Finally got it
ComboFix 12-01-03.08 - Nicole 01/04/2012 4:04.5.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.4047 [GMT -6:00]
Running from: c:\users\Nicole\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
.
.
2012-01-04 10:40 . 2012-01-04 10:52 -------- d-----w- c:\users\Nicole\AppData\Local\temp
2012-01-04 10:40 . 2012-01-04 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 09:05 . 2012-01-04 09:05 -------- d-----w- C:\f57976069260d26b1cae261f45ca
2012-01-04 08:23 . 2012-01-04 08:23 -------- d-----w- C:\6c3d4801ac2b96a6b866387472
2012-01-04 06:12 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-04 06:12 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-04 06:12 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-04 06:12 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-04 06:12 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-04 06:12 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-04 06:11 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-04 06:11 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-03 20:23 . 2012-01-03 20:23 -------- d-----w- c:\windows\system32\Macromed
2012-01-03 18:10 . 2012-01-03 18:10 -------- d-----w- C:\eb99211563fb9e909585b8ec
2012-01-02 22:32 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-02 22:30 . 2012-01-04 06:11 -------- d-----w- c:\programdata\AVAST Software
2012-01-02 22:30 . 2012-01-02 22:30 -------- d-----w- c:\program files\AVAST Software
2012-01-02 20:27 . 2012-01-02 20:27 -------- d-----w- C:\bd07de0ba843d8a2ccea7ad2771d
2012-01-02 05:45 . 2012-01-02 23:55 -------- d-----w- c:\programdata\Lavasoft
2012-01-02 05:45 . 2012-01-02 05:45 -------- d-----w- c:\users\Nicole\AppData\Roaming\SUPERAntiSpyware.com
2012-01-02 05:44 . 2012-01-02 20:15 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-01-02 05:44 . 2012-01-02 05:44 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-01-02 04:47 . 2012-01-02 04:47 -------- d-----w- C:\a8bdd53a4f3715258e
2012-01-02 03:29 . 2012-01-02 03:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-02 03:29 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\users\Nicole\AppData\Roaming\Malwarebytes
2012-01-02 03:24 . 2012-01-02 03:24 -------- d-----w- c:\programdata\Malwarebytes
2011-12-15 21:48 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 21:48 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 21:48 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-15 21:48 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 21:48 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 21:48 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-15 21:48 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-14 04:13 . 2011-12-14 04:14 -------- d-----w- c:\users\Nicole\AppData\Roaming\Apple Computer
2011-12-14 04:13 . 2011-12-14 04:13 -------- d-----w- c:\users\Nicole\AppData\Local\Apple Computer
2011-12-14 04:12 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-14 04:12 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-14 04:12 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-14 04:12 . 2012-01-02 23:55 -------- dc----w- c:\windows\system32\DRVSTORE
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\program files\iPod
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files\iTunes
2011-12-14 04:11 . 2011-12-14 04:12 -------- d-----w- c:\program files (x86)\iTunes
2011-12-14 04:11 . 2011-12-14 04:11 -------- d-----w- c:\programdata\Apple Computer
2011-12-14 04:10 . 2011-12-14 04:10 -------- d-----w- c:\users\Nicole\AppData\Local\Apple
2011-12-14 04:09 . 2011-12-14 04:09 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Common Files\Apple
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files\Bonjour
2011-12-14 04:07 . 2011-12-14 04:07 -------- d-----w- c:\program files (x86)\Bonjour
2011-12-14 04:06 . 2011-12-14 04:11 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-12-14 04:06 . 2011-12-14 04:09 -------- d-----w- c:\programdata\Apple
2011-12-11 14:36 . 2011-12-11 14:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-04 10:49 . 2012-01-04 08:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\offreg.dll
2012-01-04 08:15 . 2011-04-30 16:28 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-01-03 20:23 . 2011-07-14 15:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-30 08:21 . 2012-01-03 07:39 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C8188447-2391-4DCE-9261-016B9351D326}\mpengine.dll
2011-11-15 20:29 . 2011-01-17 07:35 270720 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-04_05.38.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2012-01-04 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-04 04:22 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-04 10:50 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-04 08:55 45626 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-04 10:51 71170 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-01-04 08:19 . 2011-12-27 02:51 43280 c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2012-01-04 08:19 . 2011-12-27 02:51 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2012-01-04 08:22 . 2012-01-04 08:22 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-17 09:02 . 2011-12-17 09:02 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-12-17 09:02 . 2011-12-17 09:02 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2012-01-04 08:23 . 2012-01-04 08:23 35600 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 09:03 . 2010-09-23 09:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-09-23 08:52 . 2010-09-23 08:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-23 00:12 . 2010-09-23 00:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002159FA0090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2009-02-26 19:06 . 2009-02-26 19:06 16712 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBPROXY.DLL
