ComboFix 13-04-24.03 - DazzeR 24/04/2013 18:36:21.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.7.1033.18.16301.14017 [GMT 1:00]
Running from: c:\users\DazzeR\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\6639861.pad
c:\programdata\7099682.pad
c:\programdata\CleanupFiles.exe
c:\programdata\ntuser.dat
C:\STF1789.tmp
C:\STF18F5.tmp
C:\STF1BF0.tmp
C:\STF2BC9.tmp
C:\STF36FE.tmp
C:\STF6F4A.tmp
C:\STFAA77.tmp
C:\STFAB92.tmp
C:\STFB0A4.tmp
C:\STFD713.tmp
C:\STFE3C.tmp
C:\STFFBC.tmp
c:\users\DazzeR\ - colt_45_sound_fx_.wmv .mp3
c:\users\DazzeR\Любэ, Корни и Интонация (In2nation) - Просто Любовь .mp3
c:\users\DazzeR\AppData\Local\assembly\tmp
c:\users\DazzeR\MICHAEL JACKSON - GIVE IN TO ME .mp3
c:\windows\PolicyDefinitions
c:\windows\PolicyDefinitions\ActiveXInstallService.admx
c:\windows\PolicyDefinitions\AddRemovePrograms.admx
c:\windows\PolicyDefinitions\AppCompat.admx
c:\windows\PolicyDefinitions\AttachmentManager.admx
c:\windows\PolicyDefinitions\AutoPlay.admx
c:\windows\PolicyDefinitions\Biometrics.admx
c:\windows\PolicyDefinitions\Bits.admx
c:\windows\PolicyDefinitions\CEIPEnable.admx
c:\windows\PolicyDefinitions\CipherSuiteOrder.admx
c:\windows\PolicyDefinitions\COM.admx
c:\windows\PolicyDefinitions\Conf.admx
c:\windows\PolicyDefinitions\ControlPanel.admx
c:\windows\PolicyDefinitions\ControlPanelDisplay.admx
c:\windows\PolicyDefinitions\Cpls.admx
c:\windows\PolicyDefinitions\CredentialProviders.admx
c:\windows\PolicyDefinitions\CredSsp.admx
c:\windows\PolicyDefinitions\CredUI.admx
c:\windows\PolicyDefinitions\CtrlAltDel.admx
c:\windows\PolicyDefinitions\DCOM.admx
c:\windows\PolicyDefinitions\Desktop.admx
c:\windows\PolicyDefinitions\DeviceInstallation.admx
c:\windows\PolicyDefinitions\DeviceRedirection.admx
c:\windows\PolicyDefinitions\DFS.admx
c:\windows\PolicyDefinitions\DigitalLocker.admx
c:\windows\PolicyDefinitions\DiskDiagnostic.admx
c:\windows\PolicyDefinitions\DiskNVCache.admx
c:\windows\PolicyDefinitions\DiskQuota.admx
c:\windows\PolicyDefinitions\DistributedLinkTracking.admx
c:\windows\PolicyDefinitions\DnsClient.admx
c:\windows\PolicyDefinitions\DWM.admx
c:\windows\PolicyDefinitions\en-US\ActiveXInstallService.adml
c:\windows\PolicyDefinitions\en-US\AddRemovePrograms.adml
c:\windows\PolicyDefinitions\en-US\AppCompat.adml
c:\windows\PolicyDefinitions\en-US\AttachmentManager.adml
c:\windows\PolicyDefinitions\en-US\AutoPlay.adml
c:\windows\PolicyDefinitions\en-US\Biometrics.adml
c:\windows\PolicyDefinitions\en-US\Bits.adml
c:\windows\PolicyDefinitions\en-US\CEIPEnable.adml
c:\windows\PolicyDefinitions\en-US\CipherSuiteOrder.adml
c:\windows\PolicyDefinitions\en-US\COM.adml
c:\windows\PolicyDefinitions\en-US\Conf.adml
c:\windows\PolicyDefinitions\en-US\ControlPanel.adml
c:\windows\PolicyDefinitions\en-US\ControlPanelDisplay.adml
c:\windows\PolicyDefinitions\en-US\Cpls.adml
c:\windows\PolicyDefinitions\en-US\CredentialProviders.adml
c:\windows\PolicyDefinitions\en-US\CredSsp.adml
c:\windows\PolicyDefinitions\en-US\CredUI.adml
c:\windows\PolicyDefinitions\en-US\CtrlAltDel.adml
c:\windows\PolicyDefinitions\en-US\DCOM.adml
c:\windows\PolicyDefinitions\en-US\Desktop.adml
c:\windows\PolicyDefinitions\en-US\DeviceInstallation.adml
c:\windows\PolicyDefinitions\en-US\DeviceRedirection.adml
c:\windows\PolicyDefinitions\en-US\DFS.adml
c:\windows\PolicyDefinitions\en-US\DigitalLocker.adml
c:\windows\PolicyDefinitions\en-US\DiskDiagnostic.adml
c:\windows\PolicyDefinitions\en-US\DiskNVCache.adml
c:\windows\PolicyDefinitions\en-US\DiskQuota.adml
c:\windows\PolicyDefinitions\en-US\DistributedLinkTracking.adml
c:\windows\PolicyDefinitions\en-US\DnsClient.adml
c:\windows\PolicyDefinitions\en-US\DWM.adml
c:\windows\PolicyDefinitions\en-US\EncryptFilesonMove.adml
c:\windows\PolicyDefinitions\en-US\EnhancedStorage.adml
c:\windows\PolicyDefinitions\en-US\ErrorReporting.adml
c:\windows\PolicyDefinitions\en-US\EventForwarding.adml
c:\windows\PolicyDefinitions\en-US\EventLog.adml
