Thanks for getting back to me Mark. Yea, I used combofix, I've used it before, never had a problem.. Below is the combofix log, and the other two you requested.
ComboFix 13-05-16.02 - Tom 05/16/2013 16:34:17.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10362 [GMT -4:00]
Running from: c:\users\Tom\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Tom\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\r asphone.pbk
.
.
((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))
.
.
2013-05-16 20:36 . 2013-05-16 20:36 -------- d-----w- c:\users\tom.MAGMACH\AppData\Local\temp
2013-05-16 20:36 . 2013-05-16 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-16 19:36 . 2013-05-16 19:36 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3D8FDFA-5E3C-4804-980E-BC4460FE253F}\offreg.dll
2013-05-16 19:15 . 2013-05-16 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-16 19:15 . 2013-05-16 19:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-05-16 13:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3D8FDFA-5E3C-4804-980E-BC4460FE253F}\mpengine.dll
2013-05-15 13:23 . 2013-05-15 21:25 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-15 12:45 . 2013-04-05 01:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-15 12:42 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 12:42 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 12:42 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:42 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:42 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:42 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 12:41 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:41 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:41 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 12:41 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:41 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 12:41 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-14 15:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-29 15:25 . 2013-04-29 15:25 -------- d-----w- c:\users\Tom\AppData\Roaming\Softplicity
2013-04-29 15:25 . 2013-04-29 15:25 -------- d-----w- c:\program files (x86)\TotalCADConverter
2013-04-29 15:17 . 2013-04-29 15:19 -------- d-----w- c:\programdata\NCH Software
2013-04-29 15:17 . 2013-04-29 15:19 -------- d-----w- c:\program files (x86)\NCH Software
2013-04-26 19:43 . 2013-04-26 19:43 -------- d-----w- c:\windows\en
2013-04-26 19:42 . 2013-04-26 19:42 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-26 19:42 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-04-26 19:42 . 2010-06-02 08:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-26 19:42 . 2010-06-02 08:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-04-26 19:42 . 2010-06-02 08:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-04-26 19:42 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-26 19:42 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-04-26 19:42 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-04-26 19:41 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-26 19:41 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-04-26 19:41 . 2013-04-26 19:43 -------- d-----w- c:\users\Tom\AppData\Local\Windows Live
2013-04-26 19:41 . 2013-04-26 19:41 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-04-26 19:13 . 2013-04-26 19:13 -------- d-----w- c:\program files (x86)\bobyte
2013-04-26 17:36 . 2013-04-26 17:36 -------- d-----w- c:\program files (x86)\Shotcut
2013-04-24 15:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 21:01 . 2013-04-23 21:01 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{901665F4-CDDD-48B8-8265-24A872D515A6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:47 . 2012-07-17 18:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 12:48 . 2012-04-16 11:52 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 20:52 . 2013-03-07 12:35 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-16 20:52 . 2012-07-27 15:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49 . 2013-05-15 12:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:42 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 18:50 . 2012-07-27 15:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:36 . 2012-06-25 20:45 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-04 09:35 . 2012-06-25 20:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-09 18:02 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 18:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 18:02 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 18:02 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 18:02 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 18:02 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-07 12:37 . 2012-05-18 15:33 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-07 12:37 . 2012-05-18 15:33 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-24 466768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-24 343208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2012-7-9 1855080]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2012-3-29 129536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OTFSDMS;UNCFAT DMS;c:\program files (x86)\AddinForUNCFAT\UNCFATDMS.exe [2008-06-19 129024]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-06-09 89192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-09 1431888]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-24 204288]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-10-03 117760]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-20 374048]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-20 292128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2010-10-20 59048]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:31 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 15:05]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 15:05]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1508241321-2631664528-240791291-1000Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 19:26]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1508241321-2631664528-240791291-1000UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{D3828246-9CB8-48AC-BD00-4D08CE6A0734}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xyz1mkdq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-16 16:37:46
ComboFix-quarantined-files.txt 2013-05-16 20:37
ComboFix2.txt 2013-05-16 19:57
.
Pre-Run: 37,702,868,992 bytes free
Post-Run: 37,509,238,784 bytes free
.
- - End Of File - - 0D144058A902A1FB8A32CA5DA55D3352
# AdwCleaner v2.301 - Logfile created 05/21/2013 at 12:44:37
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Tom - SWX-1
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xyz1mkdq.default\pref s.js
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"35\": {\"id\": \"35\",\"tit[...]
