Thanks Belahzur, I couldn't get on to the internet in any of the browsers for some odd reason, though I could connect from my laptop over by teamviewer....
Also, after the combofix I can't open any .exe files? It says "Illegal operation attempted on a registry key that has been marked for deletion."
Here is the log:
ComboFix 11-12-22.04 - Kenny Diep 12/22/2011 19:23:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.1849 [GMT -5]
Running from: c:\users\Kenny Diep\Desktop\commy.exe
Command switches used :: /stepdel
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files (x86)\Security Defender
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender
c:\users\Kenny Diep\AppData\Roaming\Bitcoin
c:\users\Kenny Diep\AppData\Roaming\GmailHackerPro_Installer
c:\users\Kenny Diep\AppData\Roaming\Local
c:\windows\system32\consrv.dll
c:\windows\System64
c:\cflog\CrashLog_20110402.txt
c:\cflog\CrashLog_20110712.txt
c:\cflog\CrashLog_20110910.txt
c:\cflog\CrashLog_20110916.txt
c:\cflog\CrashLog_20111004.txt
c:\cflog\CrashLog_20111016.txt
c:\cflog\CrashLog_20111026.txt
c:\cflog\CrashLog_20111029.txt
c:\cflog\CrashLog_20111207.txt
c:\program files (x86)\Security Defender\Security Defender.ico
c:\programdata\68C99590-AF86-B6DD-DB7A-D874F37B2C09.ico
c:\programdata\Microsoft\Windows\Start Menu\Programs\Security Defender\Security Defender.lnk
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\.lock
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.001
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.002
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.003
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.004
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.005
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\__db.006
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\addr.dat
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\blk0001.dat
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\blkindex.dat
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000042
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000043
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000044
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000045
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000046
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000047
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000048
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000049
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000050
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000051
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000052
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000053
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000054
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000055
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000056
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000057
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000058
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000059
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000060
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000061
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000062
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000063
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000064
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000065
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000066
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000067
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000068
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000069
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000070
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000071
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000072
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\database\log.0000000073
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\db.log
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\debug.log
c:\users\Kenny Diep\AppData\Roaming\Bitcoin\wallet.dat
c:\users\Kenny Diep\AppData\Roaming\chrtmp
c:\users\Kenny Diep\AppData\Roaming\GmailHackerPro_Installer\Gmail Hacker Pro Installer\1.0.0.0\Update-152599.exe
c:\users\Kenny Diep\AppData\Roaming\GmailHackerPro_Installer\Gmail Hacker Pro Installer\1.0.0.0\Update-442516.exe
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\bsigjc5ky29n1.avi(2).ddr
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\bsigjc5ky29n1.avi.ddr
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\bsigjc5ky29n1.avi(2).ddp
c:\users\Kenny Diep\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\bsigjc5ky29n1.avi.ddp
c:\windows\jestertb.dll
c:\windows\system\actualspy.lnk
c:\windows\System32\config\systemprofile\AppData\Local\App\lrsykvie.dll
c:\windows\system32\fxsst.dll . . . . Failed to delete
c:\windows\system32\java.exe
c:\windows\system32\slwga.dll . . . . Failed to delete
c:\windows\system32\srrstr.dll . . . . Failed to delete
c:\windows\system32\systemcpl.dll . . . . Failed to delete
c:\windows\system32\termsrv.dll
c:\windows\SysWow64\68C99590-AF86-B6DD-DB7A-D874F37B2C09.avi
F:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-23 to 2011-12-23 )))))))))))))))))))))))))))))))
.
.
