ComboFix 12-07-30.03 - User 08/01/2012 3:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2388 [GMT -5:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Account\AppData\Local\temp
2012-07-29 19:06 . 2012-07-29 19:06 -------- d-----w- c:\users\Mcx2-STUDIO
2012-07-27 02:55 . 2012-07-27 06:25 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2012-07-27 01:20 . 2012-07-12 22:13 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-27 01:19 . 2012-07-27 01:19 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-07-26 04:34 . 2012-07-26 04:34 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-23 01:45 . 2012-07-23 01:46 -------- d-----w- C:\FRST
2012-07-22 19:24 . 2012-07-22 19:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-20 23:14 . 2012-07-20 23:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 19:57 . 2012-07-22 04:40 -------- d-----w- c:\users\User
2012-07-15 00:24 . 2012-07-15 00:24 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-11 08:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:01 . 2012-06-02 12:52 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-11 05:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:14 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 05:14 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 05:14 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-07 03:30 . 2012-07-07 03:06 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-02 16:35 . 2012-07-02 16:35 -------- d-----w- C:\MoTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 19:56 . 2012-04-03 06:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 19:56 . 2011-05-13 02:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 20:17 . 2012-06-06 02:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-25 20:17 . 2010-11-15 05:16 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-25 20:12 . 2010-11-13 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-11 08:02 . 2010-11-12 04:04 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 03:34 . 2010-11-13 17:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 18:46 . 2011-05-13 00:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-03-15 05:26 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-03-14 14:58 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-11-12 14:29 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-11-12 14:29 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-11-12 14:29 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-11-12 14:29 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-11-12 14:28 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-11-12 14:28 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-16 16:46 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 10:04 . 2012-07-17 23:03 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40DF7867-9FD3-460F-BA6A-1F146D4C610D}\mpengine.dll
2012-06-05 07:57 . 2012-06-05 07:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-05 07:57 . 2012-06-05 07:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-05 07:57 . 2012-06-05 07:57 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-05 07:57 . 2012-06-05 07:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-05 07:57 . 2012-06-05 07:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-05 07:57 . 2012-06-05 07:57 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-05 07:57 . 2012-06-05 07:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-05 07:57 . 2012-06-05 07:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-05 07:57 . 2012-06-05 07:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-05 07:57 . 2012-06-05 07:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-05 07:57 . 2012-06-05 07:57 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-05 07:57 . 2012-06-05 07:57 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-05 07:57 . 2012-06-05 07:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-05 07:57 . 2012-06-05 07:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-05 07:57 . 2012-06-05 07:57 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-05 07:57 . 2012-06-05 07:57 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-05 07:57 . 2012-06-05 07:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-05 07:57 . 2012-06-05 07:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-05 07:57 . 2012-06-05 07:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-05 07:57 . 2012-06-05 07:57 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-05 07:57 . 2012-06-05 07:57 448512 ----a-w- c:\windows\system32\html.iec
2012-06-05 07:57 . 2012-06-05 07:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-05 07:57 . 2012-06-05 07:57 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-05 07:57 . 2012-06-05 07:57 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-05 07:57 . 2012-06-05 07:57 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-05 07:57 . 2012-06-05 07:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-05 07:57 . 2012-06-05 07:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-05 07:57 . 2012-06-05 07:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-05 07:57 . 2012-06-05 07:57 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-05 07:57 . 2012-06-05 07:57 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-05 07:57 . 2012-06-05 07:57 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-05 07:57 . 2012-06-05 07:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-05 07:57 . 2012-06-05 07:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-05 07:57 . 2012-06-05 07:57 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-05 07:57 . 2012-06-05 07:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-05 07:57 . 2012-06-05 07:57 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-05 07:57 . 2012-06-05 07:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-05 07:57 . 2012-06-05 07:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-05 07:57 . 2012-06-05 07:57 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-05 07:57 . 2012-06-05 07:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-05 07:57 . 2012-06-05 07:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-05 07:57 . 2012-06-05 07:57 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-05 07:57 . 2012-06-05 07:57 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-05 07:57 . 2012-06-05 07:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-05 07:57 . 2012-06-05 07:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-05 07:57 . 2012-06-05 07:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-05 07:57 . 2012-06-05 07:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-05 07:57 . 2012-06-05 07:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-05 07:57 . 