I can't remove Win.AutoRun.tmp; Freezing Up Taskbar and Not Opening Startup Programs

**ken545** · 2011-01-20, 02:21

Great, how are things running now ?

**iistheb0mbs** · 2011-01-20, 12:40

Unfortunately, still the same. :(

**ken545** · 2011-01-20, 12:46

Lets check for a rootkit

Scan With RootKitUnHooker

Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1
Link 2
Link 3
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

**iistheb0mbs** · 2011-01-20, 13:39

I can't seem to open the program. It shows "Error loading driver, NTSTATUS code: 0xC000035F"

**ken545** · 2011-01-20, 13:43

OK, try this one instead

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
  
  Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

**iistheb0mbs** · 2011-01-21, 02:01

Hmm.. For some reason, a bunch of the boxes are grayed out so I can't click on them. Should I system restore my computer so I can do these tests (and also print out some stuff, since I can't use the printer on safe mode)?

**ken545** · 2011-01-21, 02:34

Lets try this, you can try this program first in normal windows and if it wont run try safemode

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**iistheb0mbs** · 2011-01-23, 04:57

Hi, the log is attached.

ComboFix 11-01-22.02 - Owner 01/22/2011 19:45:33.1.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1699 [GMT -8:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\_@233.tmp
c:\users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A71E6569-AD16-4EE3-A0EB-C6A78B2464EC}.xps

.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 03:53 . 2011-01-23 03:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 10:08 . 2011-01-21 10:08 -------- d-----w- c:\users\Owner\AppData\Local\Evernote
2011-01-21 09:36 . 2011-01-21 09:36 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2011-01-20 12:39 . 2011-01-21 13:16 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-19 23:36 . 2011-01-19 23:36 -------- d-----w- c:\program files (x86)\ESET
2011-01-19 10:34 . 2011-01-20 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2011-01-18 23:59 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-18 23:58 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 22:55 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 14:56 . 2010-08-19 16:59 7752528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7762997A-4DBA-4A3A-ABC3-65CFE31E37BD}\mpengine.dll
2011-01-14 00:29 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-10 02:29 . 2011-01-12 15:29 -------- d-----w- c:\program files (x86)\Lame For Audacity
2011-01-10 02:07 . 2011-01-12 15:29 -------- d-----w- c:\program files (x86)\Audacity
2011-01-06 09:34 . 2011-01-06 09:34 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-01-06 09:34 . 2011-01-06 09:34 -------- d-----w- c:\programdata\Malwarebytes
2011-01-06 09:34 . 2011-01-19 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-05 13:14 . 2011-01-05 13:14 -------- d-----w- c:\programdata\p2vcopy
2011-01-05 13:13 . 2011-01-05 13:13 -------- d-----w- c:\programdata\explauncher
2011-01-05 13:13 . 2011-01-05 13:13 -------- d-----w- c:\programdata\launcher
2011-01-05 12:06 . 2011-01-05 12:06 -------- d-----w- c:\program files (x86)\Paragon Software
2011-01-03 23:38 . 2011-01-03 23:38 -------- d-----w- c:\users\Owner\Zero G Registry
2011-01-02 22:35 . 2011-01-02 22:35 -------- d-----w- c:\program files (x86)\Power Tab Software
2011-01-02 20:08 . 2011-01-03 23:35 -------- d-----w- c:\program files (x86)\Write Brothers, Inc
2011-01-02 05:15 . 2011-01-03 00:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Newnovelist 2
2011-01-02 00:26 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-02 00:26 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-02 00:26 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-02 00:26 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-02 00:25 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-02 00:25 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-02 00:25 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-02 00:16 . 2011-01-02 00:17 -------- d-----w- c:\program files\QuickPlot
2011-01-01 23:50 . 2011-01-01 23:50 -------- d-----w- c:\program files\Character Pro 5
2011-01-01 05:51 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\Creativity Software
2011-01-01 05:51 . 1997-12-18 02:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-01-01 05:50 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\WriteItNow3
2011-01-01 05:45 . 2011-01-02 00:21 -------- d--h--w- c:\program files (x86)\Zero G Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 19:13 . 2010-12-15 12:35 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71ITA.DLL
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71ESP.DLL
2010-10-25 23:13 . 2010-10-25 23:13 54680 ----a-w- c:\windows\SysWow64\MFC71KOR.DLL
2010-10-25 23:13 . 2010-10-25 23:13 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2010-10-25 23:13 . 2010-10-25 23:13 94608 ----a-w- c:\windows\SysWow64\atl71.dll
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71FRA.DLL
2010-10-25 23:13 . 2010-10-25 23:13 62872 ----a-w- c:\windows\SysWow64\MFC71ENU.DLL
2010-10-25 23:13 . 2010-10-25 23:13 50584 ----a-w- c:\windows\SysWow64\MFC71CHT.DLL
2010-10-25 23:13 . 2010-10-25 23:13 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 23:13 . 2010-10-25 23:13 1066384 ----a-w- c:\windows\SysWow64\mfc71.dll
2010-10-25 23:13 . 2010-10-25 23:13 1053072 ----a-w- c:\windows\SysWow64\mfc71u.dll
2010-10-25 23:13 . 2010-10-25 23:13 71064 ----a-w- c:\windows\SysWow64\MFC71DEU.DLL
2010-10-25 23:13 . 2010-10-25 23:13 54680 ----a-w- c:\windows\SysWow64\MFC71JPN.DLL
2010-10-25 23:13 . 2010-10-25 23:13 46488 ----a-w- c:\windows\SysWow64\MFC71CHS.DLL
.

