Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Poweliks trojan & dllhost.exe 32 COM Surrogate virus
Message
<blockquote data-quote="FredricJLowe" data-source="post: 297544" data-attributes="member: 30586"><p>ComboFix 14-11-11.01 - FredricJLowe 11/11/2014 17:10:30.1.4 - x64</p><p>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8126.4373 [GMT -6:00]</p><p>Running from: c:\users\FredricJLowe\Desktop\Virus Tools\ComboFix.exe</p><p>AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}</p><p>FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}</p><p>SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}</p><p>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>.</p><p><em> ADS - Windows: deleted 192 bytes in 1 streams. </em></p><p>.</p><p>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>c:\programdata\Local Settings\Temp</p><p>C:\setup.exe</p><p>c:\users\Administrator\GoToAssistDownloadHelper.exe</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\106e9d8fe455779e07dcc5d37d541192\Zlib.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\5c47212e5a0fae36b466c5247fa8d97e\API.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\6a08173d0718dbb0783fee513cba195c\IO.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\845fe33881b76aefd22e65412b5f7ef2\Registry.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\bca525f1057a3c6464fa7a890a532d26\Util.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\d138a21b4de1d36065da80913effcc49\HiRes.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll</p><p>c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\perl58.dll</p><p>c:\users\FredricJLowe\AppData\Local\assembly\tmp</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\106e9d8fe455779e07dcc5d37d541192\Zlib.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\5c47212e5a0fae36b466c5247fa8d97e\API.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\6a08173d0718dbb0783fee513cba195c\IO.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\845fe33881b76aefd22e65412b5f7ef2\Registry.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\bca525f1057a3c6464fa7a890a532d26\Util.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\d138a21b4de1d36065da80913effcc49\HiRes.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll</p><p>c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\perl58.dll</p><p>c:\users\FredricJLowe\g2mdlhlpx.exe</p><p>c:\users\FredricJLowe\GoToAssistDownloadHelper.exe</p><p>c:\windows\msdownld.tmp</p><p>.</p><p>.</p><p>((((((((((((((((((((((((( Files Created from 2014-10-11 to 2014-11-11 )))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>2014-11-11 21:04 . 2014-11-11 21:04 -------- d-----w- c:\programdata\InstallSightSDK</p><p>2014-11-11 21:04 . 2014-11-11 21:04 -------- d-----w- c:\program files\WebBar</p><p>2014-11-11 21:03 . 2014-11-11 21:03 1965 ----a-w- c:\windows\patsearch.bin</p><p>2014-11-11 21:03 . 2014-11-11 21:03 58040 ----a-w- c:\windows\system32\drivers\webinstrNew.sys</p><p>2014-11-11 21:03 . 2014-11-11 21:03 -------- d-----w- c:\program files (x86)\ver0BetterDeals</p><p>2014-11-11 21:01 . 2014-11-11 21:02 -------- d-----w- c:\program files (x86)\ospd_us_377</p><p>2014-11-09 16:47 . 2014-11-11 19:00 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys</p><p>2014-11-09 16:47 . 2014-10-01 17:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys</p><p>2014-11-09 16:47 . 2014-10-01 17:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys</p><p>2014-11-09 16:47 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware</p><p>2014-11-06 16:40 . 2014-11-11 22:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2</p><p>2014-11-04 12:15 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi</p><p>2014-10-19 18:38 . 2014-10-19 18:38 -------- d-----w- c:\program files\iPod</p><p>2014-10-19 18:37 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\iTunes</p><p>2014-10-19 18:37 . 2014-11-11 00:21 -------- d-----w- c:\program files\iTunes</p><p>2014-10-19 18:37 . 2014-11-11 00:21 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7</p><p>2014-10-15 11:47 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll</p><p>.</p><p>.</p><p>.</p><p>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>2014-10-16 03:23 . 2011-12-29 05:09 103265616 ----a-w- c:\windows\system32\MRT.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 194048 ----a-w- c:\windows\SysWow64\elshyph.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 235008 ----a-w- c:\windows\system32\elshyph.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 182272 ----a-w- c:\windows\SysWow64\msls31.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 62464 ----a-w- c:\windows\SysWow64\tdc.ocx</p><p>2014-10-05 11:55 . 2014-10-05 11:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 36352 ----a-w- c:\windows\SysWow64\imgutil.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 337408 ----a-w- c:\windows\SysWow64\html.iec</p><p>2014-10-05 11:55 . 2014-10-05 11:55 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 151552 ----a-w- c:\windows\SysWow64\iexpress.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 139264 ----a-w- c:\windows\SysWow64\wextract.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 13312 ----a-w- c:\windows\SysWow64\mshta.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 942592 ----a-w- c:\windows\system32\jsIntl.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 81408 ----a-w- c:\windows\system32\icardie.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 774144 ----a-w- c:\windows\system32\jscript.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 77312 ----a-w- c:\windows\system32\tdc.ocx</p><p>2014-10-05 11:55 . 2014-10-05 11:55 62464 ----a-w- c:\windows\system32\pngfilt.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 616104 ----a-w- c:\windows\system32\ieapfltr.dat</p><p>2014-10-05 11:55 . 2014-10-05 11:55 52224 ----a-w- c:\windows\system32\msfeedsbs.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 48640 ----a-w- c:\windows\system32\mshtmler.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 413696 ----a-w- c:\windows\system32\html.iec</p><p>2014-10-05 11:55 . 2014-10-05 11:55 30208 ----a-w- c:\windows\system32\licmgr10.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 247808 ----a-w- c:\windows\system32\msls31.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 243200 ----a-w- c:\windows\system32\webcheck.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 235520 ----a-w- c:\windows\system32\url.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 167424 ----a-w- c:\windows\system32\iexpress.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 147968 ----a-w- c:\windows\system32\occache.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 143872 ----a-w- c:\windows\system32\wextract.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 13824 ----a-w- c:\windows\system32\mshta.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 13312 ----a-w- c:\windows\system32\msfeedssync.exe</p><p>2014-10-05 11:55 . 2014-10-05 11:55 131072 ----a-w- c:\windows\system32\IEAdvpack.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 105984 ----a-w- c:\windows\system32\iesysprep.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 101376 ----a-w- c:\windows\system32\inseng.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 48128 ----a-w- c:\windows\system32\imgutil.dll</p><p>2014-10-05 11:55 . 