+ 2009-02-26 19:06 . 2009-02-26 19:06 68488 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\PXBCOM.EXE
+ 2012-01-04 10:13 . 2012-01-04 10:13 54784 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\32988c989fec0b0a6ea7420b687847f0\System.Web.DynamicData.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\45904e3cf3a3043ade103996f8a89a5b\System.Web.DynamicData.Design.ni.dll
+ 2011-01-17 04:22 . 2012-01-04 10:51 8828 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1475235829-1360834442-158596274-1000_UserData.bin
- 2012-01-04 05:36 . 2012-01-04 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-04 05:36 . 2012-01-04 05:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-04 08:53 . 2012-01-04 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 12:46 . 2012-01-04 07:52 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-04 04:28 640620 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-04 04:28 118872 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2012-01-04 07:52 118872 c:\windows\system32\perfc009.dat
+ 2011-04-16 08:26 . 2012-01-04 08:52 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-16 08:26 . 2012-01-04 05:35 318768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-04 08:19 . 2011-12-27 02:51 744720 c:\windows\Microsoft.NET\Framework64\v2.0.50727\webengine.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2012-01-04 08:09 . 2012-01-04 08:09 488448 c:\windows\Installer\175833.msi
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-23 00:10 . 2010-09-23 00:10 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\nppdf32.dll
+ 2010-09-11 00:17 . 2010-09-11 00:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 02:41 . 2010-09-23 02:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-23 10:47 . 2010-09-23 10:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-23 00:04 . 2010-09-23 00:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 01:39 . 2010-09-23 01:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-21 05:07 . 2010-09-21 05:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2010-09-23 00:50 . 2010-09-23 00:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2012-01-04 10:13 . 2012-01-04 10:13 187392 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Routing\305bff6f5396544a7bfc56e84bfa1e87\System.Web.Routing.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 449536 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity\0e0a0efe9ab9642700a8f57a4edbe976\System.Web.Entity.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 398848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Entity.D#\d5d13f24e51a4fa41be09b8d2241f600\System.Web.Entity.Design.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 754176 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\86f7d8a68c51823d89921f55ff7e2603\System.Web.DynamicData.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 204800 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Abstract#\40994da02056e19475c5958f64195807\System.Web.Abstractions.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 438784 c:\windows\assembly\NativeImages_v2.0.50727_64\ServiceModelReg\6ba06b090714e51e8a92499ade057045\ServiceModelReg.ni.exe
+ 2012-01-04 10:31 . 2012-01-04 10:31 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\1d3da9468a4b3eaf6e2ea9def503d888\System.Web.Routing.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\dba78af9f778d38117fe4ccf5f4c76f7\System.Web.Extensions.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\fcd6fda81cab3ace8b9d77887a01e892\System.Web.Entity.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\337de84cce8fc2bcbbf7900132abbc2f\System.Web.Entity.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\d8313ac5d702f0ffc0e77ea9d945cfd2\System.Web.DynamicData.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\0de7bfc89e883f66f872c1158e06d5cb\System.Web.Abstractions.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\c60afe58108cefe6b558996f0d9a1c11\System.Data.Entity.Design.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\050c7465e7222cdab000294af3131403\ServiceModelReg.ni.exe
+ 2012-01-04 08:19 . 2011-12-27 02:51 5259264 c:\windows\Microsoft.NET\Framework64\v2.0.50727\System.Web.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5251072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\1ffe6.msp
+ 2011-12-13 07:10 . 2011-12-13 07:10 4703232 c:\windows\Installer\1ffe5.msp
+ 2011-12-25 11:48 . 2011-12-25 11:48 1505792 c:\windows\Installer\17583b.msp
+ 2010-09-23 00:05 . 2010-09-23 00:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-09-16 09:08 . 2010-09-16 09:08 6210560 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\authplay.dll