c:\windows\PolicyDefinitions\en-US\EventViewer.adml
c:\windows\PolicyDefinitions\en-US\Explorer.adml
c:\windows\PolicyDefinitions\en-US\FileRecovery.adml
c:\windows\PolicyDefinitions\en-US\FileSys.adml
c:\windows\PolicyDefinitions\en-US\FolderRedirection.adml
c:\windows\PolicyDefinitions\en-US\FramePanes.adml
c:\windows\PolicyDefinitions\en-US\fthsvc.adml
c:\windows\PolicyDefinitions\en-US\GameExplorer.adml
c:\windows\PolicyDefinitions\en-US\Globalization.adml
c:\windows\PolicyDefinitions\en-US\GroupPolicy.adml
c:\windows\PolicyDefinitions\en-US\Help.adml
c:\windows\PolicyDefinitions\en-US\HelpAndSupport.adml
c:\windows\PolicyDefinitions\en-US\HotStart.adml
c:\windows\PolicyDefinitions\en-US\ICM.adml
c:\windows\PolicyDefinitions\en-US\IIS.adml
c:\windows\PolicyDefinitions\en-US\InetRes.adml
c:\windows\PolicyDefinitions\en-US\InkWatson.adml
c:\windows\PolicyDefinitions\en-US\InputPersonalization.adml
c:\windows\PolicyDefinitions\en-US\iSCSI.adml
c:\windows\PolicyDefinitions\en-US\Kerberos.adml
c:\windows\PolicyDefinitions\en-US\LanmanServer.adml
c:\windows\PolicyDefinitions\en-US\LeakDiagnostic.adml
c:\windows\PolicyDefinitions\en-US\LinkLayerTopologyDiscovery.adml
c:\windows\PolicyDefinitions\en-US\Logon.adml
c:\windows\PolicyDefinitions\en-US\MediaCenter.adml
c:\windows\PolicyDefinitions\en-US\MMC.adml
c:\windows\PolicyDefinitions\en-US\MMCSnapins.adml
c:\windows\PolicyDefinitions\en-US\MobilePCMobilityCenter.adml
c:\windows\PolicyDefinitions\en-US\MobilePCPresentationSettings.adml
c:\windows\PolicyDefinitions\en-US\MSDT.adml
c:\windows\PolicyDefinitions\en-US\Msi-FileRecovery.adml
c:\windows\PolicyDefinitions\en-US\MSI.adml
c:\windows\PolicyDefinitions\en-US\NCSI.adml
c:\windows\PolicyDefinitions\en-US\Netlogon.adml
c:\windows\PolicyDefinitions\en-US\NetworkConnections.adml
c:\windows\PolicyDefinitions\en-US\NetworkProjection.adml
c:\windows\PolicyDefinitions\en-US\OfflineFiles.adml
c:\windows\PolicyDefinitions\en-US\P2P-pnrp.adml
c:\windows\PolicyDefinitions\en-US\ParentalControls.adml
c:\windows\PolicyDefinitions\en-US\pca.adml
c:\windows\PolicyDefinitions\en-US\PeerToPeerCaching.adml
c:\windows\PolicyDefinitions\en-US\PenTraining.adml
c:\windows\PolicyDefinitions\en-US\PerfCenterCPL.adml
c:\windows\PolicyDefinitions\en-US\PerformanceDiagnostics.adml
c:\windows\PolicyDefinitions\en-US\PerformancePerftrack.adml
c:\windows\PolicyDefinitions\en-US\Power.adml
c:\windows\PolicyDefinitions\en-US\PreviousVersions.adml
c:\windows\PolicyDefinitions\en-US\Printing.adml
c:\windows\PolicyDefinitions\en-US\Programs.adml
c:\windows\PolicyDefinitions\en-US\QOS.adml
c:\windows\PolicyDefinitions\en-US\RacWmiProv.adml
c:\windows\PolicyDefinitions\en-US\Radar.adml
c:\windows\PolicyDefinitions\en-US\ReAgent.adml
c:\windows\PolicyDefinitions\en-US\Reliability.adml
c:\windows\PolicyDefinitions\en-US\RemoteAssistance.adml
c:\windows\PolicyDefinitions\en-US\RemovableStorage.adml
c:\windows\PolicyDefinitions\en-US\RPC.adml
c:\windows\PolicyDefinitions\en-US\Scripts.adml
c:\windows\PolicyDefinitions\en-US\sdiageng.adml
c:\windows\PolicyDefinitions\en-US\sdiagschd.adml
c:\windows\PolicyDefinitions\en-US\Search.adml
c:\windows\PolicyDefinitions\en-US\Securitycenter.adml
c:\windows\PolicyDefinitions\en-US\Sensors.adml
c:\windows\PolicyDefinitions\en-US\Setup.adml
c:\windows\PolicyDefinitions\en-US\ShapeCollector.adml
c:\windows\PolicyDefinitions\en-US\SharedFolders.adml
c:\windows\PolicyDefinitions\en-US\Sharing.adml
c:\windows\PolicyDefinitions\en-US\Shell-CommandPrompt-RegEditTools.adml
c:\windows\PolicyDefinitions\en-US\ShellWelcomeCenter.adml
c:\windows\PolicyDefinitions\en-US\Sidebar.adml
c:\windows\PolicyDefinitions\en-US\Sideshow.adml
c:\windows\PolicyDefinitions\en-US\Smartcard.adml
c:\windows\PolicyDefinitions\en-US\Snmp.adml
c:\windows\PolicyDefinitions\en-US\SoundRec.adml
c:\windows\PolicyDefinitions\en-US\StartMenu.adml
c:\windows\PolicyDefinitions\en-US\SystemResourceManager.adml
c:\windows\PolicyDefinitions\en-US\SystemRestore.adml