2014-10-05 11:55 135680 ----a-w- c:\windows\system32\iepeers.dll</p><p>2014-09-29 14:26 . 2014-09-29 14:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>2014-09-25 02:08 . 2014-10-01 10:38 371712 ----a-w- c:\windows\system32\qdvd.dll</p><p>2014-09-25 01:40 . 2014-10-01 10:38 519680 ----a-w- c:\windows\SysWow64\qdvd.dll</p><p>2014-09-24 02:33 . 2012-04-13 15:55 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe</p><p>2014-09-24 02:33 . 2011-12-27 13:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>2014-09-15 19:10 . 2014-09-15 18:54 34512 ----a-w- c:\windows\system32\drivers\stdriverx64.sys</p><p>2014-09-09 22:11 . 2014-09-24 11:06 2048 ----a-w- c:\windows\system32\tzres.dll</p><p>2014-09-09 21:47 . 2014-09-24 11:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll</p><p>2014-08-29 10:22 . 2011-03-29 00:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll</p><p>2014-08-26 02:26 . 2014-09-30 20:53 593112 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symnets.sys</p><p>2014-08-26 02:26 . 2014-09-30 20:53 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symefa64.sys</p><p>2014-08-26 02:20 . 2014-09-30 20:53 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys</p><p>2014-08-26 02:20 . 2014-09-30 20:53 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys</p><p>2014-08-23 02:07 . 2014-08-28 10:26 404480 ----a-w- c:\windows\system32\gdi32.dll</p><p>2014-08-23 01:45 . 2014-08-28 10:26 311808 ----a-w- c:\windows\SysWow64\gdi32.dll</p><p>.</p><p>.</p><p>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</p><p>.</p><p>.</p><p>*Note* empty entries & legit default entries are not shown </p><p>REGEDIT4</p><p>.</p><p>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]</p><p>"rn5.exe"="c:\program files (x86)\ActiveTracker\rn5.exe" [2012-03-09 3065304]</p><p>"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</p><p>"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000]</p><p>"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]</p><p>"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304]</p><p>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]</p><p>"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-04 296096]</p><p>"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2013-08-22 18944]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90209]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 197339]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 500408]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 3983]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 268984]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 100864]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7946]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-11-08 15628]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-11-07 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-20 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-23 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-29 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-02-07 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-02-14 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-02 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-11 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-19 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-27 200000]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 45056]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7680]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 15360]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7168]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11026432]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2146304]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 354304]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 5402624]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 52505]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2030]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 447]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 251904]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 68608]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 172032]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 122880]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1171456]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 98304]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 323584]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11921]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8475]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11995]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2658]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1632]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8123]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 293376]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 211968]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2012-06-26 3887104]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57344]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 112128]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7168]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 279040]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 46080]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1580]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 3459]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-06 243712]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-10-29 5120]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 100574]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2498560]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 139264]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 112128]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 155648]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 9216]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 39424]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 304640]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18944]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 843]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 22016]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 285184]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 545280]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90624]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 270093]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90112]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1640]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 4519]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 7466]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 592568]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 443]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 14848]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18944]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 27136]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7540]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 3396]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 10640]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 46592]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 13824]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 73728]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 49152]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 327680]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 