pomoc s pc
Napsal: 27 říj 2010 03:07
na interenete som hladal nejaky konvertor na videa a dopadlo to tak po par instalaciach ze mi zacal pekne mrznut pocitac, pustil som combofix a tu mam log:
ComboFix 10-10-25.04 - Filip . 10. 2010 2:52.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1033.18.3069.1637 [GMT 2:00]
Running from: c:\users\Filip\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\users\Filip\Desktop\RegGenie.lnk
c:\windows\RegGenieOnUninstall.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 01:11 . 2010-10-27 01:12 -------- d-----w- c:\users\Filip\AppData\Local\temp
2010-10-27 01:11 . 2010-10-27 01:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-27 01:11 . 2010-10-27 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-26 23:55 . 2010-10-26 23:55 270336 ----a-w- c:\windows\Icopaa.exe
2010-10-26 23:51 . 2010-10-26 23:51 -------- d-----w- c:\users\Filip\AppData\Roaming\iJoysoft
2010-10-26 17:05 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-26 17:05 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-26 17:04 . 2010-10-26 17:04 -------- d-----w- c:\program files\iPod
2010-10-26 17:04 . 2010-10-26 17:05 -------- d-----w- c:\program files\iTunes
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-10-26 17:02 . 2010-10-26 17:03 -------- d-----w- c:\program files\QuickTime
2010-10-26 17:01 . 2010-10-26 17:01 -------- d-----w- c:\program files\Apple Software Update
2010-10-26 16:54 . 2010-10-26 16:54 -------- d-----w- c:\users\Filip\AppData\Local\PreEmptive Solutions
2010-10-26 09:58 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9768DF6-157F-444F-98BA-66777EBCB038}\mpengine.dll
2010-10-24 19:08 . 2010-10-24 19:08 -------- d-----w- c:\windows\Downloaded Installations
2010-10-24 13:12 . 2010-10-24 13:12 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-24 12:55 . 2010-10-08 08:38 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-24 12:55 . 2010-10-08 08:38 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-24 12:55 . 2010-10-08 08:38 2666088 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-24 12:55 . 2010-10-08 08:38 10055304 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-24 12:55 . 2010-10-08 08:38 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-24 12:55 . 2010-10-08 08:38 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-24 12:55 . 2010-10-08 08:38 2911848 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-24 12:55 . 2010-10-08 08:38 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-24 09:16 . 2010-01-04 17:18 77824 ----a-w- c:\program files\Microsoft Games\Gears of War\Binaries\xinput1_3.dll
2010-10-24 09:09 . 2010-10-24 09:25 -------- d-----w- c:\program files\Ubisoft
2010-10-23 23:48 . 2010-10-23 23:48 -------- d-sh--w- c:\programdata\DSS
2010-10-23 23:39 . 2010-10-23 23:39 -------- d-----w- c:\program files\Alcohol Soft
2010-10-23 04:56 . 2010-10-23 04:56 -------- d-----w- c:\users\Filip\AppData\Roaming\XWindows Dock
2010-10-23 01:30 . 2010-10-26 09:56 -------- d-----w- c:\users\Filip\AppData\Local\LogMeIn Hamachi
2010-10-23 01:30 . 2010-10-23 01:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-10-23 01:23 . 2010-10-23 01:50 -------- d-----w- c:\users\Filip\AppData\Roaming\Microsoft Games
2010-10-23 00:37 . 2010-10-23 00:37 68688 ----a-w- c:\program files\Microsoft Games\Gears of War\Binaries\PhysXLocal\PhysXLoader.dll
2010-10-22 23:25 . 2010-10-22 23:25 -------- d-----w- C:\Folding@Home
2010-10-22 23:13 . 2007-11-30 15:32 2014048 ----a-r- c:\program files\Microsoft Games\Gears of War\zaloha\Startup.exe
2010-10-22 22:46 . 2010-10-23 01:30 -------- d-----w- c:\users\Filip\AppData\Roaming\Hamachi
2010-10-22 21:54 . 2010-10-22 21:54 -------- d-----w- c:\users\Filip\AppData\Local\Activision
2010-10-21 09:29 . 2010-10-21 09:29 -------- d-----w- c:\windows\en
2010-10-21 08:49 . 2010-10-21 08:49 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\d4a630ab1cb70fc2b\InstallManager_WLE_WLE.exe
2010-10-21 08:48 . 2010-10-21 08:48 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c1d1540b1cb70fc20\MeshBetaRemover.exe
2010-10-21 08:47 . 2010-10-21 08:47 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\DSETUP.dll
2010-10-21 08:47 . 2010-10-21 08:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\DXSETUP.exe
2010-10-21 08:47 . 2010-10-21 08:47 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\dsetup32.dll
2010-10-21 08:47 . 2010-10-21 08:47 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\DSETUP.dll
2010-10-21 08:47 . 2010-10-21 08:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\DXSETUP.exe
2010-10-21 08:47 . 2010-10-21 08:47 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\dsetup32.dll
