sorry I didn't get back to you sooner.....The ComboFix Log Report seemed to take a while to do it's thing and it was quitting time here at work.........so I let it run
Here are the logs
fixlog.txt
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 22-08-2012
Ran by SYSTEM at 2012-08-22 13:40:02 Run:1
Running from G:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
67081c7cc168f335 service deleted successfully.
C:\Windows\System32\Drivers\67081c7cc168f335.sys moved successfully.
C:\Windows\System32\services.exe.C9E07894FD0AA652 moved successfully.
C:\Windows\System32\services.exe.382C5CAD45DA4418 moved successfully.
C:\Windows\System32\services.exe.6223F8580D82AD0C moved successfully.
C:\Windows\System32\services.exe.AE4A0D66CE1347CF moved successfully.
C:\Windows\System32\services.exe.14C1CEB3F2D8EF49 moved successfully.
C:\Windows\System32\services.exe.EE3554E591C6E466 moved successfully.
C:\Windows\System32\services.exe.287F213DB3FAF903 moved successfully.
C:\Windows\System32\services.exe.F6A40C9FB085F34D moved successfully.
C:\Windows\System32\services.exe.DC9BDFFDBCDF5569 moved successfully.
C:\Windows\System32\services.exe.B772D3007852BFDE moved successfully.
C:\Windows\System32\services.exe.81AB8BCDB1352E61 moved successfully.
C:\Windows\System32\services.exe.CB0D792C2639B3E9 moved successfully.
C:\Windows\System32\services.exe.56EEBE8006BFDBD1 moved successfully.
C:\Windows\System32\services.exe.34A0039CC3699DF8 moved successfully.
C:\Windows\System32\services.exe.A987DDA0D0AA20EB moved successfully.
C:\Windows\System32\services.exe.FC908693256E15A6 moved successfully.
C:\Windows\System32\services.exe.21436C9A9766D35E moved successfully.
C:\Windows\System32\services.exe.786E726CCC81ED8B moved successfully.
C:\Windows\System32\services.exe.79FA8368E1176211 moved successfully.
C:\Windows\System32\services.exe.8E55C186A98A2C25 moved successfully.
C:\Windows\System32\services.exe.87B73C1C34EE663A moved successfully.
C:\Windows\System32\services.exe.57BEE3C6F4F8AD24 moved successfully.
C:\Windows\System32\services.exe.CF51961F165EF7F7 moved successfully.
C:\Windows\System32\services.exe.31B1C96AD34B1A76 moved successfully.
C:\Windows\System32\services.exe.70CED8CCAFDBCECD moved successfully.
C:\Windows\System32\services.exe.5FEF27F4C13AE263 moved successfully.
C:\Windows\System32\services.exe.96BB268E2ED68ABF moved successfully.
C:\Windows\System32\services.exe.56292A63575A4350 moved successfully.
C:\Windows\System32\services.exe.04637CDFFB62159D moved successfully.
C:\Windows\System32\services.exe.C1A56F662F3F63B3 moved successfully.
C:\Windows\System32\services.exe.7D67129C2EF508CB moved successfully.
C:\Windows\System32\services.exe.CC1194FFB84EB0BC moved successfully.
C:\Windows\System32\services.exe.3BDE7D6B77715709 moved successfully.
C:\Windows\System32\services.exe.EA3A8D5F99E3EA12 moved successfully.
C:\Windows\System32\services.exe.B86E18D06E8B3E04 moved successfully.
C:\Windows\System32\services.exe.CF96E371FB843CFB moved successfully.
C:\Windows\System32\services.exe.0779D54F59CA6BC8 moved successfully.
C:\Windows\System32\services.exe.773F8938055AEF70 moved successfully.
C:\Windows\System32\services.exe.2B9098C03C3F1765 moved successfully.
C:\Windows\System32\services.exe.85FDDF611848B5C5 moved successfully.
C:\Windows\System32\services.exe.CDC80B5668192A02 moved successfully.
C:\Windows\System32\services.exe.09EC4B970A72F0D9 moved successfully.
C:\Windows\System32\services.exe.C62B12210AEEAD56 moved successfully.
C:\Windows\System32\services.exe.6BEF76134DC62787 moved successfully.
