ComboFix 13-03-19.01 - Konrad 2013-03-19 16:46:59.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5607.3152 [GMT 0:00] Running from: c:\users\Konrad\Downloads\ComboFix.exe AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Konrad\AppData\Roaming\1DE7.exe c:\users\Konrad\AppData\Roaming\201C.exe c:\users\Konrad\AppData\Roaming\3A74.exe c:\users\Konrad\AppData\Roaming\3AD3.exe c:\users\Konrad\AppData\Roaming\3CD.exe c:\users\Konrad\AppData\Roaming\440A.exe c:\users\Konrad\AppData\Roaming\489C.exe c:\users\Konrad\AppData\Roaming\4A89.exe c:\users\Konrad\AppData\Roaming\5DF7.exe c:\users\Konrad\AppData\Roaming\6E7C.exe c:\users\Konrad\AppData\Roaming\7819.exe c:\users\Konrad\AppData\Roaming\7874.exe c:\users\Konrad\AppData\Roaming\7F7D.exe c:\users\Konrad\AppData\Roaming\8F60.exe c:\users\Konrad\AppData\Roaming\9B6E.exe c:\users\Konrad\AppData\Roaming\AC92.exe c:\users\Konrad\AppData\Roaming\B145.exe c:\users\Konrad\AppData\Roaming\B16A.exe c:\users\Konrad\AppData\Roaming\CD8B.exe c:\users\Konrad\AppData\Roaming\D8D5.exe c:\users\Konrad\AppData\Roaming\E57A.exe c:\users\Konrad\AppData\Roaming\Gcnang.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 ))))))))))))))))))))))))))))))) . . 2013-03-19 17:02 . 2013-03-19 17:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-19 15:36 . 2013-03-19 15:36 -------- d-----w- c:\program files\Common Files\Bitdefender 2013-03-19 15:32 . 2013-03-19 15:55 -------- d-----w- c:\users\Konrad\AppData\Roaming\QuickScan 2013-03-14 19:35 . 2013-03-06 23:33 263096 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2013-03-14 19:35 . 2013-03-06 23:33 127136 ----a-w- c:\windows\system32\drivers\aswFW.sys 2013-03-14 19:35 . 2013-03-06 23:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-03-14 19:35 . 2013-03-06 23:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-03-13 19:40 . 2013-03-13 19:40 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-03-10 21:00 . 2013-03-10 21:00 -------- d-----w- c:\users\Konrad\.thumbnails 2013-03-10 19:57 . 2013-03-10 19:57 -------- d-----w- c:\users\Konrad\AppData\Local\fontconfig 2013-03-10 19:57 . 2013-03-10 21:00 -------- d-----w- c:\users\Konrad\.gimp-2.8 2013-03-10 19:57 . 2013-03-10 19:57 -------- d-----w- c:\users\Konrad\AppData\Local\gegl-0.2 2013-03-07 21:32 . 2013-03-07 21:44 -------- d-----w- c:\users\Konrad\AppData\Roaming\PhotoScape 2013-03-07 21:29 . 2013-03-07 21:29 -------- d-----w- c:\program files (x86)\PhotoScape 2013-03-07 21:23 . 2013-03-07 21:23 -------- d-----w- c:\users\Konrad\AppData\Roaming\Iminent 2013-03-07 21:22 . 2013-03-07 21:22 -------- d-----w- c:\programdata\Iminent 2013-03-07 21:22 . 2013-03-07 21:22 -------- d-----w- c:\program files (x86)\Common Files\Umbrella 2013-03-07 21:22 . 2013-03-07 21:23 -------- d-----w- c:\program files (x86)\Iminent 2013-03-04 17:32 . 2013-03-04 17:32 -------- d-----w- c:\users\Konrad\AppData\Roaming\File Scout 2013-02-28 20:47 . 2013-02-28 20:47 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-28 19:56 . 2013-03-14 03:06 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-02-25 19:48 . 2013-02-25 19:49 -------- d-----w- c:\users\Konrad\AppData\Roaming\BESTplayer 2013-02-25 19:22 . 2013-02-25 19:22 -------- d-----w- c:\program files (x86)\VideoLAN 2013-02-21 17:59 . 2013-02-21 17:59 -------- d-----w- c:\users\Konrad\AppData\Roaming\Leadertech 2013-02-19 22:50 . 2013-02-19 22:50 -------- d-----w- c:\users\Konrad\AppData\Local\ALLMediaServer 2013-02-19 22:50 . 2013-02-19 22:50 -------- d-----w- c:\program files (x86)\ALLMediaServer 2013-02-19 22:50 . 2011-06-02 01:10 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll 2013-02-19 22:50 . 2007-10-07 14:36 258048 ----a-w- c:\windows\SysWow64\libFLAC.dll 2013-02-19 22:50 . 2009-09-27 23:02 797184 ----a-w- c:\windows\SysWow64\ac3filter.ax 2013-02-19 22:50 . 2013-02-25 18:37 -------- d-----w- c:\users\Konrad\AppData\Local\ALLPlayer 2013-02-19 22:50 . 2013-02-19 22:50 -------- d-----w- c:\program files (x86)\ALLPlayer 2013-02-19 17:29 . 2013-02-19 22:31 -------- d-----w- c:\program files (x86)\SubEdit-Player 2013-02-19 17:03 . 2013-02-19 17:03 -------- d-----w- c:\users\Konrad\AppData\Local\MediaShow 2013-02-19 16:58 . 2013-02-19 16:58 -------- d-----w- c:\programdata\3130 2013-02-19 16:52 . 2013-02-19 16:52 -------- d-----w- c:\users\Konrad\AppData\Local\MediaServer 2013-02-19 16:52 . 2013-02-19 16:52 -------- d-----w- c:\programdata\PDVD 2013-02-19 16:52 . 2013-02-19 16:56 -------- d-----w- c:\users\Konrad\AppData\Roaming\CyberLink 2013-02-19 16:51 . 2013-02-19 16:56 -------- d-----w- c:\programdata\CyberLink 2013-02-19 16:51 . 2013-02-19 16:55 -------- d-----w- c:\users\Public\CyberLink 2013-02-19 16:51 . 2013-02-19 16:51 -------- d-----w- c:\users\Konrad\AppData\Local\CyberLink 2013-02-19 16:49 . 2013-02-19 16:49 -------- d-----w- c:\programdata\install_clap 2013-02-19 16:06 . 2013-02-19 16:06 -------- d-----w- c:\users\Konrad\AppData\Roaming\SpeedanAlysis 2013-02-18 23:45 . 2013-02-18 23:50 -------- d-----w- c:\users\Konrad\AppData\Roaming\NapiProjekt 2013-02-18 23:45 . 2013-02-19 22:51 -------- d-----w- c:\program files (x86)\NapiProjekt 2013-02-18 23:41 . 2013-02-18 23:41 -------- d-----w- c:\users\Konrad\AppData\Local\Programs . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 19:40 . 