c:\windows\PolicyDefinitions\en-US\TabletPCInputPanel.adml
c:\windows\PolicyDefinitions\en-US\TabletShell.adml
c:\windows\PolicyDefinitions\en-US\Taskbar.adml
c:\windows\PolicyDefinitions\en-US\TaskScheduler.adml
c:\windows\PolicyDefinitions\en-US\tcpip.adml
c:\windows\PolicyDefinitions\en-US\TerminalServer-WinIP.adml
c:\windows\PolicyDefinitions\en-US\TerminalServer.adml
c:\windows\PolicyDefinitions\en-US\Thumbnails.adml
c:\windows\PolicyDefinitions\en-US\TouchInput.adml
c:\windows\PolicyDefinitions\en-US\TPM.adml
c:\windows\PolicyDefinitions\en-US\UserDataBackup.adml
c:\windows\PolicyDefinitions\en-US\UserProfiles.adml
c:\windows\PolicyDefinitions\en-US\VolumeEncryption.adml
c:\windows\PolicyDefinitions\en-US\W32Time.adml
c:\windows\PolicyDefinitions\en-US\WDI.adml
c:\windows\PolicyDefinitions\en-US\WinCal.adml
c:\windows\PolicyDefinitions\en-US\Windows.adml
c:\windows\PolicyDefinitions\en-US\WindowsAnytimeUpgrade.adml
c:\windows\PolicyDefinitions\en-US\WindowsBackup.adml
c:\windows\PolicyDefinitions\en-US\WindowsColorSystem.adml
c:\windows\PolicyDefinitions\en-US\WindowsConnectNow.adml
c:\windows\PolicyDefinitions\en-US\WindowsDefender.adml
c:\windows\PolicyDefinitions\en-US\WindowsExplorer.adml
c:\windows\PolicyDefinitions\en-US\WindowsFileProtection.adml
c:\windows\PolicyDefinitions\en-US\WindowsFirewall.adml
c:\windows\PolicyDefinitions\en-US\WindowsMail.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\en-US\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\en-US\WindowsMessenger.adml
c:\windows\PolicyDefinitions\en-US\WindowsProducts.adml
c:\windows\PolicyDefinitions\en-US\WindowsRemoteManagement.adml
c:\windows\PolicyDefinitions\en-US\WindowsRemoteShell.adml
c:\windows\PolicyDefinitions\en-US\WindowsUpdate.adml
c:\windows\PolicyDefinitions\en-US\WinInit.adml
c:\windows\PolicyDefinitions\en-US\WinLogon.adml
c:\windows\PolicyDefinitions\en-US\Winsrv.adml
c:\windows\PolicyDefinitions\en-US\WordWheel.adml
c:\windows\PolicyDefinitions\EncryptFilesonMove.admx
c:\windows\PolicyDefinitions\EnhancedStorage.admx
c:\windows\PolicyDefinitions\ErrorReporting.admx
c:\windows\PolicyDefinitions\EventForwarding.admx
c:\windows\PolicyDefinitions\EventLog.admx
c:\windows\PolicyDefinitions\EventViewer.admx
c:\windows\PolicyDefinitions\Explorer.admx
c:\windows\PolicyDefinitions\FileRecovery.admx
c:\windows\PolicyDefinitions\FileSys.admx
c:\windows\PolicyDefinitions\FolderRedirection.admx
c:\windows\PolicyDefinitions\FramePanes.admx
c:\windows\PolicyDefinitions\fthsvc.admx
c:\windows\PolicyDefinitions\GameExplorer.admx
c:\windows\PolicyDefinitions\Globalization.admx
c:\windows\PolicyDefinitions\GroupPolicy.admx
c:\windows\PolicyDefinitions\Help.admx
c:\windows\PolicyDefinitions\HelpAndSupport.admx
c:\windows\PolicyDefinitions\HotStart.admx
c:\windows\PolicyDefinitions\ICM.admx
c:\windows\PolicyDefinitions\IIS.admx
c:\windows\PolicyDefinitions\inetres.admx
c:\windows\PolicyDefinitions\InkWatson.admx
c:\windows\PolicyDefinitions\InputPersonalization.admx
c:\windows\PolicyDefinitions\iSCSI.admx
c:\windows\PolicyDefinitions\Kerberos.admx
c:\windows\PolicyDefinitions\LanmanServer.admx
c:\windows\PolicyDefinitions\LeakDiagnostic.admx
c:\windows\PolicyDefinitions\LinkLayerTopologyDiscovery.admx
c:\windows\PolicyDefinitions\Logon.admx
c:\windows\PolicyDefinitions\MediaCenter.admx
c:\windows\PolicyDefinitions\MMC.admx
c:\windows\PolicyDefinitions\MMCSnapins.admx
c:\windows\PolicyDefinitions\MobilePCMobilityCenter.admx
c:\windows\PolicyDefinitions\MobilePCPresentationSettings.admx
c:\windows\PolicyDefinitions\MSDT.admx
c:\windows\PolicyDefinitions\Msi-FileRecovery.admx
c:\windows\PolicyDefinitions\MSI.admx
c:\windows\PolicyDefinitions\NCSI.admx
c:\windows\PolicyDefinitions\Netlogon.admx
c:\windows\PolicyDefinitions\NetworkConnections.admx
c:\windows\PolicyDefinitions\NetworkProjection.admx
c:\windows\PolicyDefinitions\OfflineFiles.admx
c:\windows\PolicyDefinitions\P2P-pnrp.admx