C:\Windows\System32\services.exe.F1CEA09951D1BF75 moved successfully.
C:\Windows\System32\services.exe.CAC3EF5FA5D32A79 moved successfully.
C:\Windows\System32\services.exe.B377BAA79D97FCB3 moved successfully.
C:\Windows\System32\services.exe.EF3BF416BF743F56 moved successfully.
C:\Windows\System32\services.exe.0D41064C765DF8B3 moved successfully.
C:\Windows\System32\services.exe.FA3028D6245D17CF moved successfully.
C:\Windows\System32\services.exe.31B2EAD51930B276 moved successfully.
C:\Windows\System32\services.exe.8D0E7FE7FD0030B4 moved successfully.
C:\Windows\System32\services.exe.E479FF6ECBEB02D3 moved successfully.
C:\Windows\System32\services.exe.0838F16D2017C1B4 moved successfully.
C:\Windows\System32\services.exe.C917ABD82DEF1D7E moved successfully.
C:\Windows\System32\services.exe.8F64B246A4761F0D moved successfully.
C:\Windows\System32\services.exe.D31D2BA493F4EF6C moved successfully.
C:\Windows\System32\services.exe.4A8EE1917624871D moved successfully.
C:\Windows\System32\services.exe.18F3C0DDDF71076D moved successfully.
C:\Windows\System32\services.exe.C98BE938B82A5B25 moved successfully.
C:\Windows\System32\services.exe.A225F23A76177ABE moved successfully.
C:\Windows\System32\services.exe.6BFB01192DBD69E6 moved successfully.
C:\Windows\System32\services.exe.793673BCCE17E694 moved successfully.
C:\Windows\System32\services.exe.072982D6E56357AC moved successfully.
C:\Windows\System32\services.exe.2368B5D2C7577148 moved successfully.
C:\Windows\System32\services.exe.2583CC5F30A95174 moved successfully.
C:\Windows\System32\services.exe.0B692D867B3FF6EB moved successfully.
C:\Windows\System32\services.exe.5A8E1EFCADBCE53F moved successfully.
C:\Windows\System32\services.exe.AA6DFBD6EF07701F moved successfully.
C:\Windows\System32\services.exe.FA1F2B783E018189 moved successfully.
C:\Windows\System32\services.exe.046CCF7B8251621D moved successfully.
C:\Windows\System32\services.exe.30951C83BDFF711C moved successfully.
C:\Windows\System32\services.exe.B86EAF6B61C08E45 moved successfully.
C:\Windows\System32\services.exe.E64CA73FBF0EE376 moved successfully.
C:\Windows\System32\services.exe.1DC313C9BCDC2022 moved successfully.
C:\Windows\System32\services.exe.D43FA56101C7A801 moved successfully.
C:\Windows\System32\services.exe.4D3FD731B2E98708 moved successfully.
C:\Windows\System32\services.exe.C64BF182746C6A12 moved successfully.
C:\Windows\System32\services.exe.959EFD3B0BB894E5 moved successfully.
C:\Windows\System32\services.exe.4B562F355C4E9D92 moved successfully.
C:\Windows\System32\services.exe.2CE52A89042D4332 moved successfully.
C:\Windows\System32\services.exe.FE54CD67654FDF2F moved successfully.
C:\Windows\System32\services.exe.0BCBD33BE4295288 moved successfully.
C:\Windows\System32\services.exe.D16CA00877B11915 moved successfully.
C:\Windows\System32\services.exe.21DD65A0C9AD0BD9 moved successfully.
C:\Windows\System32\services.exe.B80865B3065401F7 moved successfully.
C:\Windows\System32\services.exe.0CA424C2B9EA9EA3 moved successfully.
C:\Windows\System32\services.exe.162B1D90FE7AD305 moved successfully.
C:\Windows\System32\services.exe.BE0214E5B85CCE2B moved successfully.
C:\Windows\System32\services.exe.8A4248A2BC5894D8 moved successfully.
C:\Windows\System32\services.exe.F6C4A626025BC10D moved successfully.
C:\Windows\System32\services.exe.E65A08C92B3BFB5D moved successfully.
C:\Windows\System32\services.exe.9087F79190C4624B moved successfully.