Deleted : user_pref("surfcanyon.added_to_searchbar", false);
Deleted : user_pref("surfcanyon.daily_code_timestamp", "1302016251983");
Deleted : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {\nreturn scIsFF ? content.document [...]
Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1302016251831");
Deleted : user_pref("surfcanyon.inst_id", "66543118514722099730709961291714");
Deleted : user_pref("surfcanyon.inst_timestamp", "1302016245613");
Deleted : user_pref("surfcanyon.last_seen_splash", "320");
Deleted : user_pref("surfcanyon.partner_code", "AFA");
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"backup":{"_signature":"1kWddwdhY2CsTHbl4GZBh5x6a6L/pbPgzCh107soJ4U=","_version":4,"extensions":{"i[...]
*************************
AdwCleaner[S1].txt - [2511 octets] - [21/05/2013 12:44:37]
########## EOF - C:\AdwCleaner[S1].txt - [2571 octets] ##########
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 05/21/2013 12:49:31
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Tom\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\tom.MAGMACH\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] e74c075009a3150ec0d9a484cbfefd40
[BSP] fa61f5e970f63f4cb5624ad482faa75d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD1500HLFS-01G6U0 ATA Device +++++
--- User ---
[MBR] 1954b77740a9a4b708b02c80809c8d35
[BSP] cd058f3a8f4114aa98295bcccdbda707 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 51200 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 104872320 | Size: 91871 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05212013_02d1249.txt >>
RKreport[1]_S_05212013_02d1249.txt
ComboFix 13-05-16.02 - Tom 05/16/2013 16:34:17.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12279.10362 [GMT -4:00]
Running from: c:\users\Tom\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tom\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Tom\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\r asphone.pbk
.
.
((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))
.
.
2013-05-16 20:36 . 2013-05-16 20:36 -------- d-----w- c:\users\tom.MAGMACH\AppData\Local\temp
2013-05-16 20:36 . 2013-05-16 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-16 19:36 . 2013-05-16 19:36 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3D8FDFA-5E3C-4804-980E-BC4460FE253F}\offreg.dll
2013-05-16 19:15 . 2013-05-16 19:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-05-16 19:15 . 2013-05-16 19:16 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2013-05-16 13:02 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C3D8FDFA-5E3C-4804-980E-BC4460FE253F}\mpengine.dll
2013-05-15 13:23 . 2013-05-15 21:25 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-05-15 12:45 . 2013-04-05 01:08 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-15 12:42 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 12:42 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 12:42 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 12:42 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 12:42 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 12:42 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 12:41 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 12:41 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 12:41 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-15 12:41 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 12:41 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 12:41 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-14 15:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-29 15:25 . 2013-04-29 15:25 -------- d-----w- c:\users\Tom\AppData\Roaming\Softplicity
2013-04-29 15:25 . 2013-04-29 15:25 -------- d-----w- c:\program files (x86)\TotalCADConverter
2013-04-29 15:17 . 2013-04-29 15:19 -------- d-----w- c:\programdata\NCH Software
2013-04-29 15:17 . 2013-04-29 15:19 -------- d-----w- c:\program files (x86)\NCH Software
2013-04-26 19:43 . 2013-04-26 19:43 -------- d-----w- c:\windows\en
2013-04-26 19:42 . 2013-04-26 19:42 -------- d-----w- c:\program files (x86)\Windows Live
2013-04-26 19:42 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-04-26 19:42 . 2010-06-02 08:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2013-04-26 19:42 . 2010-06-02 08:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2013-04-26 19:42 . 2010-06-02 08:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-04-26 19:42 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2013-04-26 19:42 . 2010-05-26 15:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2013-04-26 19:42 . 2009-09-04 21:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2013-04-26 19:42 . 2009-09-04 21:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-04-26 19:41 . 2006-11-29 17:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-04-26 19:41 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2013-04-26 19:41 . 2013-04-26 19:43 -------- d-----w- c:\users\Tom\AppData\Local\Windows Live
2013-04-26 19:41 . 2013-04-26 19:41 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2013-04-26 19:13 . 2013-04-26 19:13 -------- d-----w- c:\program files (x86)\bobyte
2013-04-26 17:36 . 2013-04-26 17:36 -------- d-----w- c:\program files (x86)\Shotcut