c:\windows\PolicyDefinitions\ParentalControls.admx
c:\windows\PolicyDefinitions\pca.admx
c:\windows\PolicyDefinitions\PeerToPeerCaching.admx
c:\windows\PolicyDefinitions\PenTraining.admx
c:\windows\PolicyDefinitions\PerfCenterCPL.admx
c:\windows\PolicyDefinitions\PerformanceDiagnostics.admx
c:\windows\PolicyDefinitions\PerformancePerftrack.admx
c:\windows\PolicyDefinitions\Power.admx
c:\windows\PolicyDefinitions\PreviousVersions.admx
c:\windows\PolicyDefinitions\Printing.admx
c:\windows\PolicyDefinitions\Programs.admx
c:\windows\PolicyDefinitions\QOS.admx
c:\windows\PolicyDefinitions\RacWmiProv.admx
c:\windows\PolicyDefinitions\Radar.admx
c:\windows\PolicyDefinitions\ReAgent.admx
c:\windows\PolicyDefinitions\Reliability.admx
c:\windows\PolicyDefinitions\RemoteAssistance.admx
c:\windows\PolicyDefinitions\RemovableStorage.admx
c:\windows\PolicyDefinitions\RPC.admx
c:\windows\PolicyDefinitions\ru-RU\ActiveXInstallService.adml
c:\windows\PolicyDefinitions\ru-RU\AddRemovePrograms.adml
c:\windows\PolicyDefinitions\ru-RU\AppCompat.adml
c:\windows\PolicyDefinitions\ru-RU\AttachmentManager.adml
c:\windows\PolicyDefinitions\ru-RU\AutoPlay.adml
c:\windows\PolicyDefinitions\ru-RU\Biometrics.adml
c:\windows\PolicyDefinitions\ru-RU\Bits.adml
c:\windows\PolicyDefinitions\ru-RU\CEIPEnable.adml
c:\windows\PolicyDefinitions\ru-RU\CipherSuiteOrder.adml
c:\windows\PolicyDefinitions\ru-RU\COM.adml
c:\windows\PolicyDefinitions\ru-RU\Conf.adml
c:\windows\PolicyDefinitions\ru-RU\ControlPanel.adml
c:\windows\PolicyDefinitions\ru-RU\ControlPanelDisplay.adml
c:\windows\PolicyDefinitions\ru-RU\Cpls.adml
c:\windows\PolicyDefinitions\ru-RU\CredentialProviders.adml
c:\windows\PolicyDefinitions\ru-RU\CredSsp.adml
c:\windows\PolicyDefinitions\ru-RU\CredUI.adml
c:\windows\PolicyDefinitions\ru-RU\CtrlAltDel.adml
c:\windows\PolicyDefinitions\ru-RU\DCOM.adml
c:\windows\PolicyDefinitions\ru-RU\Desktop.adml
c:\windows\PolicyDefinitions\ru-RU\DeviceInstallation.adml
c:\windows\PolicyDefinitions\ru-RU\DeviceRedirection.adml
c:\windows\PolicyDefinitions\ru-RU\DFS.adml
c:\windows\PolicyDefinitions\ru-RU\DigitalLocker.adml
c:\windows\PolicyDefinitions\ru-RU\DiskDiagnostic.adml
c:\windows\PolicyDefinitions\ru-RU\DiskNVCache.adml
c:\windows\PolicyDefinitions\ru-RU\DiskQuota.adml
c:\windows\PolicyDefinitions\ru-RU\DistributedLinkTracking.adml
c:\windows\PolicyDefinitions\ru-RU\DnsClient.adml
c:\windows\PolicyDefinitions\ru-RU\DWM.adml
c:\windows\PolicyDefinitions\ru-RU\EncryptFilesonMove.adml
c:\windows\PolicyDefinitions\ru-RU\EnhancedStorage.adml
c:\windows\PolicyDefinitions\ru-RU\ErrorReporting.adml
c:\windows\PolicyDefinitions\ru-RU\EventForwarding.adml
c:\windows\PolicyDefinitions\ru-RU\EventLog.adml
c:\windows\PolicyDefinitions\ru-RU\EventViewer.adml
c:\windows\PolicyDefinitions\ru-RU\Explorer.adml
c:\windows\PolicyDefinitions\ru-RU\FileRecovery.adml
c:\windows\PolicyDefinitions\ru-RU\FileSys.adml
c:\windows\PolicyDefinitions\ru-RU\FolderRedirection.adml
c:\windows\PolicyDefinitions\ru-RU\FramePanes.adml
c:\windows\PolicyDefinitions\ru-RU\fthsvc.adml
c:\windows\PolicyDefinitions\ru-RU\GameExplorer.adml
c:\windows\PolicyDefinitions\ru-RU\Globalization.adml
c:\windows\PolicyDefinitions\ru-RU\GroupPolicy.adml
c:\windows\PolicyDefinitions\ru-RU\Help.adml
c:\windows\PolicyDefinitions\ru-RU\HelpAndSupport.adml
c:\windows\PolicyDefinitions\ru-RU\HotStart.adml
c:\windows\PolicyDefinitions\ru-RU\ICM.adml
c:\windows\PolicyDefinitions\ru-RU\IIS.adml
c:\windows\PolicyDefinitions\ru-RU\InetRes.adml
c:\windows\PolicyDefinitions\ru-RU\InkWatson.adml
c:\windows\PolicyDefinitions\ru-RU\InputPersonalization.adml
c:\windows\PolicyDefinitions\ru-RU\iSCSI.adml
c:\windows\PolicyDefinitions\ru-RU\Kerberos.adml
c:\windows\PolicyDefinitions\ru-RU\LanmanServer.adml
c:\windows\PolicyDefinitions\ru-RU\LeakDiagnostic.adml
c:\windows\PolicyDefinitions\ru-RU\LinkLayerTopologyDiscovery.adml
c:\windows\PolicyDefinitions\ru-RU\Logon.adml