2012-06-05 07:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-05 07:57 . 2012-06-05 07:57 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-05 07:57 . 2012-06-05 07:57 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-05 07:57 . 2012-06-05 07:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-02 22:19 . 2012-06-21 19:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 19:23 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 19:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2010-11-12 03:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-02-22 04:52 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 04:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-09-28 00:55 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-28 00:55 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-11-12 03:34 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-04-08 04:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-08 04:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-16 19:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-04-08 04:19 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-08 04:19 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-14 03:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-06-01 2276760]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-12 79360]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R3 HpStm001;USB Style Packet Filter Driver;c:\windows\system32\DRIVERS\HpStm001.SYS [2008-08-29 14336]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-12 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:56]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 07:21]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 07:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Input Device Main Program"="c:\program files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe" [2008-10-17 530432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\srcds\UNWISE.EXE
AddRemove-Microsoft SQL Server 10 - c:\program files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe
AddRemove-MTA:SA 1.2 - c:\program files (x86)\MTA San Andreas 1.2\Uninstall.exe
AddRemove-Natural Selection_is1 - c:\program files (x86)\steam\steamapps\masterchief4343\half-life\unins000.exe
AddRemove-No Hope - c:\documents and settings\All Users\Documents\World In Conflict\mods\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:48,7b,b4,30,e1,65,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,d4,0f,7b,61,e2,7a,47,b8,ad,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,d4,0f,7b,61,e2,7a,47,b8,ad,b6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\084\03?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-08-01 03:40:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 08:40
.
Pre-Run: 180,160,266,240 bytes free
Post-Run: 180,136,255,488 bytes free
.
- - End Of File - - 49D0ADC2B6AD4A0C9EFFD7165D21FC55
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2388 [GMT -5:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-01 to 2012-08-01 )))))))))))))))))))))))))))))))
.
.
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-01 08:26 . 2012-08-01 08:26 -------- d-----w- c:\users\Account\AppData\Local\temp
2012-07-29 19:06 . 2012-07-29 19:06 -------- d-----w- c:\users\Mcx2-STUDIO
2012-07-27 02:55 . 2012-07-27 06:25 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2012-07-27 01:20 . 2012-07-12 22:13 405144 ----a-w- c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
2012-07-27 01:19 . 2012-07-27 01:19 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-07-26 04:34 . 2012-07-26 04:34 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-07-23 01:45 . 2012-07-23 01:46 -------- d-----w- C:\FRST
2012-07-22 19:24 . 2012-07-22 19:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-20 23:14 . 2012-07-20 23:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 19:57 . 2012-07-22 04:40 -------- d-----w- c:\users\User
2012-07-15 00:24 . 2012-07-15 00:24 -------- d-----w- c:\program files (x86)\SIX Projects
2012-07-11 08:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:01 . 2012-06-02 12:52 754808 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-07-11 05:15 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 05:14 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 05:14 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 05:14 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-07 03:30 . 2012-07-07 03:06 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-07-02 16:35 . 2012-07-02 16:35 -------- d-----w- C:\MoTemp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 19:56 . 2012-04-03 06:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 19:56 . 2011-05-13 02:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-25 20:17 . 2012-06-06 02:23 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-07-25 20:17 . 2010-11-15 05:16 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-07-25 20:12 . 2010-11-13 17:40 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-07-11 08:02 . 2010-11-12 04:04 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-07 03:34 . 2010-11-13 17:40 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 18:46 . 2011-05-13 00:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 16:21 . 2012-03-15 05:26 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2011-03-14 14:58 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-11-12 14:29 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-11-12 14:29 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-11-12 14:29 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-11-12 14:29 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-11-12 14:28 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-11-12 14:28 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-16 16:46 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 10:04 . 2012-07-17 23:03 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{40DF7867-9FD3-460F-BA6A-1F146D4C610D}\mpengine.dll
