-04-16 17:36 -------- d-----w- c:\users\Home Office\AppData\Local\Programs
2013-04-16 16:40 . 2013-04-16 19:23 -------- d-----w- C:\FRST
2013-04-16 03:16 . 2013-04-16 03:16 -------- d-----w- c:\users\Home Office\AppData\Local\SoftThinks
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Roaming\ATI
2013-04-16 03:07 . 2013-04-16 03:07 -------- d-----w- c:\users\Home Office\AppData\Local\ATI
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Fingertapps
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Local\blekkotb
2013-04-16 03:06 . 2013-04-16 03:06 -------- d-----w- c:\users\Home Office\AppData\Roaming\Dell Touch Zone
2013-04-16 02:54 . 2013-04-16 02:54 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2013-04-12 00:41 . 2013-04-16 02:26 -------- d-----w- C:\Emergency
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-16 08:10 . 2011-10-06 03:14 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-16 08:07 . 2013-03-16 08:07 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-16 08:07 . 2013-03-16 08:07 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 08:07 . 2013-03-16 08:07 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-16 08:07 . 2013-03-16 08:07 1766912 ----a-w- c:\windows\SysWow64\wininet.dll
2013-03-16 08:07 . 2013-03-16 08:07 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-16 08:07 . 2013-03-16 08:07 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-16 08:07 . 2013-03-16 08:07 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-16 08:07 . 2013-03-16 08:07 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-16 08:07 . 2013-03-16 08:07 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-16 08:07 . 2013-03-16 08:07 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-16 08:07 . 2013-03-16 08:07 855552 ----a-w- c:\windows\system32\jscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-16 08:07 . 2013-03-16 08:07 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-16 08:07 . 2013-03-16 08:07 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-03-16 08:07 . 2013-03-16 08:07 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-16 08:07 . 2013-03-16 08:07 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-16 08:07 . 2013-03-16 08:07 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-16 08:07 . 2013-03-16 08:07 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-03-16 08:07 . 2013-03-16 08:07 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-16 08:07 . 2013-03-16 08:07 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-03-16 08:07 . 2013-03-16 08:07 526848 ----a-w- c:\windows\system32\ieui.dll
2013-03-16 08:07 . 2013-03-16 08:07 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-16 08:07 . 2013-03-16 08:07 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-16 08:07 . 2013-03-16 08:07 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-16 08:07 . 2013-03-16 08:07 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-16 08:07 . 2013-03-16 08:07 441856 ----a-w- c:\windows\system32\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-16 08:07 . 2013-03-16 08:07 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-03-16 08:07 . 2013-03-16 08:07 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-16 08:07 . 2013-03-16 08:07 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-03-16 08:07 . 2013-03-16 08:07 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-16 08:07 . 2013-03-16 08:07 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-16 08:07 . 2013-03-16 08:07 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 08:07 . 2013-03-16 08:07 2647552 ----a-w- c:\windows\system32\iertutil.dll
2013-03-16 08:07 . 2013-03-16 08:07 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-16 08:07 . 2013-03-16 08:07 235008 ----a-w- c:\windows\system32\url.dll
2013-03-16 08:07 . 2013-03-16 08:07 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-16 08:07 . 2013-03-16 08:07 2240512 ----a-w- c:\windows\system32\wininet.dll
2013-03-16 08:07 . 2013-03-16 08:07 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-16 08:07 . 2013-03-16 08:07 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-16 08:07 . 2013-03-16 08:07 19221504 ----a-w- c:\windows\system32\mshtml.dll
2013-03-16 08:07 . 2013-03-16 08:07 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-16 08:07 . 2013-03-16 08:07 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-16 08:07 . 2013-03-16 08:07 15407616 ----a-w- c:\windows\system32\ieframe.dll
2013-03-16 08:07 . 2013-03-16 08:07 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-16 08:07 . 2013-03-16 08:07 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-16 08:07 . 2013-03-16 08:07 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-16 08:07 . 2013-03-16 08:07 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-16 08:07 . 2013-03-16 08:07 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-16 08:07 . 2013-03-16 08:07 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-16 08:07 . 2013-03-16 08:07 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-03-16 08:07 . 2013-03-16 08:07 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-16 08:07 . 2013-03-16 08:07 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-16 08:07 . 2013-03-16 08:07 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-16 08:07 . 2013-03-16 08:07 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-16 08:06 . 2013-03-16 08:06 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-16 08:06 . 2013-03-16 08:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-16 08:06 . 2013-03-16 08:06 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-19 19:59 . 2011-03-13 16:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 19:56 . 2011-03-13 16:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 19:56 . 2011-08-31 03:48 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 19:55 . 2011-08-31 03:49 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 19:55 . 2011-03-13 16:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 19:54 . 2011-03-13 16:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 19:53 . 2011-03-13 16:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 19:53 . 2011-03-13 16:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 19:52 . 2011-03-13 16:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-15 08:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-15 08:02 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-15 08:02 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 05:45 . 2013-03-15 08:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 04:48 . 2013-03-15 08:02 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-15 08:02 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-15 08:02 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 02:33 1519304 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
2012-04-17 20:38 85288 ----a-w- c:\program files (x86)\querius_001\querius_001X.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}"= "c:\program files (x86)\querius_001\querius_001X.dll" [2012-04-17 85288]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{edb8602e-fa77-4d58-ab9f-97ac1f6ee12f}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-03-01 232616]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"49A23EA9-B6D3-48B9-92D6-74A53A3C3FC1"="start" [X]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-21 247968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0121311364716903mcinstcleanup;McAfee Application Installer Cleanup (0121311364716903);c:\windows\TEMP\012131~1.EXE [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-15 202752]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-08 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 NEOFLTR_650_15991;Juniper Networks TDI Filter Driver (NEOFLTR_650_15991);c:\windows\system32\Drivers\NEOFLTR_650_15991.SYS [2010-06-08 100472]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 23564810
*Deregistered* - 23564810
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-23564810.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{EDB8602E-FA77-4D58-AB9F-97AC1F6EE12F}"=hex:51,66,7a,6c,4c,1d,38,12,40,63,ab,
e9,45,b4,36,08,d4,89,d4,ec,1a,30,a5,3b
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a3,d9,0f,f4,47,af,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-16 17:30:00
ComboFix-quarantined-files.txt 2013-04-16 22:29
.
Pre-Run: 928,719,306,752 bytes free
Post-Run: 928,462,020,608 bytes free
.
- - End Of File - - C2056C815B84067F7A3CC404E5334F5D