c:\windows\PolicyDefinitions\ru-RU\MediaCenter.adml
c:\windows\PolicyDefinitions\ru-RU\MMC.adml
c:\windows\PolicyDefinitions\ru-RU\MMCSnapins.adml
c:\windows\PolicyDefinitions\ru-RU\MobilePCMobilityCenter.adml
c:\windows\PolicyDefinitions\ru-RU\MobilePCPresentationSettings.adml
c:\windows\PolicyDefinitions\ru-RU\MSDT.adml
c:\windows\PolicyDefinitions\ru-RU\Msi-FileRecovery.adml
c:\windows\PolicyDefinitions\ru-RU\MSI.adml
c:\windows\PolicyDefinitions\ru-RU\NCSI.adml
c:\windows\PolicyDefinitions\ru-RU\Netlogon.adml
c:\windows\PolicyDefinitions\ru-RU\NetworkConnections.adml
c:\windows\PolicyDefinitions\ru-RU\NetworkProjection.adml
c:\windows\PolicyDefinitions\ru-RU\OfflineFiles.adml
c:\windows\PolicyDefinitions\ru-RU\P2P-pnrp.adml
c:\windows\PolicyDefinitions\ru-RU\ParentalControls.adml
c:\windows\PolicyDefinitions\ru-RU\pca.adml
c:\windows\PolicyDefinitions\ru-RU\PeerToPeerCaching.adml
c:\windows\PolicyDefinitions\ru-RU\PenTraining.adml
c:\windows\PolicyDefinitions\ru-RU\PerfCenterCPL.adml
c:\windows\PolicyDefinitions\ru-RU\PerformanceDiagnostics.adml
c:\windows\PolicyDefinitions\ru-RU\PerformancePerftrack.adml
c:\windows\PolicyDefinitions\ru-RU\Power.adml
c:\windows\PolicyDefinitions\ru-RU\PreviousVersions.adml
c:\windows\PolicyDefinitions\ru-RU\Printing.adml
c:\windows\PolicyDefinitions\ru-RU\Programs.adml
c:\windows\PolicyDefinitions\ru-RU\QOS.adml
c:\windows\PolicyDefinitions\ru-RU\RacWmiProv.adml
c:\windows\PolicyDefinitions\ru-RU\Radar.adml
c:\windows\PolicyDefinitions\ru-RU\ReAgent.adml
c:\windows\PolicyDefinitions\ru-RU\Reliability.adml
c:\windows\PolicyDefinitions\ru-RU\RemoteAssistance.adml
c:\windows\PolicyDefinitions\ru-RU\RemovableStorage.adml
c:\windows\PolicyDefinitions\ru-RU\RPC.adml
c:\windows\PolicyDefinitions\ru-RU\Scripts.adml
c:\windows\PolicyDefinitions\ru-RU\sdiageng.adml
c:\windows\PolicyDefinitions\ru-RU\sdiagschd.adml
c:\windows\PolicyDefinitions\ru-RU\Search.adml
c:\windows\PolicyDefinitions\ru-RU\Securitycenter.adml
c:\windows\PolicyDefinitions\ru-RU\Sensors.adml
c:\windows\PolicyDefinitions\ru-RU\Setup.adml
c:\windows\PolicyDefinitions\ru-RU\ShapeCollector.adml
c:\windows\PolicyDefinitions\ru-RU\SharedFolders.adml
c:\windows\PolicyDefinitions\ru-RU\Sharing.adml
c:\windows\PolicyDefinitions\ru-RU\Shell-CommandPrompt-RegEditTools.adml
c:\windows\PolicyDefinitions\ru-RU\ShellWelcomeCenter.adml
c:\windows\PolicyDefinitions\ru-RU\Sidebar.adml
c:\windows\PolicyDefinitions\ru-RU\Sideshow.adml
c:\windows\PolicyDefinitions\ru-RU\Smartcard.adml
c:\windows\PolicyDefinitions\ru-RU\Snmp.adml
c:\windows\PolicyDefinitions\ru-RU\SoundRec.adml
c:\windows\PolicyDefinitions\ru-RU\StartMenu.adml
c:\windows\PolicyDefinitions\ru-RU\SystemResourceManager.adml
c:\windows\PolicyDefinitions\ru-RU\SystemRestore.adml
c:\windows\PolicyDefinitions\ru-RU\TabletPCInputPanel.adml
c:\windows\PolicyDefinitions\ru-RU\TabletShell.adml
c:\windows\PolicyDefinitions\ru-RU\Taskbar.adml
c:\windows\PolicyDefinitions\ru-RU\TaskScheduler.adml
c:\windows\PolicyDefinitions\ru-RU\tcpip.adml
c:\windows\PolicyDefinitions\ru-RU\TerminalServer-WinIP.adml
c:\windows\PolicyDefinitions\ru-RU\TerminalServer.adml
c:\windows\PolicyDefinitions\ru-RU\Thumbnails.adml
c:\windows\PolicyDefinitions\ru-RU\TouchInput.adml
c:\windows\PolicyDefinitions\ru-RU\TPM.adml
c:\windows\PolicyDefinitions\ru-RU\UserDataBackup.adml
c:\windows\PolicyDefinitions\ru-RU\UserProfiles.adml
c:\windows\PolicyDefinitions\ru-RU\VolumeEncryption.adml
c:\windows\PolicyDefinitions\ru-RU\W32Time.adml
c:\windows\PolicyDefinitions\ru-RU\WDI.adml
c:\windows\PolicyDefinitions\ru-RU\WinCal.adml