C:\Windows\System32\services.exe.21B22934856BECEE moved successfully.
C:\Windows\System32\services.exe.6B67B40894673CBD moved successfully.
C:\Windows\System32\services.exe.4C05A1C18B25F178 moved successfully.
C:\Windows\System32\services.exe.AB63C4610721A54A moved successfully.
C:\Windows\System32\services.exe.D12CEB217F19C782 moved successfully.
C:\Windows\System32\services.exe.768EBE20F35649DB moved successfully.
C:\Windows\System32\services.exe.51F6C5EE687269E2 moved successfully.
C:\Windows\System32\services.exe.820D6EA40336FCEB moved successfully.
C:\Windows\System32\services.exe.8B8329801DD06B56 moved successfully.
C:\Windows\System32\services.exe.CCEE5005AD801554 moved successfully.
C:\Windows\System32\services.exe.64C151CEE3A40AB1 moved successfully.
C:\Windows\System32\services.exe.4775EEB6B5C93E2B moved successfully.
C:\Windows\System32\services.exe.D2F33E64CD5761BE moved successfully.
C:\Windows\System32\services.exe.1E76EF4E793C6C9D moved successfully.
C:\Windows\System32\services.exe.2A09916402F57602 moved successfully.
C:\Windows\System32\services.exe.14329BF4752CFC0F moved successfully.
C:\Windows\System32\services.exe.CBB6732CD94F7FEC moved successfully.
C:\Windows\System32\services.exe.4890D67C3C3441D9 moved successfully.
C:\Windows\System32\services.exe.9C997ED0879F465C moved successfully.
C:\Windows\System32\services.exe.2954000000018B81 moved successfully.
C:\Windows\System32\services.exe.EF16BDE8263E7A8D moved successfully.
C:\Windows\System32\services.exe.354656BE4D18349D moved successfully.
C:\Windows\System32\services.exe.42785F79AAB58293 moved successfully.
C:\Windows\System32\services.exe.2D9F4241F5CFFC73 moved successfully.
C:\Windows\System32\services.exe.1B7F06D4CA870611 moved successfully.
C:\Users\diehlj\AppData\Roaming\926A63 moved successfully.
C:\Windows\System32\services.exe.DB921AEE3FC11B8C moved successfully.
C:\Windows\System32\services.exe.090AD02303831B6C moved successfully.
C:\Windows\System32\services.exe.224CBADFDED25BC8 moved successfully.
C:\Windows\System32\services.exe.357356ECC0289E94 moved successfully.
C:\Windows\System32\services.exe.F9F5619CA0C8F43B moved successfully.
C:\Windows\System32\services.exe.3722A8D89B5DA503 moved successfully.
C:\Windows\System32\services.exe.24CCCAFF3F705690 moved successfully.
C:\Windows\System32\services.exe.0BA6127F167CB43F moved successfully.
C:\Windows\System32\services.exe.1CD4BDF867C798A4 moved successfully.
C:\Windows\System32\services.exe.9D4B8203064E1319 moved successfully.
C:\Windows\System32\services.exe.7999528496614964 moved successfully.
C:\Windows\System32\services.exe.01A83A1195FE5819 moved successfully.
C:\Windows\System32\services.exe.FEA9AB1F1D6067FA moved successfully.
C:\Windows\System32\services.exe.7835CBA1D647540A moved successfully.
C:\Windows\System32\services.exe.5A0D44792EF167EC moved successfully.
C:\Windows\System32\services.exe.BF07EF6A8B4045D8 moved successfully.
C:\Windows\System32\services.exe.215E0438E1062620 moved successfully.
C:\Windows\System32\services.exe.019ADC46CC42D4D4 moved successfully.
C:\Windows\System32\services.exe.7B1935C61EB2A66A moved successfully.
C:\Windows\System32\services.exe.0129EAAB3665E0C4 moved successfully.
C:\Windows\System32\services.exe.1B2CAEEA9E5B5996 moved successfully.
C:\Windows\System32\services.exe.E883354F5B2FD7FF moved successfully.
C:\Windows\System32\services.exe.A1955BA19914F868 moved successfully.
C:\Windows\System32\services.exe.84C5F16DF400A505 moved successfully.