------- Sigcheck -------

[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.20563] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . E4C3AB6FA91CDDF29032BCB95ED5DE2D . 2387456 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16450] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.20563] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[-] 2009-10-31 . A6E057A26A87ECEF19D56CDB1C344BDC . 2614272 . . [6.1.7600.16385] . . c:\windows\SysWOW64\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16450] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.20500] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16404] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] . . c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2009-08-05 33280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"bLend"="c:\users\Owner\DOCUME~1\Programs\bLend.exe" [2010-09-11 93853]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2010-05-11 217552]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2010-03-12 696568]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"F.lux"="c:\users\Owner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 15144328]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files (x86)\ac'tivAid\ac'tivAid.ahk [2008-6-5 495612]
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
GumNotes.lnk - c:\users\Owner\AppData\Roaming\Microsoft\Installer\{6C14E249-9989-44F7-8E14-3E7EB9553465}\_0A1130948F6803DA29D04C.exe [2010-11-17 75614]
VirtuaWin.lnk - c:\program files (x86)\VirtuaWin\VirtuaWin.exe [2010-9-12 135680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-30 1207312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 199112]
R1 aswSP;aswSP; [x]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/04 13:53];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1708800]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
R3 Normandy;Normandy SR2; [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-03-10 86120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-09-22 330784]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 51600]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-05-20 716288]

.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-HP_M9040N-Owner.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 23:04]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920555825-720420373-4135315581-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 22:02]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920555825-720420373-4135315581-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 22:02]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-04 8060960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with mediAvatar YouTube to MP3 Converter - c:\program files (x86)\mediAvatar\YouTube to MP3 Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06r9e6dp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sphstigers.org
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-fsm - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-22 19:55:58
ComboFix-quarantined-files.txt 2011-01-23 03:55

Pre-Run: 144,871,272,448 bytes free
Post-Run: 144,502,353,920 bytes free

- - End Of File - - 3F46A6F3D17D6B099DA4DE8E8EB0B96E

**ken545** · 2011-01-23, 12:16

Hi,

Copy and paste the logs we ask for in lew of attaching them , its easier for these old eyes to analyze .

Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Fcopy::

Code:

Fcopy::
c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe | c:\windows\explorer.exe

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

**iistheb0mbs** · 2011-01-23, 19:59

Hi, here's the second log:

ComboFix 11-01-22.03 - Owner 01/23/2011 10:46:32.2.2 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3071.1465 [GMT -8:00]
Running from: c:\users\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-12-23 to 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 18:55 . 2011-01-23 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 18:00 . 2011-01-23 18:00 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2011-01-21 10:08 . 2011-01-21 10:08 -------- d-----w- c:\users\Owner\AppData\Local\Evernote
2011-01-21 09:36 . 2011-01-21 09:36 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2011-01-20 12:39 . 2011-01-21 13:16 34560 ----a-w- c:\windows\SysWow64\drivers\Normandy.sys
2011-01-19 23:36 . 2011-01-19 23:36 -------- d-----w- c:\program files (x86)\ESET
2011-01-19 10:34 . 2011-01-20 00:31 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2011-01-18 23:59 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-18 23:58 . 2010-12-21 02:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-18 22:55 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-18 14:56 . 2010-08-19 16:59 7752528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7762997A-4DBA-4A3A-ABC3-65CFE31E37BD}\mpengine.dll
2011-01-14 00:29 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\ERUNT
2011-01-10 02:29 . 2011-01-12 15:29 -------- d-----w- c:\program files (x86)\Lame For Audacity
2011-01-10 02:07 . 2011-01-12 15:29 -------- d-----w- c:\program files (x86)\Audacity
2011-01-06 09:34 . 2011-01-06 09:34 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-01-06 09:34 . 2011-01-06 09:34 -------- d-----w- c:\programdata\Malwarebytes
2011-01-06 09:34 . 2011-01-19 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-05 13:14 . 2011-01-05 13:14 -------- d-----w- c:\programdata\p2vcopy
2011-01-05 13:13 . 2011-01-05 13:13 -------- d-----w- c:\programdata\explauncher
2011-01-05 13:13 . 2011-01-05 13:13 -------- d-----w- c:\programdata\launcher
2011-01-05 12:06 . 2011-01-05 12:06 -------- d-----w- c:\program files (x86)\Paragon Software
2011-01-03 23:38 . 2011-01-03 23:38 -------- d-----w- c:\users\Owner\Zero G Registry
2011-01-02 22:35 . 2011-01-02 22:35 -------- d-----w- c:\program files (x86)\Power Tab Software
2011-01-02 20:08 . 2011-01-03 23:35 -------- d-----w- c:\program files (x86)\Write Brothers, Inc
2011-01-02 05:15 . 2011-01-03 00:52 -------- d-----w- c:\users\Owner\AppData\Roaming\Newnovelist 2
2011-01-02 00:26 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-02 00:26 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-02 00:26 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-02 00:26 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-02 00:25 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-02 00:25 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-02 00:25 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-02 00:16 . 2011-01-02 00:17 -------- d-----w- c:\program files\QuickPlot
2011-01-01 23:50 . 2011-01-01 23:50 -------- d-----w- c:\program files\Character Pro 5
2011-01-01 05:51 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\Creativity Software
2011-01-01 05:51 . 1997-12-18 02:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-01-01 05:50 . 2011-01-18 14:46 -------- d-----w- c:\program files (x86)\WriteItNow3
2011-01-01 05:45 . 2011-01-02 00:21 -------- d--h--w- c:\program files (x86)\Zero G Registry

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-13 19:13 . 2010-12-15 12:35 73728 ----a-w- c:\windows\SysWow64\TOverlay.ax
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\SysWow64\GPhotos.scr
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71ITA.DLL
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71ESP.DLL
2010-10-25 23:13 . 2010-10-25 23:13 54680 ----a-w- c:\windows\SysWow64\MFC71KOR.DLL
2010-10-25 23:13 . 2010-10-25 23:13 53656 ----a-w- c:\windows\system32\AdobePDF.dll
2010-10-25 23:13 . 2010-10-25 23:13 94608 ----a-w- c:\windows\SysWow64\atl71.dll
2010-10-25 23:13 . 2010-10-25 23:13 66968 ----a-w- c:\windows\SysWow64\MFC71FRA.DLL
2010-10-25 23:13 . 2010-10-25 23:13 62872 ----a-w- c:\windows\SysWow64\MFC71ENU.DLL
2010-10-25 23:13 . 2010-10-25 23:13 50584 ----a-w- c:\windows\SysWow64\MFC71CHT.DLL
2010-10-25 23:13 . 2010-10-25 23:13 24984 ----a-w- c:\windows\system32\AdobePDFUI.dll
2010-10-25 23:13 . 2010-10-25 23:13 1066384 ----a-w- c:\windows\SysWow64\mfc71.dll
2010-10-25 23:13 . 2010-10-25 23:13 1053072 ----a-w- c:\windows\SysWow64\mfc71u.dll
2010-10-25 23:13 . 2010-10-25 23:13 71064 ----a-w- c:\windows\SysWow64\MFC71DEU.DLL
2010-10-25 23:13 . 2010-10-25 23:13 54680 ----a-w- c:\windows\SysWow64\MFC71JPN.DLL
2010-10-25 23:13 . 2010-10-25 23:13 46488 ----a-w- c:\windows\SysWow64\MFC71CHS.DLL
.