2010-10-21 08:46 . 2010-10-26 17:14 -------- d-----w- c:\users\Filip\AppData\Local\Windows Live
2010-10-21 08:45 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 15:43 . 2010-10-20 15:43 -------- d-----w- c:\users\Filip\AppData\Roaming\Microsoft Corporation
2010-10-20 15:33 . 2010-10-20 15:33 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-10-20 15:26 . 2010-10-20 15:26 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-10-20 15:26 . 2010-10-20 15:26 -------- d-----w- c:\program files\IIS
2010-10-20 15:25 . 2010-10-20 15:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-10-20 15:25 . 2010-10-20 15:42 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-10-20 15:08 . 2010-10-20 15:15 -------- d-----w- c:\program files\Microsoft F#
2010-10-20 15:08 . 2010-10-20 15:11 -------- d-----w- c:\program files\HTML Help Workshop
2010-10-20 15:08 . 2010-10-20 15:14 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-10-19 09:53 . 2010-10-19 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-19 09:51 . 2010-10-19 09:51 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-19 09:49 . 2010-10-19 09:49 -------- d-----r- C:\MSOCache
2010-10-18 13:45 . 2010-10-18 13:45 -------- d-----w- c:\program files\CCleaner
2010-10-17 21:02 . 2010-10-17 21:02 -------- d-----w- c:\users\Filip\AppData\Roaming\OpenOffice.org
2010-10-17 20:56 . 2010-10-26 16:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-17 16:10 . 2010-09-30 15:15 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-10-17 16:10 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-17 16:09 . 2010-10-22 20:34 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-10-17 16:08 . 2010-10-17 16:08 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-15 17:38 . 2010-10-15 17:38 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-10-15 17:36 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-10-15 17:36 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-10-15 17:36 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-10-15 17:36 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-10-15 17:34 . 2010-10-15 17:34 -------- d-----w- c:\users\Filip\AppData\Local\2K Games
2010-10-15 16:39 . 2010-10-15 16:39 -------- d-----w- c:\program files\Common Files\Steam
2010-10-15 14:05 . 2010-10-17 09:34 -------- d-----w- c:\users\Filip\Tracing
2010-10-15 11:09 . 2010-10-08 08:38 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-15 11:09 . 2010-10-08 08:38 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-15 08:42 . 2010-10-15 08:47 -------- d-----w- c:\users\Filip\AppData\Local\Rockstar Games
2010-10-14 21:24 . 2010-10-18 20:35 -------- d-----w- c:\program files\IDoser v4
2010-10-14 13:42 . 2010-10-14 13:42 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2010-10-14 13:00 . 2010-10-14 13:00 -------- d-----w- c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2010-10-14 12:56 . 2010-10-14 12:56 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-10-14 12:46 . 2010-10-14 12:46 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
2010-10-13 15:21 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 15:21 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 15:20 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 15:20 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 15:20 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 15:20 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 15:20 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 15:20 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 15:20 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 15:20 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 15:20 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 15:20 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 15:18 . 2010-09-08 06:00 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-10-13 15:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 18:17 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-10-11 18:17 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-10-11 18:15 . 2010-10-11 18:15 -------- d-----w- c:\windows\system32\RsFx
2010-10-11 18:14 . 2010-10-20 15:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-10-11 18:14 . 2010-10-20 15:09 -------- d-----w- c:\windows\system32\1033
2010-10-11 18:12 . 2010-10-11 18:15 -------- d-----w- c:\program files\Microsoft SQL Server
2010-10-11 18:11 . 2010-10-11 18:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-11 18:11 . 2010-10-11 18:11 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-10-11 18:09 . 2010-10-11 18:09 -------- d-----w- c:\windows\symbols
2010-10-11 18:08 . 2010-10-20 15:35 -------- d-----w- c:\program files\Microsoft SDKs