C:\Windows\System32\services.exe.9134468CD42F760A moved successfully.
C:\Windows\System32\services.exe.9716A08E3D5CBC92 moved successfully.
C:\Windows\System32\services.exe.B31D5A6789158139 moved successfully.
C:\Windows\System32\services.exe.04462462FC2F91DB moved successfully.
C:\Windows\System32\services.exe.D79EB1653F1D1CAD moved successfully.
C:\Windows\System32\services.exe.675A3DD176BC94D5 moved successfully.
C:\Windows\System32\services.exe.2DCF39852EDF21BA moved successfully.
C:\Windows\System32\services.exe.AB349FE4854546FD moved successfully.
C:\Windows\System32\services.exe.8C6682271786045B moved successfully.
C:\Windows\System32\services.exe.706EEFACB952986D moved successfully.
C:\Windows\System32\services.exe.738970F558A9A2CC moved successfully.
C:\Windows\System32\services.exe.9372AF8C48F83C5B moved successfully.
C:\Windows\System32\services.exe.A057CC222A2FF9B7 moved successfully.
C:\Windows\System32\services.exe.3295C28D319F0BAD moved successfully.
C:\Windows\System32\services.exe.FF984E55FDAD8CCB moved successfully.
C:\Windows\System32\services.exe.7DE1EDC94A7C45EB moved successfully.
C:\Windows\System32\services.exe.F6EB81EB661B84F3 moved successfully.
C:\Windows\System32\services.exe.D3DB528C66E5CEA0 moved successfully.
C:\Windows\System32\services.exe.DF02590C50F5E301 moved successfully.
C:\Windows\System32\services.exe.5922F95F7E3581EC moved successfully.
C:\Windows\System32\services.exe.43F52A7B496DBAD4 moved successfully.
C:\Windows\System32\services.exe.F09AC6EEDAB76EB9 moved successfully.
C:\Windows\System32\services.exe.412B80B1ED7785F5 moved successfully.
C:\Windows\System32\services.exe.A308782FA1AB350C moved successfully.
C:\Windows\System32\services.exe.32F9C54A74985798 moved successfully.
C:\Windows\System32\services.exe.2C89E96FDCC6D9C4 moved successfully.
C:\Windows\System32\services.exe.C6683264FBD76A8D moved successfully.
C:\Windows\System32\services.exe.B62C8FA4D666141F moved successfully.
C:\Windows\System32\services.exe.DF4212D8F99440C1 moved successfully.
C:\Windows\System32\services.exe.C06BA1F84F891FD3 moved successfully.
C:\Windows\System32\services.exe.A1C2D6C7697BECFF moved successfully.
C:\Windows\System32\services.exe.C66B495DF1B7F901 moved successfully.
C:\Windows\System32\services.exe.796FD406606A3CE2 moved successfully.
C:\Windows\System32\services.exe.3415CF5AFFD40B25 moved successfully.
C:\Windows\System32\services.exe.2C3333F8084AF71F moved successfully.
C:\Windows\System32\services.exe.2166FA9F1198D9CA moved successfully.
C:\Windows\System32\services.exe.D11DB06A54D3E37B moved successfully.
C:\Windows\System32\services.exe.2A080C4203F1AC22 moved successfully.
C:\Windows\System32\services.exe.917B4F8DC97DC6B7 moved successfully.
C:\Windows\System32\services.exe.AF99F1FE9CBCC65E moved successfully.
C:\Windows\System32\services.exe.51C45D9FA4E2035B moved successfully.
C:\Windows\System32\services.exe.341F7906C0C19A6A moved successfully.
C:\Windows\System32\services.exe.53E6124CBD32EE59 moved successfully.
C:\Windows\System32\services.exe.93210D4FC540276F moved successfully.
C:\Windows\System32\services.exe.27879C0E88BCDCF7 moved successfully.
C:\Windows\System32\services.exe.9E364D5380263BE0 moved successfully.
C:\Windows\System32\services.exe.651B0DED75DD9B79 moved successfully.
C:\Windows\System32\services.exe.7A545F2D806886A3 moved successfully.
C:\Windows\System32\services.exe.0F37882B2ECB85E6 moved successfully.