6659072]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-04-24 1089536]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 60928]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 28672]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 268288]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 68608]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 311296]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 41984]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1998848]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 50176]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 36864]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 32768]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 75264]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1499136]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 102400]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 77824]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 69632]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 397312]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 4071424]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 618496]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 59904]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 950272]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 720896]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 180224]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 27648]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 252928]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 339456]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7680]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 34304]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 5632]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 35328]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 245760]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 475136]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 311296]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 327680]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 454656]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 98304]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 6059]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1445888]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 16384]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 12734464]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 53248]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 618496]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 131072]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 573440]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1466368]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 28672]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1490944]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 425984]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1699840]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 860]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 74240]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 25600]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 968704]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57344]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 67584]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1134592]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1365504]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 21504]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 86016]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 389120]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2232320]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 454656]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 536576]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 140]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 1123]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 1123]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 0]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 816]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 243]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 0]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 1530]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 0]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 795]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 222]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1532]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18012]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2008-05-20 1347584]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 134144]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 45142]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 151624]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 72704]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 208]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 317516]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2304696]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 582]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 955392]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 6168]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8192]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 25600]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 258]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 138240]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 26624]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57736]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 130048]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 15360]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 81920]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 26624]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2081792]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 152064]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 80896]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 205312]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 268984]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 29880]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 335]</p><p>"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 32640]</p><p>"ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2013-08-22 592568]</p><p>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]</p><p>"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-07-09 2020704]</p><p>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]</p><p>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]</p><p>"ospd_us_377"="c:\program files (x86)\ospd_us_377\ospd_us_377.exe" [2014-11-06 3977672]</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</p><p>"ConsentPromptBehaviorAdmin"= 5 (0x5)</p><p>"ConsentPromptBehaviorUser"= 3 (0x3)</p><p>"EnableUIADesktopToggle"= 0 (0x0)</p><p>"PromptOnSecureDesktop"= 0 (0x0)</p><p>"EnableLinkedConnections"= 1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]</p><p>"LoadAppInit_DLLs"=1 (0x1)</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</p><p>"aux4"=wdmaud.drv</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]</p><p>BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe</p><p>.