2010-10-11 18:08 . 2010-10-11 18:08 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-10-11 18:08 . 2010-10-20 16:35 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-10-11 16:29 . 2010-10-20 14:55 -------- d-----w- c:\users\Filip\AppData\Roaming\Download Manager
2010-10-08 10:51 . 2010-10-08 10:51 -------- d-----w- c:\users\Filip\AppData\Local\Electronic Arts
2010-10-08 10:39 . 2010-10-08 10:39 -------- d-----w- c:\programdata\Electronic Arts
2010-10-08 10:36 . 2010-10-15 17:11 -------- d-----w- c:\users\Filip\AppData\Local\Downloaded Installations
2010-10-08 10:14 . 2010-10-24 20:03 -------- d-----w- c:\program files\Electronic Arts
2010-10-08 00:03 . 2010-10-08 00:03 600680 ----a-w- c:\windows\system32\nvvsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 23:33 . 2009-02-02 16:38 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-23 19:31 . 2009-03-04 18:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 09:41 . 2009-10-07 07:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-08 08:38 . 2010-10-24 12:55 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-08 08:38 . 2009-04-28 18:08 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-10-08 08:38 . 2009-04-28 18:08 10021992 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-30 15:09 . 2010-08-06 23:47 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-03 06:27 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-05-25 13:45 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-05-25 13:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-05-25 13:46 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-05-25 13:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-05-25 13:46 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-05-25 13:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-17 14:11 . 2010-09-17 15:06 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 04:07 . 2007-11-14 03:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-08 279144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-22 16:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Filip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3154210228-3113997801-367597933-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-10-23 436792]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 FAH-01;Folding Service 01;c:\folding@home\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;c:\folding@home\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:27]
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:27]
2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{56768728-8274-4BCE-8DB4-AFFAFD0573D4}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
AddRemove-iJoysoft MP4 Converter - c:\users\Filip\Programs\MP4 Converter\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 03:12
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3154210228-3113997801-367597933-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:31,9c,a9,59,c3,07,c4,b5,7a,36,a8,61,a1,ed,3c,25,78,ca,26,98,8b,29,25,
38,6f,00,3f,f3,32,b4,d6,c7,e1,e6,86,e8,41,b8,9a,71,9a,06,c2,c3,9e,2e,20,33,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-3154210228-3113997801-367597933-1000\Software\SecuROM\License information*]
"datasecu"=hex:5e,63,2c,67,ad,06,70,8f,cb,e0,ec,1b,53,3a,56,63,99,72,27,8b,35,
ff,d3,27,2c,5d,46,a3,10,6b,8e,d9,3a,d0,fc,80,6c,9c,d1,13,d5,eb,5d,fa,17,18,\
"rkeysecu"=hex:21,47,2d,a4,35,50,88,79,49,9e,43,9a,31,45,73,d8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2010-10-27 03:29:19
ComboFix-quarantined-files.txt 2010-10-27 01:29
ComboFix2.txt 2010-07-03 07:09
ComboFix3.txt 2010-06-28 21:44
ComboFix4.txt 2009-05-06 20:10
ComboFix5.txt 2010-10-27 00:49
Pre-Run: 14 289 330 176 bytes free
Post-Run: 14 411 083 776 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 8E771ED034866F15B33E7CF7CCAF828F
ComboFix 10-10-25.04 - Filip . 10. 2010 2:52.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1033.18.3069.1637 [GMT 2:00]
Running from: c:\users\Filip\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\RegGenie
c:\program files\RegGenie\RegGenie.bim
c:\program files\RegGenie\RegGenie.bin
c:\program files\RegGenie\RegGenie.exe
c:\program files\RegGenie\RegGenie.ini
c:\program files\RegGenie\RegGenieOnReboot.exe
c:\program files\RegGenie\RegGenieOnRebootExpired.exe
c:\program files\RegGenie\RegGenieScheduler.exe
c:\program files\RegGenie\unins000.dat
c:\program files\RegGenie\unins000.exe
c:\program files\RegGenie\unins000.msg
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\RegGenie.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RegGenie\Uninstall RegGenie.lnk
c:\users\Filip\Desktop\RegGenie.lnk
c:\windows\RegGenieOnUninstall.exe