C:\Windows\System32\services.exe.AB944DDB1E320CFA moved successfully.
C:\Windows\System32\services.exe.F9940C91BA45BCB2 moved successfully.
C:\Windows\System32\services.exe.59EB6CE104512D3E moved successfully.
C:\Windows\System32\services.exe.D8FF1F8BD696CA66 moved successfully.
C:\Windows\System32\services.exe.15E5D6A146FC6512 moved successfully.
C:\Windows\System32\services.exe.20CC49734DCCEC04 moved successfully.
C:\Windows\System32\services.exe.5E63D7E6DB924910 moved successfully.
C:\Windows\System32\services.exe.DD22F2965D863039 moved successfully.
C:\Windows\System32\services.exe.72A0C6FAE6059C57 moved successfully.
C:\Windows\System32\services.exe.F6699AD5C93E65FD moved successfully.
C:\Windows\System32\services.exe.477CCF94941EEF17 moved successfully.
C:\Windows\System32\services.exe.69763CE38BEB8B36 moved successfully.
C:\Windows\System32\services.exe.F003012E4C96D3BE moved successfully.
C:\Windows\System32\services.exe.7AA48050D3A52F01 moved successfully.
C:\Windows\System32\services.exe.62F7433A90462B94 moved successfully.
C:\Windows\System32\services.exe.9A97FB002CB4166D moved successfully.
C:\Windows\System32\services.exe.A8BCA8E978BDA19A moved successfully.
C:\Windows\System32\services.exe.BA5B979F024BFC5E moved successfully.
C:\Windows\System32\services.exe.147DECF07E0CC8D3 moved successfully.
C:\Windows\System32\services.exe.6E8F6CBDDD51E143 moved successfully.
C:\Windows\System32\services.exe.7281D37D96E686B2 moved successfully.
C:\Windows\System32\services.exe.E621CB58766E34B3 moved successfully.
C:\Windows\System32\services.exe.8B93817A900E05EB moved successfully.
C:\Windows\System32\services.exe.20363FB1120D456F moved successfully.
C:\Windows\System32\services.exe.D5F1E81C291D290C moved successfully.
C:\Windows\System32\services.exe.FAA65D5AD776ABCD moved successfully.
C:\Windows\System32\services.exe.52408FE129B19A39 moved successfully.
C:\Windows\System32\services.exe.00A14A39D0051F6A moved successfully.
C:\Windows\System32\services.exe.A6902218D58BAC35 moved successfully.
C:\Windows\System32\services.exe.3E03AF086EA39B82 moved successfully.
C:\Windows\System32\services.exe.3382151FFA20B9BC moved successfully.
C:\Windows\System32\services.exe.7FE84371D650F6CA moved successfully.
C:\Windows\System32\services.exe.F75120D5A085289C moved successfully.
C:\Windows\System32\services.exe.D4238C640FF9DB19 moved successfully.
C:\Windows\System32\services.exe.C4CB76BF8B6CA21E moved successfully.
C:\Windows\System32\services.exe.7C94F17A4DFAB9CD moved successfully.
C:\Windows\System32\services.exe.967D8FAA58768A4A moved successfully.
C:\Windows\System32\services.exe.FD0D57A88112A306 moved successfully.
C:\Windows\System32\services.exe.AF3683F7549EF42C moved successfully.
C:\Windows\System32\services.exe.8A5BAE3BE21F1E4B moved successfully.
C:\Windows\System32\services.exe.34E3693D95EC86AB moved successfully.
C:\Windows\System32\services.exe.A0BC506040BD372E moved successfully.
C:\Windows\System32\services.exe.883DB89A9857FCBD moved successfully.
C:\Windows\System32\services.exe.31740C6C0336F06B moved successfully.
C:\Windows\System32\services.exe.0348043D60C009A6 moved successfully.
C:\Windows\System32\services.exe.DAAF1CE68C03DA64 moved successfully.
C:\Windows\System32\services.exe.1960C865AA639565 moved successfully.
C:\Windows\System32\services.exe.6B020D065A8D4034 moved successfully.
C:\Windows\System32\services.exe.28217BBE2F60AAB1 moved successfully.