</p><p>R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]</p><p>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]</p><p>R2 wbsvc;Web Bar Service (wbsvc);c:\program files\WebBar\wbsvc.exe;c:\program files\WebBar\wbsvc.exe [x]</p><p>R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]</p><p>R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]</p><p>R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]</p><p>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]</p><p>R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]</p><p>R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]</p><p>R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]</p><p>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]</p><p>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]</p><p>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]</p><p>R4 ISW;ISW;c:\program files (x86)\Transamerica\TransQuote\TransQuote.exe;c:\program files (x86)\Transamerica\TransQuote\TransQuote.exe [x]</p><p>R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]</p><p>R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]</p><p>R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x]</p><p>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]</p><p>S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]</p><p>S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]</p><p>S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]</p><p>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]</p><p>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]</p><p>S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]</p><p>S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]</p><p>S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [x]</p><p>S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]</p><p>S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141108.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141108.001\IDSvia64.sys [x]</p><p>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]</p><p>S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]</p><p>S2 Act! Scheduler;Act! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]</p><p>S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x]</p><p>S2 ActSmartTaskService;ACT! Smart Task Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x]</p><p>S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]</p><p>S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]</p><p>S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]</p><p>S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x]</p><p>S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]</p><p>S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [x]</p><p>S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]</p><p>S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [x]</p><p>S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]</p><p>S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]</p><p>S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]</p><p>S2 webinstrNew;webinstrNew;c:\windows\system32\Drivers\webinstrNew.sys;c:\windows\SYSNATIVE\Drivers\webinstrNew.sys [x]</p><p>S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]</p><p>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]</p><p>S3 stdriver;SoundTap Filter Driver v6.08.01;c:\windows\system32\DRIVERS\stdriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriverx64.sys [x]</p><p>S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]</p><p>S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]</p><p>S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]</p><p>.</p><p>.</p><p>Contents of the 'Scheduled Tasks' folder</p><p>.</p><p>2014-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job</p><p>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:33]</p><p>.</p><p>2014-11-11 c:\windows\Tasks\BetterDeals Update.job</p><p>- c:\program files (x86)\ver0BetterDeals\a3BetterDealsM73.exe [2014-11-11 21:03]</p><p>.</p><p>2014-11-11 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000.job</p><p>- c:\program files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-03 11:19]</p><p>.</p><p>2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 07:00]</p><p>.</p><p>2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 07:00]</p><p>.</p><p>.</p><p>--------- X64 Entries -----------</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62D3811C-4323-0D30-1FD1-468AFF19EB2A}]</p><p>2014-11-11 21:03 213504 ----a-w- c:\program files (x86)\ver0BetterDeals\182_x64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]</p><p>2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]</p><p>2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]</p><p>2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]</p><p>2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]</p><p>@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"</p><p>[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]</p><p>2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll</p><p>.</p><p>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</p><p>"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112]</p><p>"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-12-29 2138944]</p><p>"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]</p><p>.</p><p>------- Supplementary Scan -------</p><p>.</p><p>uLocal Page = c:\windows\system32\blank.htm</p><p>uStart Page = hxxp://<a href="http://www.google.com/" target="_blank">www.google.com/</a></p><p>uInternet Settings,ProxyOverride = *.local</p><p>IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe</p><p>DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} - hxxps://lpss.amerus.com/amu/InsMark/imkctl.cab</p><p>DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://agents.equitrust.com/Reserved.ReportViewerWebControl.axd?ReportSession=fjf2lur53elovf45gdeik255&ControlID=e64788826dcb4c31a7a0d7fff774050b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab</p><p>.</p><p>- - - - ORPHANS REMOVED - - - -</p><p>.</p><p>BHO-{62D3811C-4323-0D30-1FD1-468AFF19EB2A} - c:\program files (x86)\ver0BetterDeals\182.dll</p><p>Toolbar-Locked - (no file)</p><p>Wow6432Node-HKCU-Run-Messenger (Yahoo!) - c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe</p><p>Wow6432Node-HKCU-Run-Mikogo - c:\users\FredricJLowe\AppData\Roaming\Mikogo 4\mikogo-host.exe</p><p>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start</p><p>HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe</p><p>Toolbar-Locked - (no file)</p><p>ShellIconOverlayIdentifiers- - (no file)</p><p>ShellIconOverlayIdentifiers- - (no file)</p><p>ShellIconOverlayIdentifiers- - (no file)</p><p>AddRemove-sl-apl - c:\program files (x86)\OApps\sl-apl_uninstall.exe</p><p>AddRemove-Mikogo 4 - c:\users\FredricJLowe\AppData\Roaming\Mikogo 4\remover.exe</p><p>AddRemove-UpdaterEX - c:\users\FredricJLowe\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe</p><p>.</p><p>.</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360]</p><p>"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"</p><p>"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"</p><p>"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"</p><p>.