c:\windows\system32\sshnas21.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 01:11 . 2010-10-27 01:12 -------- d-----w- c:\users\Filip\AppData\Local\temp
2010-10-27 01:11 . 2010-10-27 01:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-10-27 01:11 . 2010-10-27 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-26 23:55 . 2010-10-26 23:55 270336 ----a-w- c:\windows\Icopaa.exe
2010-10-26 23:51 . 2010-10-26 23:51 -------- d-----w- c:\users\Filip\AppData\Roaming\iJoysoft
2010-10-26 17:05 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-26 17:05 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-26 17:04 . 2010-10-26 17:04 -------- d-----w- c:\program files\iPod
2010-10-26 17:04 . 2010-10-26 17:05 -------- d-----w- c:\program files\iTunes
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-10-26 17:03 . 2010-10-26 17:03 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-10-26 17:02 . 2010-10-26 17:03 -------- d-----w- c:\program files\QuickTime
2010-10-26 17:01 . 2010-10-26 17:01 -------- d-----w- c:\program files\Apple Software Update
2010-10-26 16:54 . 2010-10-26 16:54 -------- d-----w- c:\users\Filip\AppData\Local\PreEmptive Solutions
2010-10-26 09:58 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9768DF6-157F-444F-98BA-66777EBCB038}\mpengine.dll
2010-10-24 19:08 . 2010-10-24 19:08 -------- d-----w- c:\windows\Downloaded Installations
2010-10-24 13:12 . 2010-10-24 13:12 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-24 12:55 . 2010-10-08 08:38 5399656 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-24 12:55 . 2010-10-08 08:38 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-24 12:55 . 2010-10-08 08:38 2666088 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-24 12:55 . 2010-10-08 08:38 10055304 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-24 12:55 . 2010-10-08 08:38 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-24 12:55 . 2010-10-08 08:38 4836456 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-24 12:55 . 2010-10-08 08:38 2911848 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-24 12:55 . 2010-10-08 08:38 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-24 09:16 . 2010-01-04 17:18 77824 ----a-w- c:\program files\Microsoft Games\Gears of War\Binaries\xinput1_3.dll
2010-10-24 09:09 . 2010-10-24 09:25 -------- d-----w- c:\program files\Ubisoft
2010-10-23 23:48 . 2010-10-23 23:48 -------- d-sh--w- c:\programdata\DSS
2010-10-23 23:39 . 2010-10-23 23:39 -------- d-----w- c:\program files\Alcohol Soft
2010-10-23 04:56 . 2010-10-23 04:56 -------- d-----w- c:\users\Filip\AppData\Roaming\XWindows Dock
2010-10-23 01:30 . 2010-10-26 09:56 -------- d-----w- c:\users\Filip\AppData\Local\LogMeIn Hamachi
2010-10-23 01:30 . 2010-10-23 01:30 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-10-23 01:23 . 2010-10-23 01:50 -------- d-----w- c:\users\Filip\AppData\Roaming\Microsoft Games
2010-10-23 00:37 . 2010-10-23 00:37 68688 ----a-w- c:\program files\Microsoft Games\Gears of War\Binaries\PhysXLocal\PhysXLoader.dll
2010-10-22 23:25 . 2010-10-22 23:25 -------- d-----w- C:\Folding@Home
2010-10-22 23:13 . 2007-11-30 15:32 2014048 ----a-r- c:\program files\Microsoft Games\Gears of War\zaloha\Startup.exe
2010-10-22 22:46 . 2010-10-23 01:30 -------- d-----w- c:\users\Filip\AppData\Roaming\Hamachi
2010-10-22 21:54 . 2010-10-22 21:54 -------- d-----w- c:\users\Filip\AppData\Local\Activision
2010-10-21 09:29 . 2010-10-21 09:29 -------- d-----w- c:\windows\en
2010-10-21 08:49 . 2010-10-21 08:49 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\d4a630ab1cb70fc2b\InstallManager_WLE_WLE.exe
2010-10-21 08:48 . 2010-10-21 08:48 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\c1d1540b1cb70fc20\MeshBetaRemover.exe
2010-10-21 08:47 . 2010-10-21 08:47 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\DSETUP.dll
2010-10-21 08:47 . 2010-10-21 08:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\DXSETUP.exe
2010-10-21 08:47 . 2010-10-21 08:47 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6bb94fb1cb70fc18\dsetup32.dll
2010-10-21 08:47 . 2010-10-21 08:47 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\DSETUP.dll
2010-10-21 08:47 . 2010-10-21 08:47 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\DXSETUP.exe
2010-10-21 08:47 . 2010-10-21 08:47 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a58a67fb1cb70fc17\dsetup32.dll
2010-10-21 08:46 . 2010-10-26 17:14 -------- d-----w- c:\users\Filip\AppData\Local\Windows Live
2010-10-21 08:45 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-20 15:43 . 2010-10-20 15:43 -------- d-----w- c:\users\Filip\AppData\Roaming\Microsoft Corporation
2010-10-20 15:33 . 2010-10-20 15:33 -------- d-----w- c:\programdata\PreEmptive Solutions