2012-09-08 22:17 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 19:40 . 2012-09-08 22:17 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-06 23:33 . 2012-11-05 09:02 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-03-06 23:33 . 2012-11-05 09:02 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2013-03-06 23:33 . 2012-11-05 09:02 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-03-06 23:33 . 2012-11-05 09:02 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-03-06 23:33 . 2012-12-03 17:14 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2013-03-06 23:33 . 2012-11-05 09:02 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-03-06 23:33 . 2012-11-05 09:01 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-03-06 23:32 . 2012-11-05 09:01 41664 ----a-w- c:\windows\avastSS.scr 2013-03-06 23:32 . 2012-11-05 09:01 287840 ----a-w- c:\windows\system32\aswBoot.exe 2013-03-04 09:00 . 2012-11-04 02:55 1316144 ----a-w- c:\windows\system32\dmwu.exe 2013-03-04 08:59 . 2012-11-04 02:55 35328 ----a-w- c:\windows\system32\ImHttpComm.dll 2013-02-14 13:49 . 2013-02-14 13:50 670744 ----a-w- c:\windows\SysWow64\dmwu.exe 2013-02-12 05:45 . 2013-03-13 10:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 10:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 10:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-13 10:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-13 10:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 10:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-05 17:23 . 2013-02-05 17:23 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-05 17:23 . 2013-01-30 16:17 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-05 17:23 . 2011-06-14 07:56 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-24 10:32 . 2013-01-24 10:32 2177648 ----a-w- c:\windows\system32\coin93.dll 2013-01-05 05:53 . 2013-02-13 07:37 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-13 07:37 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-13 07:36 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-13 07:36 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-13 07:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-13 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-13 07:36 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-13 07:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-13 07:36 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-13 07:36 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-13 07:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-13 07:36 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-13 07:36 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-28 1520776] "{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}] 2013-01-29 14:29 170840 ----a-w- c:\program files\IB Updater\Extension32.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentControl_v2\prxtbuTor.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2013-01-28 18:16 1520776 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}] 2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-01-01 968592] "IVONA ControlCenter"="c:\program files (x86)\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2012-11-07 2172864] "ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2013-01-23 2995712] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-07 17706088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-01-28 1644680] "Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2013-01-25 1074736] "IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2013-01-25 884784] "bdinstaller"="c:\program files\Common Files\Bitdefender\SetupInformation\downloader\setuplauncher.exe" [2012-07-25 676128] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936] . c:\users\Konrad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BBC iPlayer Desktop.lnk - c:\program files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A] Seagate NA4L68NJ Product Registration.lnk - c:\users\Konrad\AppData\Roaming\Leadertech\PowerRegister\Seagate NA4L68NJ Product Registration.exe [2013-2-21 1731736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ $McRebootA5E6DEAA56$.lnk - c:\windows\System32\cmd.exe [2010-11-21 345088] Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-6-14 1470848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R0 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] R0 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] R0 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R2 0312621363709291mcinstcleanup;McAfee Application Installer Cleanup (0312621363709291);c:\users\Konrad\AppData\Local\Temp\031262~1.