</p><p>--------------------- LOCKED REGISTRY KEYS ---------------------</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="FlashBroker"</p><p>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]</p><p>"Enabled"=dword:00000001</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Shockwave Flash Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</p><p>@="0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash.15"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="ShockwaveFlash.ShockwaveFlash"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="Macromedia Flash Factory Object"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"</p><p>"ThreadingModel"="Apartment"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</p><p>@="FlashFactory.FlashFactory.1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</p><p>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</p><p>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</p><p>@="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</p><p>@="FlashFactory.FlashFactory"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]</p><p>@Denied: (A 2) (Everyone)</p><p>@="IFlashBroker6"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]</p><p>@="{00020424-0000-0000-C000-000000000046}"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]</p><p>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</p><p>"Version"="1.0"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]</p><p>@DACL=(02 0000)</p><p>@="Bing"</p><p>"URL"="<a href="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" target="_blank">http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</a>"</p><p>"DisplayName"="@ieframe.dll,-12512"</p><p>.</p><p>[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]</p><p>"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,</p><p> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]</p><p>@Denied: (A) (Users)</p><p>@Denied: (A) (Everyone)</p><p>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</p><p>"BlindDial"=dword:00000000</p><p>.</p><p>[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]</p><p>@Denied: (Full) (Everyone)</p><p>.</p><p>------------------------ Other Running Processes ------------------------</p><p>.</p><p>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe</p><p>c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe</p><p>c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe</p><p>.</p><p>**************************************************************************</p><p>.</p><p>Completion time: 2014-11-11 17:44:39 - machine was rebooted</p><p>ComboFix-quarantined-files.txt 2014-11-11 23:44</p><p>.</p><p>Pre-Run: 183,495,966,720 bytes free</p><p>Post-Run: 183,342,845,952 bytes free</p><p>.</p><p>- - End Of File - - 480C6004CAFBFB15EE1C96C7EE009574</p><p>A36C5E4F47E84449FF07ED3517B43A31</p></blockquote><p></p>
[QUOTE="FredricJLowe, post: 297544, member: 30586"] ComboFix 14-11-11.01 - FredricJLowe 11/11/2014 17:10:30.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8126.4373 [GMT -6:00] Running from: c:\users\FredricJLowe\Desktop\Virus Tools\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB} FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0} SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 192 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Local Settings\Temp C:\setup.exe c:\users\Administrator\GoToAssistDownloadHelper.exe c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\106e9d8fe455779e07dcc5d37d541192\Zlib.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\5c47212e5a0fae36b466c5247fa8d97e\API.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\6a08173d0718dbb0783fee513cba195c\IO.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\845fe33881b76aefd22e65412b5f7ef2\Registry.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\bca525f1057a3c6464fa7a890a532d26\Util.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\d138a21b4de1d36065da80913effcc49\HiRes.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll c:\users\FREDRI~1\AppData\Local\Temp\pdk-FredricJLowe-1688\perl58.dll c:\users\FredricJLowe\AppData\Local\assembly\tmp c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\0a8fb0d11acdc10c02ea0fe9470463eb\Storable.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\0e21cfbb5a8724557d1fdb2fad1257b3\Fcntl.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\106e9d8fe455779e07dcc5d37d541192\Zlib.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\11d17591008de70c1d0553f3e9a3abb3\SysTray.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\14eb94a46b1d59d79d884f71880b5d9c\CPUtils.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\1601ac767a5adb5c5f07ad53d9d0e348\FastCalc.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\59e557f19044cb1e4dd067d30c7a98d8\Encode.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\5c47212e5a0fae36b466c5247fa8d97e\API.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\5cfd16b7954a5ce94a6928eb6a342475\DBI.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\62021bee2a3c77a1a7316037e8f651f5\MatrixSSL.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\6a08173d0718dbb0783fee513cba195c\IO.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\7f6d8a0f10c6e5b83886d8ad4c8c8bd7\nscrypt.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\845fe33881b76aefd22e65412b5f7ef2\Registry.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\bca525f1057a3c6464fa7a890a532d26\Util.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\d138a21b4de1d36065da80913effcc49\HiRes.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\dae5b95ff7dc44764284c7dae55bde2a\Socket.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\eaa37a0d95e6b7e5ca21502c8b3f4c74\Cwd.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\ec7bb8ff9ad0c51d9cc5235bc8434e04\Dumper.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\f195a4b7b0f71b5f4b1c61c634b0b648\OLE.dll c:\users\FredricJLowe\AppData\Local\Temp\pdk-FredricJLowe-1688\perl58.dll c:\users\FredricJLowe\g2mdlhlpx.exe c:\users\FredricJLowe\GoToAssistDownloadHelper.exe c:\windows\msdownld.tmp . . ((((((((((((((((((((((((( Files Created from 2014-10-11 to 2014-11-11 ))))))))))))))))))))))))))))))) . . 2014-11-11 21:04 . 2014-11-11 21:04 -------- d-----w- c:\programdata\InstallSightSDK 2014-11-11 21:04 . 2014-11-11 21:04 -------- d-----w- c:\program files\WebBar 2014-11-11 21:03 . 2014-11-11 21:03 1965 ----a-w- c:\windows\patsearch.bin 2014-11-11 21:03 . 2014-11-11 21:03 58040 ----a-w- c:\windows\system32\drivers\webinstrNew.sys 2014-11-11 21:03 . 2014-11-11 21:03 -------- d-----w- c:\program files (x86)\ver0BetterDeals 2014-11-11 21:01 . 2014-11-11 21:02 -------- d-----w- c:\program files (x86)\ospd_us_377 2014-11-09 16:47 . 2014-11-11 19:00 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2014-11-09 16:47 . 2014-10-01 17:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2014-11-09 16:47 . 2014-10-01 17:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-11-09 16:47 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2014-11-06 16:40 . 2014-11-11 22:48 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2 2014-11-04 12:15 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi 2014-10-19 18:38 . 2014-10-19 18:38 -------- d-----w- c:\program files\iPod 2014-10-19 18:37 . 2014-11-11 00:22 -------- d-----w- c:\program files (x86)\iTunes 2014-10-19 18:37 . 2014-11-11 00:21 -------- d-----w- c:\program files\iTunes 2014-10-19 18:37 . 2014-11-11 00:21 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2014-10-15 11:47 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-10-16 03:23 . 2011-12-29 05:09 103265616 ----a-w- c:\windows\system32\MRT.exe 2014-10-05 11:55 . 2014-10-05 11:55 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-10-05 11:55 . 