+ 2010-06-19 23:51 . 2010-06-19 23:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2011-07-07 08:58 . 2011-07-07 08:58 1616240 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OGL.DLL
+ 2011-08-03 06:14 . 2011-08-03 06:14 8579448 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\OARTCONV.DLL
+ 2012-01-04 10:13 . 2012-01-04 10:13 1754112 c:\windows\assembly\NativeImages_v2.0.50727_64\System.WorkflowServ#\4223600dc6133441b1898abaf12031ca\System.WorkflowServices.ni.dll
+ 2012-01-04 08:27 . 2012-01-04 08:27 2702848 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Run#\afbeeaf9c41f39886704cbf181b1feb2\System.Workflow.Runtime.ni.dll
+ 2012-01-04 08:27 . 2012-01-04 08:27 5956608 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Com#\ac5a3688b743358aa5b24b9efd971d9d\System.Workflow.ComponentModel.ni.dll
+ 2012-01-04 08:26 . 2012-01-04 08:26 3893248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Workflow.Act#\007c8c2f4141fd472da7d3558efba598\System.Workflow.Activities.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 2291712 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Services\f3222dbcdeebd53ee1c3f88c9ebf6c94\System.Web.Services.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 3335680 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Mobile\525e8846136415d472c2e7ba482ccd54\System.Web.Mobile.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1154560 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\cedfd9b90274b017d11ed50abe8634e8\System.Web.Extensions.Design.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 3046912 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.Extensio#\c0d2bc2e2357ed023b85d18b96e21d60\System.Web.Extensions.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 2239488 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel#\cb5200c2d67ebf37333bdd57a06e7a11\System.ServiceModel.Web.ni.dll
+ 2012-01-04 10:10 . 2012-01-04 10:10 1022464 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\a0a442c47ac0b846bb886aa405a10138\System.Runtime.Remoting.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 1428992 c:\windows\assembly\NativeImages_v2.0.50727_64\System.IdentityModel\74f5ddf803f50c428293fe6115d6eea7\System.IdentityModel.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1845248 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Services\3a35cfdccde13bc82cad2d185cbf499b\System.Data.Services.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 1078272 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Data.Entity.#\31ea0ae493a84f5f9fdb53ac2ea0ef5e\System.Data.Entity.Design.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 7836672 c:\windows\assembly\NativeImages_v2.0.50727_64\MIGUIControls\6029a4ca1be3d971d470eb2c1ff627e0\MIGUIControls.ni.dll
+ 2012-01-04 10:13 . 2012-01-04 10:13 2173952 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.VisualBas#\7fe40682a4f2f30ddb25da3a8796d282\Microsoft.VisualBasic.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 2101248 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\23408f67b7fddc32d03fa6d8deeafcd7\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 7721472 c:\windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\3894a5164ae656639bed7f6270f97182\Microsoft.MediaCenter.UI.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1316864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\32a67054a82cf24c011e116e94d11864\System.WorkflowServices.ni.dll
+ 2012-01-04 08:25 . 2012-01-04 08:25 1911296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\8bfc3619e3848592a4924cba58a00459\System.Workflow.Runtime.ni.dll
+ 2012-01-04 08:25 . 2012-01-04 08:25 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\3721ccdfdca60443a32ca9f8a937f315\System.Workflow.ComponentModel.ni.dll
+ 2012-01-04 08:24 . 2012-01-04 08:24 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\79e0fe6c014999d64e7cf9717624013f\System.Workflow.Activities.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\2cf510e07b605923c496b1ae3c31335f\System.Web.Services.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\800af0d5c4bcd9b600a229050b22d6bd\System.Web.Mobile.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c759aa20f1f012c1dc5dd7076d0816f7\System.Web.Extensions.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1651200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\3c93a9b25482a56053eb509a58860dbf\System.ServiceModel.Web.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\6a1e2938633d08d9d97c6940a537b1ff\System.IdentityModel.ni.dll
+ 2012-01-04 10:31 . 2012-01-04 10:31 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\d75b561b3c22f68af985785352660022\System.Data.Services.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 6340096 c:\windows\assembly\NativeImages_v2.0.50727_32\MIGUIControls\6e0b0d4d67c760e1e2f6cfd7cd6a8492\MIGUIControls.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1711616 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 1609728 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\3732b9e409000beda05e878d02da1813\Microsoft.PowerShell.Commands.Utility.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 5486080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\bb28192d6fcdca44077406c2bf1ad37c\Microsoft.MediaCenter.UI.ni.dll