2010-10-20 15:26 . 2010-10-20 15:26 -------- d-----w- c:\program files\Microsoft ASP.NET
2010-10-20 15:26 . 2010-10-20 15:26 -------- d-----w- c:\program files\IIS
2010-10-20 15:25 . 2010-10-20 15:25 18368 ----a-w- c:\programdata\Microsoft\VSA\9.0\1033\ResourceCache.dll
2010-10-20 15:25 . 2010-10-20 15:42 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-10-20 15:08 . 2010-10-20 15:15 -------- d-----w- c:\program files\Microsoft F#
2010-10-20 15:08 . 2010-10-20 15:11 -------- d-----w- c:\program files\HTML Help Workshop
2010-10-20 15:08 . 2010-10-20 15:14 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-10-19 09:53 . 2010-10-19 09:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-19 09:51 . 2010-10-19 09:51 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-19 09:49 . 2010-10-19 09:49 -------- d-----r- C:\MSOCache
2010-10-18 13:45 . 2010-10-18 13:45 -------- d-----w- c:\program files\CCleaner
2010-10-17 21:02 . 2010-10-17 21:02 -------- d-----w- c:\users\Filip\AppData\Roaming\OpenOffice.org
2010-10-17 20:56 . 2010-10-26 16:53 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-17 16:10 . 2010-09-30 15:15 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-10-17 16:10 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-17 16:09 . 2010-10-22 20:34 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-10-17 16:08 . 2010-10-17 16:08 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-10-15 17:38 . 2010-10-15 17:38 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2010-10-15 17:36 . 2010-06-02 02:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-10-15 17:36 . 2010-06-02 02:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-10-15 17:36 . 2010-06-02 02:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-10-15 17:36 . 2010-05-26 09:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-10-15 17:36 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-10-15 17:34 . 2010-10-15 17:34 -------- d-----w- c:\users\Filip\AppData\Local\2K Games
2010-10-15 16:39 . 2010-10-15 16:39 -------- d-----w- c:\program files\Common Files\Steam
2010-10-15 14:05 . 2010-10-17 09:34 -------- d-----w- c:\users\Filip\Tracing
2010-10-15 11:09 . 2010-10-08 08:38 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-15 11:09 . 2010-10-08 08:38 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-15 08:42 . 2010-10-15 08:47 -------- d-----w- c:\users\Filip\AppData\Local\Rockstar Games
2010-10-14 21:24 . 2010-10-18 20:35 -------- d-----w- c:\program files\IDoser v4
2010-10-14 13:42 . 2010-10-14 13:42 -------- d-----w- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP
2010-10-14 13:00 . 2010-10-14 13:00 -------- d-----w- c:\windows\8AAB4176A747493AA42CB63CFADFD8E3.TMP
2010-10-14 12:56 . 2010-10-14 12:56 -------- d-----w- c:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2010-10-14 12:46 . 2010-10-14 12:46 -------- d-----w- c:\windows\B4F3A360E1E2479DADE79BE3B07F4539.TMP
2010-10-13 15:21 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 15:21 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 15:20 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 15:20 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 15:20 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 15:20 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 15:20 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-13 15:20 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 15:20 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 15:20 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 15:20 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 15:20 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 15:18 . 2010-09-08 06:00 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2010-10-13 15:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 18:17 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-10-11 18:17 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-10-11 18:15 . 2010-10-11 18:15 -------- d-----w- c:\windows\system32\RsFx
2010-10-11 18:14 . 2010-10-20 15:01 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-10-11 18:14 . 2010-10-20 15:09 -------- d-----w- c:\windows\system32\1033
2010-10-11 18:12 . 2010-10-11 18:15 -------- d-----w- c:\program files\Microsoft SQL Server
2010-10-11 18:11 . 2010-10-11 18:11 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-11 18:11 . 2010-10-11 18:11 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2010-10-11 18:09 . 2010-10-11 18:09 -------- d-----w- c:\windows\symbols
2010-10-11 18:08 . 2010-10-20 15:35 -------- d-----w- c:\program files\Microsoft SDKs