2014-10-05 11:55 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-10-05 11:55 . 2014-10-05 11:55 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-10-05 11:55 . 2014-10-05 11:55 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-10-05 11:55 . 2014-10-05 11:55 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-10-05 11:55 . 2014-10-05 11:55 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-10-05 11:55 . 2014-10-05 11:55 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-10-05 11:55 . 2014-10-05 11:55 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-10-05 11:55 . 2014-10-05 11:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-10-05 11:55 . 2014-10-05 11:55 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-10-05 11:55 . 2014-10-05 11:55 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-10-05 11:55 . 2014-10-05 11:55 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-10-05 11:55 . 2014-10-05 11:55 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-10-05 11:55 . 2014-10-05 11:55 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-10-05 11:55 . 2014-10-05 11:55 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-10-05 11:55 . 2014-10-05 11:55 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-10-05 11:55 . 2014-10-05 11:55 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-10-05 11:55 . 2014-10-05 11:55 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-10-05 11:55 . 2014-10-05 11:55 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-10-05 11:55 . 2014-10-05 11:55 81408 ----a-w- c:\windows\system32\icardie.dll 2014-10-05 11:55 . 2014-10-05 11:55 774144 ----a-w- c:\windows\system32\jscript.dll 2014-10-05 11:55 . 2014-10-05 11:55 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-10-05 11:55 . 2014-10-05 11:55 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-10-05 11:55 . 2014-10-05 11:55 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-10-05 11:55 . 2014-10-05 11:55 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-10-05 11:55 . 2014-10-05 11:55 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-10-05 11:55 . 2014-10-05 11:55 413696 ----a-w- c:\windows\system32\html.iec 2014-10-05 11:55 . 2014-10-05 11:55 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-10-05 11:55 . 2014-10-05 11:55 247808 ----a-w- c:\windows\system32\msls31.dll 2014-10-05 11:55 . 2014-10-05 11:55 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-10-05 11:55 . 2014-10-05 11:55 235520 ----a-w- c:\windows\system32\url.dll 2014-10-05 11:55 . 2014-10-05 11:55 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-10-05 11:55 . 2014-10-05 11:55 147968 ----a-w- c:\windows\system32\occache.dll 2014-10-05 11:55 . 2014-10-05 11:55 143872 ----a-w- c:\windows\system32\wextract.exe 2014-10-05 11:55 . 2014-10-05 11:55 13824 ----a-w- c:\windows\system32\mshta.exe 2014-10-05 11:55 . 2014-10-05 11:55 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-10-05 11:55 . 2014-10-05 11:55 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-10-05 11:55 . 2014-10-05 11:55 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-10-05 11:55 . 2014-10-05 11:55 101376 ----a-w- c:\windows\system32\inseng.dll 2014-10-05 11:55 . 2014-10-05 11:55 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-10-05 11:55 . 2014-10-05 11:55 135680 ----a-w- c:\windows\system32\iepeers.dll 2014-09-29 14:26 . 2014-09-29 14:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-09-25 02:08 . 2014-10-01 10:38 371712 ----a-w- c:\windows\system32\qdvd.dll 2014-09-25 01:40 . 2014-10-01 10:38 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-09-24 02:33 . 2012-04-13 15:55 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-09-24 02:33 . 2011-12-27 13:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-09-15 19:10 . 2014-09-15 18:54 34512 ----a-w- c:\windows\system32\drivers\stdriverx64.sys 2014-09-09 22:11 . 2014-09-24 11:06 2048 ----a-w- c:\windows\system32\tzres.dll 2014-09-09 21:47 . 2014-09-24 11:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2014-08-29 10:22 . 2011-03-29 00:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2014-08-26 02:26 . 2014-09-30 20:53 593112 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symnets.sys 2014-08-26 02:26 . 2014-09-30 20:53 1148120 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\symefa64.sys 2014-08-26 02:20 . 2014-09-30 20:53 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys 2014-08-26 02:20 . 2014-09-30 20:53 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys 2014-08-23 02:07 . 2014-08-28 10:26 404480 ----a-w- c:\windows\system32\gdi32.dll 2014-08-23 01:45 . 2014-08-28 10:26 311808 ----a-w- c:\windows\SysWow64\gdi32.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "rn5.exe"="c:\program files (x86)\ActiveTracker\rn5.exe" [2012-03-09 3065304] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-10-21 22869088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-28 5955000] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-04-28 1171304] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-07-04 296096] "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2013-08-22 18944] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90209] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 197339] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 500408] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 3983] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 268984] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 100864] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7946] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-11-08 15628] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-11-07 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-20 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-23 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-29 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-02-07 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-02-14 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-02 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-11 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-19 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-03-27 200000] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 45056] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7680] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 15360] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7168] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11026432] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2146304] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 354304] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 5402624] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 52505] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2030] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 447] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 251904] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 68608] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 172032] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 122880] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1171456] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 98304] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 323584] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11921] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8475] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 