2012-06-05 07:57 . 2012-06-05 07:57 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-05 07:57 . 2012-06-05 07:57 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-05 07:57 . 2012-06-05 07:57 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-05 07:57 . 2012-06-05 07:57 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-05 07:57 . 2012-06-05 07:57 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-05 07:57 . 2012-06-05 07:57 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-05 07:57 . 2012-06-05 07:57 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-05 07:57 . 2012-06-05 07:57 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-05 07:57 . 2012-06-05 07:57 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-05 07:57 . 2012-06-05 07:57 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-05 07:57 . 2012-06-05 07:57 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-05 07:57 . 2012-06-05 07:57 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-05 07:57 . 2012-06-05 07:57 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-05 07:57 . 2012-06-05 07:57 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-05 07:57 . 2012-06-05 07:57 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-05 07:57 . 2012-06-05 07:57 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-05 07:57 . 2012-06-05 07:57 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-05 07:57 . 2012-06-05 07:57 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-05 07:57 . 2012-06-05 07:57 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-05 07:57 . 2012-06-05 07:57 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-05 07:57 . 2012-06-05 07:57 448512 ----a-w- c:\windows\system32\html.iec
2012-06-05 07:57 . 2012-06-05 07:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-05 07:57 . 2012-06-05 07:57 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-05 07:57 . 2012-06-05 07:57 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-05 07:57 . 2012-06-05 07:57 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-05 07:57 . 2012-06-05 07:57 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-05 07:57 . 2012-06-05 07:57 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-05 07:57 . 2012-06-05 07:57 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-05 07:57 . 2012-06-05 07:57 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-05 07:57 . 2012-06-05 07:57 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-05 07:57 . 2012-06-05 07:57 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-05 07:57 . 2012-06-05 07:57 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-05 07:57 . 2012-06-05 07:57 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-05 07:57 . 2012-06-05 07:57 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-05 07:57 . 2012-06-05 07:57 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-05 07:57 . 2012-06-05 07:57 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-05 07:57 . 2012-06-05 07:57 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-05 07:57 . 2012-06-05 07:57 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-05 07:57 . 2012-06-05 07:57 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-05 07:57 . 2012-06-05 07:57 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-05 07:57 . 2012-06-05 07:57 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-05 07:57 . 2012-06-05 07:57 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-05 07:57 . 2012-06-05 07:57 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-05 07:57 . 2012-06-05 07:57 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-05 07:57 . 2012-06-05 07:57 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-05 07:57 . 2012-06-05 07:57 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-05 07:57 . 2012-06-05 07:57 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-05 07:57 . 2012-06-05 07:57 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-05 07:57 . 2012-06-05 07:57 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-05 07:57 . 2012-06-05 07:57 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-05 07:57 . 2012-06-05 07:57 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-05 07:57 . 2012-06-05 07:57 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-02 22:19 . 2012-06-21 19:24 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:24 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:24 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 19:23 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 19:23 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2010-11-12 03:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 10:48 . 2012-02-22 04:52 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-02-22 04:52 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-09-28 00:55 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-09-28 00:55 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2010-11-12 03:34 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2009-07-13 21:59 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 09:29 . 2011-04-08 04:19 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-04-08 04:19 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2010-10-16 19:13 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-04-08 04:19 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-04-08 04:19 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 07:21 . 2012-05-15 07:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 11:06 . 2012-06-14 03:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-06-01 2276760]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys [2009-08-19 19840]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-12 79360]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]
R3 HpStm001;USB Style Packet Filter Driver;c:\windows\system32\DRIVERS\HpStm001.SYS [2008-08-29 14336]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-12 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-08 517632]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 19:56]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 07:21]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 07:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Input Device Main Program"="c:\program files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe" [2008-10-17 530432]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-Half-Life Dedicated Server Update Tool - c:\srcds\UNWISE.EXE
AddRemove-Microsoft SQL Server 10 - c:\program files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe
AddRemove-MTA:SA 1.2 - c:\program files (x86)\MTA San Andreas 1.2\Uninstall.exe
AddRemove-Natural Selection_is1 - c:\program files (x86)\steam\steamapps\masterchief4343\half-life\unins000.exe
AddRemove-No Hope - c:\documents and settings\All Users\Documents\World In Conflict\mods\Uninstal.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:48,7b,b4,30,e1,65,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,d4,0f,7b,61,e2,7a,47,b8,ad,b6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,d4,0f,7b,61,e2,7a,47,b8,ad,b6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\09\00\19\084\03?"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-08-01 03:40:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-01 08:40
.
Pre-Run: 180,160,266,240 bytes free
Post-Run: 180,136,255,488 bytes free
.
- - End Of File - - 49D0ADC2B6AD4A0C9EFFD7165D21FC55