((((((((((((((((((((((((((((( SnapShot@2011-01-23_03.53.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-01-23 17:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-23 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-23 01:59 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-23 17:26 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-23 01:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-23 17:26 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2011-01-23 17:28 46570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-23 02:00 46570 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-03 19:40 . 2011-01-23 17:28 15574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2920555825-720420373-4135315581-1000_UserData.bin
- 2010-09-03 19:40 . 2011-01-23 02:00 15574 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2920555825-720420373-4135315581-1000_UserData.bin
+ 2011-01-23 17:16 . 2011-01-23 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-23 01:56 . 2011-01-23 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-23 17:16 . 2011-01-23 17:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-01-23 01:56 . 2011-01-23 02:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-01-23 02:09 662484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-23 17:44 662484 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-01-23 17:44 121352 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-01-23 02:09 121352 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-09-11 136176]
"$Volumouse$"="c:\program files (x86)\NirSoft\Volumouse\volumouse.exe" [2009-08-05 33280]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"bLend"="c:\users\Owner\DOCUME~1\Programs\bLend.exe" [2010-09-11 93853]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2010-05-11 217552]
"WizMouse"="c:\program files (x86)\WizMouse\WizMouse.exe" [2010-03-12 696568]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-23 222496]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"F.lux"="c:\users\Owner\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-10-25 932288]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 15144328]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ac'tivAid.lnk - c:\program files (x86)\ac'tivAid\ac'tivAid.ahk [2008-6-5 495612]
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-12-16 23343848]
GumNotes.lnk - c:\users\Owner\AppData\Roaming\Microsoft\Installer\{6C14E249-9989-44F7-8E14-3E7EB9553465}\_0A1130948F6803DA29D04C.exe [2010-11-17 75614]
VirtuaWin.lnk - c:\program files (x86)\VirtuaWin\VirtuaWin.exe [2010-9-12 135680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-30 1207312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
Ime File REG_SZ SOGOUPY.IME

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R0 PCGenFAM;PCGenFAM;c:\windows\system32\DRIVERS\PCGenFAM.sys [2010-09-22 199112]
R1 aswSP;aswSP; [x]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/09/04 13:53];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-23 296808]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-08-19 90112]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-02-13 411136]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-07-15 1708800]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544]
R3 Normandy;Normandy SR2; [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-03-10 86120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-03 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 27736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2010-09-22 330784]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-08 51600]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2009-05-20 716288]

.
Contents of the 'Scheduled Tasks' folder

2011-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-HP_M9040N-Owner.job
- c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-16 23:04]

2011-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920555825-720420373-4135315581-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 22:02]

2011-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2920555825-720420373-4135315581-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-11 22:02]
.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-04 8060960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files (x86)\Evernote\Evernote3.5\enbar.dll/2000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with mediAvatar YouTube to MP3 Converter - c:\program files (x86)\mediAvatar\YouTube to MP3 Converter\upod_link.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06r9e6dp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.sphstigers.org
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-23 10:57:57
ComboFix-quarantined-files.txt 2011-01-23 18:57
ComboFix2.txt 2011-01-23 03:55

Pre-Run: 144,284,663,808 bytes free
Post-Run: 144,214,990,848 bytes free

- - End Of File - - 122D50AF598FE2ED45728756BA86ABBF

Thread: I can't remove Win.AutoRun.tmp; Freezing Up Taskbar and Not Opening Startup Programs

Thread Tools

Display

Posting Permissions