2013-04-24 15:13 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-23 21:01 . 2013-04-23 21:01 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{901665F4-CDDD-48B8-8265-24A872D515A6}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-16 18:47 . 2012-07-17 18:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-15 12:48 . 2012-04-16 11:52 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 20:52 . 2013-03-07 12:35 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-16 20:52 . 2012-07-27 15:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-13 05:49 . 2013-05-15 12:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:42 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-04 18:50 . 2012-07-27 15:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 09:36 . 2012-06-25 20:45 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-04 09:35 . 2012-06-25 20:45 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-19 06:04 . 2013-04-09 18:02 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-09 18:02 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-09 18:02 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-09 18:02 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-09 18:02 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-09 18:02 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-07 12:37 . 2012-05-18 15:33 963488 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-07 12:37 . 2012-05-18 15:33 1085344 ----a-w- c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"adm_tray.exe"="c:\program files (x86)\Acronis\DriveMonitor\adm_tray.exe" [2011-02-24 466768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-05-24 343208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SolidWorks Background Downloader.lnk - c:\program files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe [2012-7-9 1855080]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe [2012-3-29 129536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 OTFSDMS;UNCFAT DMS;c:\program files (x86)\AddinForUNCFAT\UNCFATDMS.exe [2008-06-19 129024]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-06-09 89192]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-07-09 1431888]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-14 1255736]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-05-24 204288]
S2 DraftSight API Service;DraftSight API Service;c:\program files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-10-03 117760]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2010-10-20 374048]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2010-10-20 292128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2012-09-18 78648]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2012-09-18 15160]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2010-10-20 59048]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 15:31 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 15:05]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-16 15:05]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1508241321-2631664528-240791291-1000Core.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 19:26]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1508241321-2631664528-240791291-1000UA.job
- c:\users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-27 19:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-12 462400]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{D3828246-9CB8-48AC-BD00-4D08CE6A0734}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xyz1mkdq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-16 16:37:46
ComboFix-quarantined-files.txt 2013-05-16 20:37
ComboFix2.txt 2013-05-16 19:57
.
Pre-Run: 37,702,868,992 bytes free
Post-Run: 37,509,238,784 bytes free
.
- - End Of File - - 0D144058A902A1FB8A32CA5DA55D3352
# AdwCleaner v2.301 - Logfile created 05/21/2013 at 12:44:37
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Tom - SWX-1
# Boot Mode : Normal
# Running from : C:\Users\Tom\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Registry is clean.
-\\ Mozilla Firefox v20.0.1 (en-US)
File : C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\xyz1mkdq.default\pref s.js
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"35\": {\"id\": \"35\",\"tit[...]
Deleted : user_pref("surfcanyon.added_to_searchbar", false);
Deleted : user_pref("surfcanyon.daily_code_timestamp", "1302016251983");
Deleted : user_pref("surfcanyon.hourly_code", "scGetDocument = function() {\nreturn scIsFF ? content.document [...]
Deleted : user_pref("surfcanyon.hourly_code_timestamp", "1302016251831");
Deleted : user_pref("surfcanyon.inst_id", "66543118514722099730709961291714");
Deleted : user_pref("surfcanyon.inst_timestamp", "1302016245613");
Deleted : user_pref("surfcanyon.last_seen_splash", "320");
Deleted : user_pref("surfcanyon.partner_code", "AFA");
-\\ Google Chrome v26.0.1410.64
File : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"backup":{"_signature":"1kWddwdhY2CsTHbl4GZBh5x6a6L/pbPgzCh107soJ4U=","_version":4,"extensions":{"i[...]
*************************
AdwCleaner[S1].txt - [2511 octets] - [21/05/2013 12:44:37]
########## EOF - C:\AdwCleaner[S1].txt - [2571 octets] ##########
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Tom [Admin rights]
Mode : Scan -- Date : 05/21/2013 12:49:31
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\windows\system32\config\SYSTEM
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Tom\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\tom.MAGMACH\NTUSER.DAT
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] e74c075009a3150ec0d9a484cbfefd40
[BSP] fa61f5e970f63f4cb5624ad482faa75d : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: WDC WD1500HLFS-01G6U0 ATA Device +++++
--- User ---
[MBR] 1954b77740a9a4b708b02c80809c8d35
[BSP] cd058f3a8f4114aa98295bcccdbda707 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 51200 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 104872320 | Size: 91871 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_05212013_02d1249.txt >>
RKreport[1]_S_05212013_02d1249.txt