2010-10-11 18:08 . 2010-10-11 18:08 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-10-11 18:08 . 2010-10-20 16:35 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-10-11 16:29 . 2010-10-20 14:55 -------- d-----w- c:\users\Filip\AppData\Roaming\Download Manager
2010-10-08 10:51 . 2010-10-08 10:51 -------- d-----w- c:\users\Filip\AppData\Local\Electronic Arts
2010-10-08 10:39 . 2010-10-08 10:39 -------- d-----w- c:\programdata\Electronic Arts
2010-10-08 10:36 . 2010-10-15 17:11 -------- d-----w- c:\users\Filip\AppData\Local\Downloaded Installations
2010-10-08 10:14 . 2010-10-24 20:03 -------- d-----w- c:\program files\Electronic Arts
2010-10-08 00:03 . 2010-10-08 00:03 600680 ----a-w- c:\windows\system32\nvvsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 23:33 . 2009-02-02 16:38 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-23 19:31 . 2009-03-04 18:18 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-19 09:41 . 2009-10-07 07:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-08 08:38 . 2010-10-24 12:55 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-08 08:38 . 2009-04-28 18:08 1718376 ----a-w- c:\windows\system32\nvapi.dll
2010-10-08 08:38 . 2009-04-28 18:08 10021992 ----a-w- c:\windows\system32\nvd3dum.dll
2010-09-30 15:09 . 2010-08-06 23:47 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 22:32 . 2010-09-22 22:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-03 06:27 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-05-25 13:45 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-05-25 13:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-05-25 13:46 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-05-25 13:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-05-25 13:46 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2010-05-25 13:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-17 14:11 . 2010-09-17 15:06 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 04:07 . 2007-11-14 03:00 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-16 23:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-16 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-12-03 405504]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-10-08 279144]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-24 1295656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-12-22 16:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-16 23:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Users^Filip^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Filip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"ehTray.exe"=c:\windows\ehome\ehTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3154210228-3113997801-367597933-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\ianvstor.sys [2007-09-07 209408]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-10-23 436792]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-12-03 73728]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-09-23 155648]
S2 FAH-01;Folding Service 01;c:\folding@home\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;c:\folding@home\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-07 369256]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-09-30 1051968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:27]
2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 22:27]
2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{56768728-8274-4BCE-8DB4-AFFAFD0573D4}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Metropolis - c:\windows\system32\sshnas21.dll
AddRemove-iJoysoft MP4 Converter - c:\users\Filip\Programs\MP4 Converter\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 03:12
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3154210228-3113997801-367597933-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:31,9c,a9,59,c3,07,c4,b5,7a,36,a8,61,a1,ed,3c,25,78,ca,26,98,8b,29,25,
38,6f,00,3f,f3,32,b4,d6,c7,e1,e6,86,e8,41,b8,9a,71,9a,06,c2,c3,9e,2e,20,33,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
[HKEY_USERS\S-1-5-21-3154210228-3113997801-367597933-1000\Software\SecuROM\License information*]
"datasecu"=hex:5e,63,2c,67,ad,06,70,8f,cb,e0,ec,1b,53,3a,56,63,99,72,27,8b,35,
ff,d3,27,2c,5d,46,a3,10,6b,8e,d9,3a,d0,fc,80,6c,9c,d1,13,d5,eb,5d,fa,17,18,\
"rkeysecu"=hex:21,47,2d,a4,35,50,88,79,49,9e,43,9a,31,45,73,d8
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(688)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
.
Completion time: 2010-10-27 03:29:19
ComboFix-quarantined-files.txt 2010-10-27 01:29
ComboFix2.txt 2010-07-03 07:09
ComboFix3.txt 2010-06-28 21:44
ComboFix4.txt 2009-05-06 20:10
ComboFix5.txt 2010-10-27 00:49
Pre-Run: 14 289 330 176 bytes free
Post-Run: 14 411 083 776 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 8E771ED034866F15B33E7CF7CCAF828F