c:\windows\PolicyDefinitions\ru-RU\Windows.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsAnytimeUpgrade.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsBackup.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsColorSystem.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsConnectNow.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsDefender.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsExplorer.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsFileProtection.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsFirewall.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsMail.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsMediaDRM.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsMediaPlayer.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsMessenger.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsProducts.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsRemoteManagement.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsRemoteShell.adml
c:\windows\PolicyDefinitions\ru-RU\WindowsUpdate.adml
c:\windows\PolicyDefinitions\ru-RU\WinInit.adml
c:\windows\PolicyDefinitions\ru-RU\WinLogon.adml
c:\windows\PolicyDefinitions\ru-RU\Winsrv.adml
c:\windows\PolicyDefinitions\ru-RU\WordWheel.adml
c:\windows\PolicyDefinitions\Scripts.admx
c:\windows\PolicyDefinitions\sdiageng.admx
c:\windows\PolicyDefinitions\sdiagschd.admx
c:\windows\PolicyDefinitions\Search.admx
c:\windows\PolicyDefinitions\Securitycenter.admx
c:\windows\PolicyDefinitions\Sensors.admx
c:\windows\PolicyDefinitions\Setup.admx
c:\windows\PolicyDefinitions\ShapeCollector.admx
c:\windows\PolicyDefinitions\SharedFolders.admx
c:\windows\PolicyDefinitions\Sharing.admx
c:\windows\PolicyDefinitions\Shell-CommandPrompt-RegEditTools.admx
c:\windows\PolicyDefinitions\ShellWelcomeCenter.admx
c:\windows\PolicyDefinitions\Sidebar.admx
c:\windows\PolicyDefinitions\Sideshow.admx
c:\windows\PolicyDefinitions\Smartcard.admx
c:\windows\PolicyDefinitions\Snmp.admx
c:\windows\PolicyDefinitions\SoundRec.admx
c:\windows\PolicyDefinitions\StartMenu.admx
c:\windows\PolicyDefinitions\SystemResourceManager.admx
c:\windows\PolicyDefinitions\SystemRestore.admx
c:\windows\PolicyDefinitions\TabletPCInputPanel.admx
c:\windows\PolicyDefinitions\TabletShell.admx
c:\windows\PolicyDefinitions\Taskbar.admx
c:\windows\PolicyDefinitions\TaskScheduler.admx
c:\windows\PolicyDefinitions\tcpip.admx
c:\windows\PolicyDefinitions\Terminalserver-WinIP.admx
c:\windows\PolicyDefinitions\TerminalServer.admx
c:\windows\PolicyDefinitions\Thumbnails.admx
c:\windows\PolicyDefinitions\TouchInput.admx
c:\windows\PolicyDefinitions\TPM.admx
c:\windows\PolicyDefinitions\UserDataBackup.admx
c:\windows\PolicyDefinitions\UserProfiles.admx
c:\windows\PolicyDefinitions\VolumeEncryption.admx
c:\windows\PolicyDefinitions\W32Time.admx
c:\windows\PolicyDefinitions\WDI.admx
c:\windows\PolicyDefinitions\WinCal.admx
c:\windows\PolicyDefinitions\Windows.admx
c:\windows\PolicyDefinitions\WindowsAnytimeUpgrade.admx
c:\windows\PolicyDefinitions\WindowsBackup.admx
c:\windows\PolicyDefinitions\WindowsColorSystem.admx
c:\windows\PolicyDefinitions\WindowsConnectNow.admx
c:\windows\PolicyDefinitions\WindowsDefender.admx
c:\windows\PolicyDefinitions\WindowsExplorer.admx
c:\windows\PolicyDefinitions\WindowsFileProtection.admx
c:\windows\PolicyDefinitions\WindowsFirewall.admx
c:\windows\PolicyDefinitions\WindowsMail.admx
c:\windows\PolicyDefinitions\WindowsMediaDRM.admx
c:\windows\PolicyDefinitions\WindowsMediaPlayer.admx
c:\windows\PolicyDefinitions\WindowsMessenger.admx
c:\windows\PolicyDefinitions\WindowsProducts.admx
c:\windows\PolicyDefinitions\WindowsRemoteManagement.admx
c:\windows\PolicyDefinitions\WindowsRemoteShell.admx
c:\windows\PolicyDefinitions\WindowsUpdate.admx
c:\windows\PolicyDefinitions\WinInit.admx
c:\windows\PolicyDefinitions\WinLogon.admx
c:\windows\PolicyDefinitions\Winsrv.admx
c:\windows\PolicyDefinitions\WordWheel.admx
c:\windows\SysWow64\tmp3E1B.tmp
c:\windows\SysWow64\tmp6900.tmp
c:\windows\SysWow64\tmp6901.tmp
c:\windows\SysWow64\tmpD23.tmp
c:\windows\SysWow64\tmpD24.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-03-24 to 2013-04-24 )))))))))))))))))))))))))))))))
.
.
