I got the illegal operation attempted message. I restarted right away. Expected to see report but dug for it in combofile folder and looked for a txt doc. I hope this is the right one. On my desktop it says Im still running in test mode. Is that proper?Here are the logs.
ComboFix 12-07-27.03 - bing 07/27/2012 20:24:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2933.1821 [GMT -4:00]
Running from: C:\Users\bing\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files (x86)\I Want This
C:\ProgramData\FullRemove.exe
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
2012-07-28 00:28:57 . 2012-07-28 00:28:57 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-07-20 06:44:32 . 2012-07-20 06:44:43 -------- d-----w- C:\FRST
2012-07-19 14:20:16 . 2012-07-19 14:20:16 -------- d-----w- C:\ProgramData\Comodo
2012-07-18 21:57:56 . 2012-07-18 21:57:56 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-18 20:00:39 . 2012-07-03 16:21:18 285328 ----a-w- C:\windows\system32\aswBoot.exe
2012-07-18 19:59:39 . 2012-07-18 21:48:06 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-18 19:59:39 . 2012-07-18 19:59:39 -------- d-----w- C:\Program Files\AVAST Software
2012-07-14 23:12:09 . 2012-07-14 23:12:09 55384 ----a-w- C:\windows\system32\drivers\SBREDrv.sys
2012-07-14 23:09:31 . 2012-07-18 22:01:22 -------- d-----w- C:\ProgramData\Lavasoft
2012-07-14 00:39:53 . 2012-07-22 14:23:25 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-07-13 23:47:14 . 2012-07-13 23:47:14 -------- d-----w- C:\Users\bing\AppData\Roaming\Malwarebytes
2012-07-13 23:47:02 . 2012-07-13 23:47:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-13 23:47:01 . 2012-07-13 23:47:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-13 23:47:01 . 2012-07-03 17:46:44 24904 ----a-w- C:\windows\system32\drivers\mbam.sys
2012-07-13 23:19:17 . 2012-07-13 23:19:17 -------- d-----w- C:\ProgramData\GFI Software
2012-07-10 11:30:02 . 2012-07-10 11:30:02 -------- d-----w- C:\Users\Default\AppData\Roaming\IObit
2012-07-10 00:25:51 . 2012-07-10 00:25:51 -------- d-sh--w- C:\windows\system32\%APPDATA%
2012-07-06 11:29:15 . 2012-05-31 04:04:02 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2656AB82-F1B6-4D54-B309-47321C178E68}\mpengine.dll
2012-07-03 13:54:32 . 2012-07-09 13:27:59 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-03 13:54:32 . 2012-07-03 13:54:32 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-07-26 20:58:28 . 2012-04-28 15:56:17 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-26 20:58:28 . 2012-04-28 15:56:17 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-08 12:22:46 . 2011-10-29 19:26:39 58957832 ----a-w- C:\windows\system32\MRT.exe
2012-06-02 22:19:46 . 2012-06-21 11:53:31 38424 ----a-w- C:\windows\system32\wups.dll
2012-06-02 22:19:43 . 2012-06-21 11:53:42 2428952 ----a-w- C:\windows\system32\wuaueng.dll
2012-06-02 22:19:42 . 2012-06-21 11:53:42 57880 ----a-w- C:\windows\system32\wuauclt.exe
2012-06-02 22:19:42 . 2012-06-21 11:53:42 44056 ----a-w- C:\windows\system32\wups2.dll
2012-06-02 22:19:23 . 2012-06-21 11:53:31 701976 ----a-w- C:\windows\system32\wuapi.dll
2012-06-02 22:15:31 . 2012-06-21 11:53:42 2622464 ----a-w- C:\windows\system32\wucltux.dll
2012-06-02 22:15:08 . 2012-06-21 11:53:31 99840 ----a-w- C:\windows\system32\wudriver.dll
2012-06-02 19:19:42 . 2012-06-21 11:53:22 186752 ----a-w- C:\windows\system32\wuwebv.dll
2012-06-02 19:15:12 . 2012-06-21 11:53:22 36864 ----a-w- C:\windows\system32\wuapp.exe
2012-05-15 01:32:33 . 2012-06-13 23:24:04 3146752 ----a-w- C:\windows\system32\win32k.sys
2012-05-04 11:06:22 . 2012-06-13 23:24:07 5559664 ----a-w- C:\windows\system32\ntoskrnl.exe
2012-05-04 10:03:53 . 2012-06-13 23:24:06 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 . 2012-06-13 23:24:06 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 . 2012-06-13 23:24:08 209920 ----a-w- C:\windows\system32\profsvc.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49:38 176936 ----a-w- C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-05-09 08:49:38 176936]
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-28 05:40:59 39408]
"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 22:39:50 574296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Norton Online Backup"="C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 06:33:10 1155928]
"SSBkgdUpdate"="C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 16:03:38 210472]
"PaperPort PTD"="C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 06:07:00 29984]
"IndexSearch"="C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 06:05:10 46368]
"PPort11reminder"="C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 16:01:58 328992]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-13 06:58:31 273528]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2010-11-30 01:38:18 421888]