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-01-31 3289208] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-07 161384] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328] R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736] R4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 aswKbd;aswKbd; [x] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-09-21 12368] S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-03-06 263096] S0 aswRvrt;aswRvrt; [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys [2013-03-06 127136] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-25 204288] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2013-03-06 136912] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [2013-01-29 188760] S2 IBUpdaterService;IBUpdaterService;c:\windows\system32\dmwu.exe [2013-03-04 1316144] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 SProtection;SProtection;c:\program files (x86)\Common Files\Umbrella\umbrella.exe [2013-01-25 2663976] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472] S3 aswVmm;aswVmm; [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096] S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-06-15 12800] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-05 828336] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWRVRT *NewlyCreated* - ASWVMM *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-19 07:49 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 19:41] . 2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 07:47] . 2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-19 07:47] . 2013-03-18 c:\windows\Tasks\SpeedyPC Pro.job - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-03-06 23:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2011-06-14 150992] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.delta-search.com/?affID=119828&babsrc=HP_ss&mntrId=1af71ad0000000000000e0ca944c65e9 mDefault_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=idg&from=idg&uid=Hitachi_HTS547564A9E384_110619J23A0053C44GBNX&ts=1350693649 mStart Page = hxxp://search.bearshare.net mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: E&ksportuj do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\7dopl86y.default\ FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - hxxps://www.google.pl/ FF - ExtSQL: 2013-02-05 21:11; toolbar@ask.com; c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\7dopl86y.default\extensions\toolbar@ask.com FF - ExtSQL: 2013-02-19 22:50; IplextoALL@ALLPlayer.org; c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\7dopl86y.default\extensions\IplextoALL@ALLPlayer.org.xpi FF - ExtSQL: 2013-02-19 22:51; YouTubetoALL@ALLPlayer.org; c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\7dopl86y.default\extensions\YouTubetoALL@ALLPlayer.org.xpi FF - ExtSQL: 2013-02-28 20:48; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2013-03-04 14:50; {FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}; c:\program files\IB Updater\Firefox FF - ExtSQL: 2013-03-07 21:22; webbooster@iminent.com; c:\program files (x86)\Iminent\webbooster@iminent.com FF - ExtSQL: 2013-03-19 09:17; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Konrad\AppData\Roaming\Mozilla\Firefox\Profiles\7dopl86y.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} FF - ExtSQL: !HIDDEN! 2013-02-14 13:50; statuswinks@StatusWinks; c:\users\Konrad\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks FF - ExtSQL: !HIDDEN! 2013-02-19 16:06; speedanalysis@SpeedAnalysis.com; c:\users\Konrad\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8KbuD9YP&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 1af71ad0000000000000e0ca944c65e9 FF - user.js: extensions.incredibar_i.instlDay - 15648 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.142:56 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6R8KbuD9YP FF - user.js: extensions.incredibar_i.upn2n - 92825341131351719 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10657 FF - user.js: extensions.incredibar_i.ppd - FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=1af71ad0000000000000e0ca944c65e9&q= FF - user.js: extensions.BabylonToolbar.id - 1af71ad0000000000000e0ca944c65e9 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15648 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.82:58 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extentions.y2layers.installId - 3f571bf5-04a5-4ea2-b509-75cd235a6e7e FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 1af71ad0000000000000e0ca944c65e9 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15771 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.021:21 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) BHO-{9D717F81-9148-4f12-8568-69135F087DB0} - c:\progra~2\SEARCH~1\Datamngr\BROWSE~1.DLL Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) Toolbar-!{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) Toolbar-!{11111111-1111-1111-1111-110211181110} - (no file) Toolbar-!{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) Toolbar-!{944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - (no file) Toolbar-!{C1AF5FA5-852C-4C90-812E-A7F75E011D87} - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Wow6432Node-HKCU-Run-IVONA Reader - c:\program files (x86)\IVONA\IVONA Reader\IVONA Reader.exe.exe Wow6432Node-HKCU-Run-Gcnang - c:\users\Konrad\AppData\Roaming\Gcnang.exe Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe Wow6432Node-HKLM-Run- - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) Toolbar-!{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file) Toolbar-!{7473b6bd-4691-4744-a82b-7854eb3d70b6} - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{7473B6BD-4691-4744-A82B-7854EB3D70B6} - (no file) HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-19 17:07:11 ComboFix-quarantined-files.txt 2013-03-19 17:07 . Pre-Run: 217 361 080 320 bytes free Post-Run: 217 284 362 240 bytes free . - - End Of File - - 408C44BE109580991AD272843C9B5DF7