2013-04-24 17:40 . 2013-04-24 17:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-04-24 17:40 . 2013-04-24 17:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 16:38 . 2013-04-17 05:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{138C3E58-F56C-42C1-9112-1A9B0F2D232F}\mpengine.dll
2013-04-22 12:58 . 2013-04-22 12:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-22 12:58 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-22 12:55 . 2013-04-22 12:55 -------- d-----w- c:\users\DazzeR\AppData\Roaming\Malwarebytes
2013-04-22 12:53 . 2013-04-22 12:53 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 17:07 . 2013-02-21 10:14 19230208 ----a-w- c:\windows\system32\mshtml.dll
2013-04-10 17:06 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 17:06 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 17:06 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 17:06 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 17:06 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 17:06 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-10 17:06 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 17:06 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 17:06 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-06 20:55 . 2013-04-10 07:32 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2013-04-06 13:33 . 2013-04-06 13:33 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2013-04-06 13:32 . 2013-04-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2013-04-06 13:32 . 2013-04-06 13:32 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2013-04-06 13:32 . 2011-11-03 02:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2013-04-06 13:32 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2013-04-06 13:32 . 2011-10-17 02:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2013-04-06 13:32 . 2013-04-06 13:32 -------- d-----w- c:\program files (x86)\My Company Name
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-18 16:05 . 2012-03-31 08:38 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-18 16:05 . 2012-01-04 15:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 17:15 . 2011-12-31 16:11 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-12 00:10 . 2011-12-31 15:24 282744 ------w- c:\windows\system32\MpSigStub.exe
2013-02-25 23:32 . 2013-02-25 23:32 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2013-02-25 23:32 . 2012-10-10 21:22 2505144 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-02-25 23:32 . 2013-02-25 23:32 15129960 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-02-25 23:32 . 2013-02-25 23:32 6262608 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-02-25 23:32 . 2012-10-10 21:23 2826040 ----a-w- c:\windows\system32\nvapi64.dll
2013-02-25 23:32 . 2013-02-25 23:32 18055184 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-02-25 23:32 . 2012-10-10 21:23 1107440 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-02-25 23:32 . 2012-10-10 21:22 1814304 ----a-w- c:\windows\system32\nvdispco64.dll
2013-02-25 23:32 . 2013-02-25 23:32 958120 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2013-02-25 23:32 . 2013-02-25 23:32 420128 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2013-02-25 23:32 . 2013-02-25 23:32 2720544 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32 26929440 ----a-w- c:\windows\system32\nvoglv64.dll
2013-02-25 23:32 . 2013-02-25 23:32 7932256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-02-25 23:32 . 2013-02-25 23:32 2346784 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-02-25 23:32 . 2013-02-25 23:32 11036448 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 23:32 . 2012-10-10 21:23 1510176 ----a-w- c:\windows\system32\nvdispgenco64.dll
2013-02-25 23:32 . 2012-02-21 17:56 245872 ----a-w- c:\windows\system32\nvinitx.dll
2013-02-25 23:32 . 2013-02-25 23:32 364832 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2013-02-25 23:32 . 2013-02-25 23:32 2904352 ----a-w- c:\windows\system32\nvcuvid.dll