"iTunesHelper"="D:\Program Files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 01:51:12 421160]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 18:02:04 254696]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 05:53:50 843712]
"ControlCenter3"="C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 14:26:54 114688]
"BrStsMon00"="C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 20:43:16 2621440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:43 136176]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 23:12:14 160944]
R3 a2acc;a2acc;C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2012-04-30 22:45:28 66320]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 20:58:29 250056]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-01-25 12:22:56 245760]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:43 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 20:35:42 187392]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 16:06:08 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe [2011-10-29 19:22:35 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:39:20 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 09:10:10 57184]
S1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 18:10:34 23208]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys [2010-10-07 02:59:00 13824]
S1 SBRE;SBRE;C:\windows\system32\drivers\SBREdrv.sys [2012-07-14 23:12:09 55384]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 09:34:33 60416]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-06-17 19:44:46 3069752]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 05:53:50 63928]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 21:38:14 913752]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 19:22:40 822624]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 13:30:18 508776]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 22:41:46 3048136]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys [2010-04-01 00:25:14 136192]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 23:32:12 158976]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 11:17:36 289280]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 13:30:10 764264]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 13:30:18 268648]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 13:30:18 25960]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 13:30:22 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 13:30:22 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 09:22:00 395264]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - WS2IFSL
Contents of the 'Scheduled Tasks' folder
2012-07-27 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 00:22:40 . 2012-07-26 20:58:29]
2012-07-28 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:52 . 2011-10-28 05:40:43]
2012-07-28 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-28 05:40:52 . 2011-10-28 05:40:43]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 01:59:40 10144288]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2010-11-29 22:51:28 161304]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2010-11-29 22:51:16 386584]
"Persistence"="C:\windows\system32\igfxpers.exe" [2010-11-29 22:51:22 415256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
------- Supplementary Scan -------
uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://
www.google.com/
mStart Page = hxxp://samsung.msn.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 167.206.254.1 167.206.254.2
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-ETDWare - C:\Program Files (x86)\Elantech\ETDCtrl.exe
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:c4,b8,ad,39,66,21,cd,01
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="C:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
Ran by SYSTEM at 2012-07-27 19:55:16 Run:1
Running from H:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
ff8dd40f59eeaad9 service deleted successfully.
C:\Windows\System32\Drivers\ff8dd40f59eeaad9.sys moved successfully.
C:\Windows\SysWOW64\shoC2A0.tmp moved successfully.
C:\Windows\Installer\{5d463ba7-dce0-4c6e-e783-06357ec45974} moved successfully.
C:\Users\bing\AppData\Local\{5d463ba7-dce0-4c6e-e783-06357ec45974} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====Microsoft\DbgagD\1*]
thank you
"value"="?\03\06\03\128\08?"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
------------------------ Other Running Processes ------------------------
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
**************************************************************************
Completion time: 2012-07-27 20:36:47 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 00:36:47
I thi