11995] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2658] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1632] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8123] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 293376] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 211968] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2012-06-26 3887104] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57344] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 112128] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7168] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 279040] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 46080] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1580] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 3459] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-06 243712] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-10-29 5120] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 100574] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2498560] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 139264] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 112128] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 155648] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 9216] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 39424] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 304640] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18944] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 843] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 22016] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 285184] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 545280] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90624] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 270093] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 90112] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1640] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 4519] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 7466] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 592568] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 443] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 14848] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18944] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 27136] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7540] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 3396] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 10640] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 46592] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 13824] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 73728] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 49152] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 327680] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 6659072] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-04-24 1089536] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 60928] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 28672] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 268288] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 68608] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 311296] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 41984] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1998848] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 50176] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 36864] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 32768] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 75264] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1499136] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 102400] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 77824] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 69632] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 397312] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 4071424] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 618496] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 59904] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 950272] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 720896] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 180224] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 27648] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 252928] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 339456] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 7680] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 34304] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 5632] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 35328] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 245760] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 475136] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 311296] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 327680] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 454656] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 98304] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 6059] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1445888] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 16384] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 20480] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 12734464] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 53248] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 618496] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 131072] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 573440] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1466368] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 28672] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1490944] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 425984] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1699840] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 860] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 74240] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 25600] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 968704] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57344] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 67584] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1134592] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1365504] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 21504] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 86016] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 389120] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2232320] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 454656] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 536576] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 140] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 1123] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 1123] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 0] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 816] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-02 243] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 0] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 1530] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 0] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 795] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 222] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 1532] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18012] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2008-05-20 1347584] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 137912] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 18446] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 134144] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 45142] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 151624] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 72704] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 208] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 317516] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2304696] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 582] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 448] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 955392] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 6168] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 8192] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 25600] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2014-01-09 258] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 138240] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 26624] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 57736] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 130048] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 15360] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 81920] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 26624] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 2081792] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 152064] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 80896] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 205312] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-09-18 268984] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 29880] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 335] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\Act!.exe" [2013-08-22 32640] "ACTSchedulerUI"="c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.UI.exe" [2013-08-22 592568] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888] "Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2014-07-09 2020704] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480] "ospd_us_377"="c:\program files (x86)\ospd_us_377\ospd_us_377.exe" [2014-11-06 3977672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . R1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 wbsvc;Web Bar Service (wbsvc);c:\program files\WebBar\wbsvc.exe;c:\program files\WebBar\wbsvc.exe [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x] R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 ISW;ISW;c:\program files (x86)\Transamerica\TransQuote\TransQuote.exe;c:\program files (x86)\Transamerica\TransQuote\TransQuote.exe [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x] R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x] R4 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x] S0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x] S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x] S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [x] S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141108.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141108.001\IDSvia64.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x] S2 Act! Scheduler;Act! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x] S2 ActService;ACT! Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x] S2 ActSmartTaskService;ACT! Smart Task Service Host;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe;c:\program files (x86)\ACT\Act for Windows\Act.Server.Host.exe [x] S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [x] S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x] S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe;c:\program files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [x] S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x] S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [x] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x] S2 webinstrNew;webinstrNew;c:\windows\system32\Drivers\webinstrNew.sys;c:\windows\SYSNATIVE\Drivers\webinstrNew.sys [x] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 stdriver;SoundTap Filter Driver v6.08.01;c:\windows\system32\DRIVERS\stdriverx64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriverx64.sys [x] S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-11-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 02:33] . 2014-11-11 c:\windows\Tasks\BetterDeals Update.job - c:\program files (x86)\ver0BetterDeals\a3BetterDealsM73.exe [2014-11-11 21:03] . 2014-11-11 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-3225944584-185484181-3065989196-1000.job - c:\program files (x86)\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-11-03 11:19] . 2014-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 07:00] . 2014-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-13 07:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{62D3811C-4323-0D30-1FD1-468AFF19EB2A}] 2014-11-11 21:03 213504 ----a-w- c:\program files (x86)\ver0BetterDeals\182_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-28 403112] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-12-29 2138944] "MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://[url="http://www.google.com/"]www.google.com/[/url] uInternet Settings,ProxyOverride = *.local IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} - hxxps://lpss.amerus.com/amu/InsMark/imkctl.cab DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://agents.equitrust.com/Reserved.ReportViewerWebControl.axd?ReportSession=fjf2lur53elovf45gdeik255&ControlID=e64788826dcb4c31a7a0d7fff774050b&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab . - - - - ORPHANS REMOVED - - - - . BHO-{62D3811C-4323-0D30-1FD1-468AFF19EB2A} - c:\program files (x86)\ver0BetterDeals\182.dll Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Messenger (Yahoo!) - c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe Wow6432Node-HKCU-Run-Mikogo - c:\users\FredricJLowe\AppData\Roaming\Mikogo 4\mikogo-host.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe Toolbar-Locked - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) ShellIconOverlayIdentifiers- - (no file) AddRemove-sl-apl - c:\program files (x86)\OApps\sl-apl_uninstall.exe AddRemove-Mikogo 4 - c:\users\FredricJLowe\AppData\Roaming\Mikogo 4\remover.exe AddRemove-UpdaterEX - c:\users\FredricJLowe\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\N360] "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.15" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] @DACL=(02 0000) @="Bing" "URL"="[url]http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/url]" "DisplayName"="@ieframe.dll,-12512" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe . ************************************************************************** . Completion time: 2014-11-11 17:44:39 - machine was rebooted ComboFix-quarantined-files.txt 2014-11-11 23:44 . Pre-Run: 183,495,966,720 bytes free Post-Run: 183,342,845,952 bytes free . - - End Of File - - 480C6004CAFBFB15EE1C96C7EE009574 A36C5E4F47E84449FF07ED3517B43A31 [/QUOTE]
Insert quotes…
Verification
Post reply
Top