2013-02-25 23:32 . 2013-02-25 23:32 20449056 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-02-25 23:32 . 2012-10-10 21:23 15053264 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-02-25 23:32 . 2013-02-25 23:32 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-02-25 23:32 . 2013-02-25 23:32 7564040 ----a-w- c:\windows\system32\nvopencl.dll
2013-02-25 23:32 . 2013-02-25 23:32 1985824 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 23:32 . 2013-02-25 23:32 12641992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 23:32 . 2013-02-25 23:32 9390760 ----a-w- c:\windows\system32\nvcuda.dll
2013-02-25 23:32 . 2012-02-21 17:56 201576 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-02-12 05:45 . 2013-03-14 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 18:03 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:06 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2012-01-24 13:50 . 2012-03-03 11:24 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\idman.exe" [2011-11-14 3437976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Lachesis"="c:\program files (x86)\Razer\Lachesis\razerhid.exe" [2009-11-10 248320]
"Tarantula"="c:\program files (x86)\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2012-08-09 2589184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-03-07 1431888]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-10-12 50072]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2010-12-02 31744]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [2012-03-10 15168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2009-10-16 29952]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-31 1255736]
R3 X6va005;X6va005;c:\users\DazzeR\AppData\Local\Temp\0059EDA.tmp [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-30 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-01-24 147472]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-01-27 148104]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2012-01-24 168864]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2007-04-11 49664]
S4 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 16:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 22408 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://
www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\DazzeR\AppData\Roaming\Mozilla\Firefox\Profiles\5f9olnpu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://
www.gigabase.ru/search?clid=1&q=
FF - prefs.js: browser.startup.homepage - hxxp://kurs.ru/index0.html
FF - prefs.js: keyword.URL - hxxp://
www.gigabase.ru/search?clid=1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: browser.search.defaulturl - hxxp://
www.gigabase.ru/search?clid=1&q=
FF - user.js: keyword.URL - hxxp://
www.gigabase.ru/search?clid=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pb.exe
AddRemove-{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF} - c:\program files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\DazzeR\AppData\Local\Temp\0059EDA.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3715227450-2988077214-2212603031-1000\Software\SecuROM\License information*]
"datasecu"=hex:64,30,0f,44,01,bd,b0,ab,2c,7e,fb,92,88,3e,e5,d5,af,c7,b6,33,00,
cf,2f,f4,20,e5,e2,66,36,ae,01,19,d0,50,e1,57,77,81,20,9c,ae,43,00,c1,94,e1,\
"rkeysecu"=hex:04,50,c5,8e,2a,1c,e1,ef,21,2c,16,65,c1,84,a3,40
.
[HKEY_USERS\S-1-5-21-3715227450-2988077214-2212603031-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):d6,31,f3,9f,35,d3,96,7c,bf,95,f8,be,bd,d5,5e,f4,06,54,49,b8,48,
71,36,fb,c2,20,02,d8,c1,5f,cc,be,cb,eb,bb,dc,9e,4e,72,37,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3715227450-2988077214-2212603031-1000_Classes\Wow6432Node\CLSID\{9bffd9f2-1da3-49f4-a6e3-f87d8486d2c3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000005e
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-24 18:42:01
ComboFix-quarantined-files.txt 2013-04-24 17:42
.
Pre-Run: 56,343,097,344 bytes free
Post-Run: 56,420,536,320 bytes free
.
- - End Of File - - 01B7A8059A3C9FABB4DB7B79474C14CD