C:\Windows\System32\services.exe.926C925DA6C6AF89 moved successfully.
C:\Windows\System32\services.exe.582021393E0CE0D0 moved successfully.
C:\Windows\System32\services.exe.001A62493D3E4CC9 moved successfully.
C:\Windows\System32\services.exe.06C606FEBF6575EB moved successfully.
C:\Windows\System32\services.exe.19D7E767400627FC moved successfully.
C:\Windows\System32\services.exe.D0BB045569659D67 moved successfully.
C:\Windows\System32\services.exe.E33548A8928F00BF moved successfully.
C:\Windows\System32\services.exe.4D5DAF7534FB6A61 moved successfully.
C:\Windows\System32\services.exe.EE50D92F0BAFBAE9 moved successfully.
C:\Windows\System32\services.exe.7B6689DAB8A973C8 moved successfully.
C:\Windows\System32\services.exe.D6009CC263DA8EB6 moved successfully.
C:\Windows\System32\services.exe.93F95679E43FE4E7 moved successfully.
C:\Windows\System32\services.exe.12B6CD4473F87796 moved successfully.
C:\Windows\System32\services.exe.7B1C9783BC07C55A moved successfully.
C:\Windows\System32\services.exe.244FA627F615E06B moved successfully.
C:\Windows\System32\services.exe.CB102292C11AF55B moved successfully.
C:\Windows\System32\services.exe.4C5DC3D11BD6ACED moved successfully.
C:\Windows\System32\services.exe.4FF16E8A5BCD838A moved successfully.
C:\Windows\System32\services.exe.0A22F5F787C7E0D3 moved successfully.
C:\Windows\System32\services.exe.F73F9F3EF2BB6058 moved successfully.
C:\Windows\System32\services.exe.7C13ED303DCD0A0A moved successfully.
C:\Windows\System32\services.exe.4858A7A5E5F1140D moved successfully.
C:\Windows\System32\services.exe.CE6C79D837BAE0E9 moved successfully.
C:\Windows\System32\services.exe.E435E06C7AAF08DF moved successfully.
C:\Windows\System32\services.exe.9D5C5781D44F04FC moved successfully.
C:\Windows\System32\services.exe.013C64B6ACEBD3D8 moved successfully.
C:\Windows\System32\services.exe.2F76FD0E32BBE53E moved successfully.
C:\Windows\System32\services.exe.EBD62F9E516EF7DD moved successfully.
C:\Windows\System32\services.exe.C766D78DFADCC299 moved successfully.
C:\Windows\System32\services.exe.061B63583EFC3D15 moved successfully.
C:\Windows\System32\services.exe.AAEA6D73D25346C1 moved successfully.
C:\Windows\System32\services.exe.C54217461DC4B332 moved successfully.
C:\Windows\System32\services.exe.76ADC0F749F32C04 moved successfully.
C:\Windows\System32\services.exe.26F3DFD6CFABC36F moved successfully.
C:\Windows\System32\services.exe.3F1B16ACE022F19B moved successfully.
C:\Windows\System32\services.exe.33E49513CD86298A moved successfully.
C:\Windows\System32\services.exe.59F1349C4D4DBEE3 moved successfully.
C:\Windows\System32\services.exe.F8AFE994FC16EEE2 moved successfully.
C:\Windows\System32\services.exe.C9E98A92281E03DA moved successfully.
C:\Windows\System32\services.exe.A5B74F26906EED03 moved successfully.
C:\Windows\System32\services.exe.49E72D84B667B96A moved successfully.
C:\Windows\System32\services.exe.A21946A49706A84E moved successfully.
C:\Windows\System32\services.exe.6A862C16F49CA3BD moved successfully.
C:\Windows\System32\services.exe.C3A9F7B90284FE1F moved successfully.
C:\Windows\System32\services.exe.B0FA8699B07BFB79 moved successfully.
C:\Windows\System32\services.exe.ED34B2139D6B8FAA moved successfully.
C:\Windows\System32\services.exe.C312191CA3233186 moved successfully.
C:\Windows\System32\services.exe.8DFCCE21F073F7DD moved successfully.
C:\Windows\System32\services.exe.ED30D3467EAD6236 moved successfully.