- 2011-01-20 09:04 . 2011-01-20 09:04 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-04 08:11 . 2012-01-04 08:11 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5259264 c:\windows\assembly\GAC_64\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-01-04 08:19 . 2011-12-27 02:51 5251072 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2006-11-02 12:33 . 2012-01-04 08:10 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 12:33 . 2012-01-02 06:28 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:35 . 2012-01-04 08:12 54867776 c:\windows\system32\mrt.exe
+ 2011-04-16 08:26 . 2012-01-04 08:52 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
- 2011-04-16 08:26 . 2012-01-04 05:35 50188182 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1475235829-1360834442-158596274-1000-8192.dat
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\bb6e7.msp
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\bb6e0.msp
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\1ffe8.msp
+ 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\1ffe7.msp
+ 2011-03-04 19:28 . 2011-03-04 19:28 23081472 c:\windows\Installer\175875.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 38176256 c:\windows\Installer\175873.msp
+ 2011-09-16 00:37 . 2011-09-16 00:37 37148160 c:\windows\Installer\175857.msp
+ 2010-09-23 09:03 . 2010-09-23 09:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
+ 2011-08-04 01:53 . 2011-08-04 01:53 17324928 c:\windows\Installer\$PatchCache$\Managed\00002109020090400000000000F01FEC\12.0.6612\MSO.DLL
- 2012-01-02 21:25 . 2012-01-02 21:25 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2012-01-04 10:47 . 2012-01-04 10:47 19348992 c:\windows\assembly\NativeImages_v4.0.30319_64\mscorlib\e0e5fbe72e8813a135fc878ff32b4bee\mscorlib.ni.dll
+ 2012-01-04 10:10 . 2012-01-04 10:11 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFB8E.tmp\System.Web.dll
+ 2012-01-04 10:11 . 2012-01-04 10:12 15245824 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web\0a2ea7a9a9d9fd9ae47468adbdee2e05\System.Web.ni.dll
+ 2012-01-04 10:11 . 2012-01-04 10:11 23813632 c:\windows\assembly\NativeImages_v2.0.50727_64\System.ServiceModel\efc60b11b649ed506c64172b3373f936\System.ServiceModel.ni.dll
+ 2012-01-04 08:26 . 2012-01-04 08:26 13718528 c:\windows\assembly\NativeImages_v2.0.50727_64\System.Design\c41b930b44ddfaef2faf314f690bb35e\System.Design.ni.dll
+ 2012-01-04 10:12 . 2012-01-04 10:12 15825920 c:\windows\assembly\NativeImages_v2.0.50727_64\ehshell\b8a06c151452395f513aaa5d730fb5a4\ehshell.ni.dll
+ 2012-01-04 10:29 . 2012-01-04 10:29 11820032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll
+ 2012-01-04 10:30 . 2012-01-04 10:30 17404416 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\a2046fbb45b00425d083cc8706b75479\System.ServiceModel.ni.dll
+ 2012-01-04 08:23 . 2012-01-04 08:23 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\30a87086e78b69d17416bfb74aab355f\System.Design.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-27 39408]
"ChromeFrameHelper"="c:\users\Nicole\AppData\Local\Google\Chrome\Application\17.0.963.12\chrome_frame_helper.exe" [2011-12-15 97336]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-02 5486464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-lsf?lic=OUxTRlJFRS1WUFVaNy1HMkNNWC1SWFBXQS1QM05aSC05RDIwQy0zN1RT&inst=NzctMTE1MjE5NzEwOC1GTDEwKzEtVFVHKzMtU1VQKzQtRERUKzMzMjEtU1AxUzQrMS1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyQU4rMy1GMTBNMTJBKzEtRjEwTTEyQUIrMS1VMTArMS1GMTBNMTJBVEIrMS1GMTBNMTJCKzEtRjEwVEIrMi1TVDEwVEJGKzE&prod=55&ver=10.0.1416" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-23 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-27 20:39]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000Core.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475235829-1360834442-158596274-1000UA.job
- c:\users\Nicole\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-16 03:49]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 65143a21-13aa-46f3-b1d5-8cc007e9fa70.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-01-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 97af640e-5bc6-4fab-933b-0b45caf62a54.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\3x9vtm12.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage -
www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?src_id=30305&client_id=1868eed49cc815d83f5c97b8&camp_id=3534&install_time=2012-01-02T06:15Z&pr=auto&tb_version=1.0.14000(G)&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{9565115d-c7d6-46d3-bd63-b67b481a4368} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1475235829-1360834442-158596274-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{39B5EDF8-6943-63A2-E761-309780A92C92}*]
"haikbfdjheonepap"=hex:6b,61,6e,70,62,63,6a,6b,61,6d,63,6b,6a,67,6a,69,68,6c,
6d,63,61,6e,00,00
"iacklbokghlgbnjplp"=hex:6a,61,6f,70,63,63,61,65,66,69,68,6e,6c,61,6c,6d,6a,61,
68,64,00,00
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2012-01-04 05:29:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-04 11:29
.
Pre-Run: 408,256,532,480 bytes free
Post-Run: 410,406,588,416 bytes free
.
- - End Of File - - 41A99943E5636D3F5895242BE29055C5