C:\Windows\System32\services.exe.872297B9C36BDC63 moved successfully.
C:\Windows\System32\services.exe.55C0669102F69A5A moved successfully.
C:\Windows\System32\services.exe.04164AF44AB5BBA9 moved successfully.
C:\Windows\System32\services.exe.9C03CE4335D70312 moved successfully.
C:\Windows\System32\services.exe.536C9A5EAEBB349A moved successfully.
C:\Windows\System32\services.exe.7114EA135DE5C9F4 moved successfully.
C:\Windows\System32\services.exe.E57E67AFF36DDE1D moved successfully.
C:\Windows\System32\services.exe.BCCD69C0AFA450E7 moved successfully.
C:\Windows\System32\services.exe.1B3433327E237B34 moved successfully.
C:\Windows\System32\services.exe.D06EC83FC5215054 moved successfully.
C:\Windows\System32\services.exe.8027E250749D0706 moved successfully.
C:\Windows\System32\services.exe.19C0A0193B904D13 moved successfully.
C:\Windows\System32\services.exe.182C9B982285583E moved successfully.
C:\Windows\System32\services.exe.BE9C88F38C2EA78C moved successfully.
C:\Windows\System32\services.exe.F7CB87ADFA01B4A6 moved successfully.
C:\Windows\System32\services.exe.5A58B52BDC01A465 moved successfully.
C:\Windows\System32\services.exe.F060F8E767B73E09 moved successfully.
C:\Windows\System32\services.exe.8120657FA21DDF0E moved successfully.
C:\Windows\System32\services.exe.D9E9F83ED17A3FCF moved successfully.
C:\Windows\System32\services.exe.C1A93FF2953850B5 moved successfully.
C:\Windows\System32\services.exe.20D80ECA98F48EC1 moved successfully.
C:\Windows\System32\services.exe.CC81BF20D545F26C moved successfully.
C:\Windows\System32\services.exe.A76B110D632195EE moved successfully.
C:\Windows\System32\services.exe.B7380A62727798D0 moved successfully.
C:\Windows\System32\services.exe.226BBF36AB9139D0 moved successfully.
C:\Windows\System32\services.exe.FD83BA99B1BFD7B5 moved successfully.
C:\Windows\System32\services.exe.C6FC978D366EAB4A moved successfully.
C:\Windows\System32\services.exe.B801ADEB0849BBFB moved successfully.
C:\Windows\System32\services.exe.4C6DFED4E2C43CE8 moved successfully.
C:\Windows\System32\services.exe.C252A12DB9CA4294 moved successfully.
C:\Windows\System32\services.exe.DF5F3F7B22985D34 moved successfully.
C:\Windows\System32\services.exe.DE3C00E5A3DE77EB moved successfully.
C:\Windows\Installer\{4e08287e-0f75-e9e4-8a10-e0f19224833b} moved successfully.
C:\Users\diehlj\AppData\Local\{4e08287e-0f75-e9e4-8a10-e0f19224833b} moved successfully.
The operation completed successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
ComboFix.txt
ComboFix 12-08-22.03 - diehlj 08/22/2012 15:01:16.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12286.9107 [GMT -5:00]
Running from: c:\users\diehlj\Desktop\virus tools\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300801.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300802.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300803.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\300805.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301010.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301101.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\301102.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306106.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306201.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\306202.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401001.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401002.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401003.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401004.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401005.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\401006.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6069.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6090.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6215.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6336.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6337.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\6344.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\8.txt
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\D24878B1.dwg
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\Kl3760.dwg
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Recent\newBlock.dwg
c:\users\diehlj\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\SysWow64\FlashPlayerInstaller.exe
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-07-22 to 2012-08-22 )))))))))))))))))))))))))))))))
.
.
2012-08-22 20:12 . 2012-08-22 20:12 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{846030D7-A37B-4995-BF11-C1BC88B45E48}\offreg.dll
2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Gencor\AppData\Local\temp
2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-22 20:10 . 2012-08-22 20:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-22 15:06 . 2012-08-22 15:06 -------- d-----w- C:\FRST
2012-08-22 12:15 . 2012-08-22 12:15 328704 ----a-w- c:\windows\system32\services.exe.9656B81F6D0B43DB
2012-08-20 12:09 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-09 14:03 . 2012-08-09 14:03 -------- d-----w- c:\users\diehlj\AppData\Local\LogMeIn
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-08-06 11:29 . 2012-08-06 11:29 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2012-08-06 11:29 . 2012-08-06 11:29 -------- d-----w- c:\program files (x86)\QuickTime
2012-08-03 14:14 . 2012-08-03 14:14 -------- d-----w- c:\program files (x86)\Common Files\Real
2012-07-25 19:21 . 2012-07-25 19:21 -------- d-----w- c:\windows\en
2012-07-25 19:18 . 2012-07-25 19:18 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-25 19:16 . 2012-07-25 19:16 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fa8977581cd6a9902\MeshBetaRemover.exe
2012-07-25 19:16 . 2012-07-25 19:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DSETUP.dll
2012-07-25 19:16 . 2012-07-25 19:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\DXSETUP.exe
2012-07-25 19:16 . 2012-07-25 19:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f9b754e71cd6a9901\dsetup32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 13:16 . 2012-04-06 15:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 13:16 . 2011-05-14 13:26 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2011-05-25 14:12 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-22 11:43 . 2011-04-14 15:14 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 11:36 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:36 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 11:36 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:36 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:36 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 11:36 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 11:36 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 11:36 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 11:36 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 17:25 . 2011-04-13 15:26 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-01-03 14:44 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-04-01 03:45 501760 ----a-w- c:\program files\Classic Shell\ClassicExplorer32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
"Akamai NetSession Interface"="c:\users\diehlj\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-04-23 1314816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\users\diehlj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
Super Finder XT.lnk - c:\program files (x86)\FSL\SuperFinder\SuperFinder.exe [2011-5-25 2447360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Bandoo\BndHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2012-01-20 89160]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\u_sf\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-06 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 136176]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-20 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 Remote Solver for Flow Simulation 2012;Remote Solver for Flow Simulation 2012;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [2011-09-29 109624]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-04-03 59744]
R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696]
R4 SQLAgent$MTCSOFTWARE;SQL Server Agent (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\SQLAGENT.EXE [2010-04-03 428384]
R4 uvnc_service;uvnc_service;c:\program files\UltraVNC\WinVNC.exe [2011-05-19 2169592]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-24 78208]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 MSSQL$MTCSOFTWARE;SQL Server (MTCSOFTWARE);c:\program files\Microsoft SQL Server\MSSQL10_50.MTCSOFTWARE\MSSQL\Binn\sqlservr.exe [2010-04-03 61913952]
S2 MTCSqlJobService;MTC Sql Job Service;c:\program files (x86)\MTC Software\ProNest 2010\MTCSqlJobService.exe [2011-08-16 33280]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2012-01-03 265928]
S3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2011-12-06 12904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-22 131688]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:16]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-28 14:03]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265Core.job
- c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
.
2012-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2052111302-839522115-1265UA.job
- c:\users\diehlj\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-07 14:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ShareOverlay]
@="{594D4122-1F87-41E2-96C7-825FB4796516}"
[HKEY_CLASSES_ROOT\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}]
2011-04-01 03:46 625152 ----a-w- c:\program files\Classic Shell\ClassicExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-10-16 21:17 138608 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Classic Start Menu"="c:\program files\Classic Shell\ClassicStartMenu.exe" [2011-04-01 98304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF24909.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://
www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\Classic Shell\ClassicIE9_32.exe
LSP: c:\program files (x86)\SpeedBit Video Accelerator\SBLSP.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 192.168.16.2 66.43.215.1
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
FF - ProfilePath - c:\users\diehlj\AppData\Roaming\Mozilla\Firefox\Profiles\0izjnju6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://
www.yahoo.com/?ilc=8
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{389943B0-C3A2-4E69-82CB-8596A84CB3DC} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\
http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="
http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\
http://schemas.microsoft.com/office...{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Bandoo\Bandoo.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-22 16:36:35 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-22 21:36
.
Pre-Run: 81,142,898,688 bytes free
Post-Run: 81,005,199,360 bytes free
.
- - End Of File - - 967747EEF097E806E8C0124AED5422B3
==== End of Fixlog ====