2011-12-23 00:31 . 2011-12-23 00:31 -------- d-----w- c:\users\f\AppData\Local\temp
2011-12-23 00:31 . 2011-12-23 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-21 17:38 . 2011-12-21 17:38 -------- d-----w- c:\program files (x86)\ESET
2011-12-21 16:30 . 2011-12-21 16:30 -------- d-----w- c:\windows\system32\MpEngineStore
2011-12-20 22:50 . 2011-12-20 22:50 -------- d-----w- C:\Cache
2011-12-20 19:03 . 2011-12-20 19:03 -------- d-----w- C:\Temp
2011-12-19 02:57 . 2011-12-19 23:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-12-19 02:57 . 2011-12-19 23:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-16 14:06 . 2011-12-16 14:06 36352 ----a-w- c:\windows\SysWow64\JgAbkOoX.com
2011-12-13 22:38 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-13 22:38 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-13 22:38 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-13 22:38 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-13 22:38 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-13 22:38 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-11 00:02 . 2011-12-11 00:02 -------- d-----w- c:\windows\system32\Macromed
2011-12-10 21:04 . 2011-12-20 18:24 -------- d-----w- c:\users\Kenny Diep\AppData\Roaming\SUPERAntiSpyware.com
2011-12-07 19:48 . 2011-12-07 19:48 -------- d-----w- c:\program files (x86)\WhiteSmoke_Bar
2011-12-07 19:48 . 2011-12-20 18:45 -------- d-----w- c:\users\Kenny Diep\AppData\Local\RavenBleuSA
2011-12-07 12:16 . 2011-12-07 12:16 -------- d-----w- c:\windows\SysWow64\config\systemprofile\Tracing
2011-12-04 14:00 . 2011-12-04 14:00 -------- d-----w- c:\programdata\Media Center Programs
2011-12-04 13:51 . 2011-12-04 13:51 -------- d-----w- c:\program files (x86)\UBISOFT
2011-12-02 13:30 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8FA25C06-85AF-46A0-8767-2DF90ADC8015}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 00:02 . 2011-03-03 12:14 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-11 00:02 . 2011-05-19 10:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-09 13:10 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-03-01 13:12 . 2011-03-01 13:09 12067528 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Kenny Diep\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-16 137536]
"RavenBleuSA"="c:\users\Kenny Diep\AppData\Local\RavenBleuSA\bin\1.0.11.0\RavenBleuSA.exe" [2011-11-28 782848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-19 5486464]
"uTorrent"="c:\users\Kenny Diep\Downloads\utorrent.exe" [2011-08-09 639864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"68C99590-AF86-B6DD-DB7A-D874F37B2C09"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"lrsykvie"="c:\windows\System32\config\systemprofile\AppData\Local\App\lrsykvie.dll" [2011-12-14 60416]
"68C99590-AF86-B6DD-DB7A-D874F37B2C09"="c:\windows\system32\rundll32.exe" [2009-07-14 44544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil10r_ActiveX.exe" [2011-06-02 240288]
.
c:\users\f\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2011-3-1 12067528]
.
c:\users\Kenny Diep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
UniKeyNT - Shortcut.lnk - c:\users\Kenny Diep\Downloads\UniKeyNT.exe [2009-11-2 316928]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
68C99590-AF86-B6DD-DB7A-D874F37B2C09.lnk - c:\windows\System32\rundll32.exe [2009-7-13 45568]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2011-7-18 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 nxupirpo;nxupirpo;c:\windows\system32\drivers\nxupirpo.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]
R3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 clwvd;HP Webcam Splitter;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2009-03-19 32808]
R3 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-01-31 341312]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
R3 PSVolAcc;PSVolAcc; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 X6va005;X6va005;c:\users\KENNYD~1\AppData\Local\Temp\0057263.tmp [x]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-17 98208]
R4 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
R4 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-01-31 68928]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352]
S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-18 12288]
S2 WinAgentsTftpService4;WinAgents TFTP Service 4;c:\program files (x86)\Common Files\WinAgents\TftpService.exe [2011-04-02 111376]
S3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\DRIVERS\OSDACPI.SYS [x]
S3 AVerAVF2;AVerAVF2;c:\windows\system32\DRIVERS\AVerAVF2.sys [x]
S3 FintekCIR;Fintek eHome Transceiver;c:\windows\system32\DRIVERS\FintekCIR.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2503263900-158799546-2591639019-1000Core.job
- c:\users\Kenny Diep\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 02:10]
.
2011-12-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2503263900-158799546-2591639019-1000UA.job
- c:\users\Kenny Diep\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-16 02:10]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 01:08]
.
2011-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-26 01:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-16 415256]
"combofix"="c:\commy\CF12974.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 127.0.0.1:8118
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-SmartMusic 2011a - c:\programdata\MakeMusic\UninstallSmartMusic 2011.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\KENNYD~1\AppData\Local\Temp\0057263.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF2573AE-E1ED-40E1-83BA-F544CB2EE135}"=hex:51,66,7a,6c,4c,1d,38,12,c0,70,36,
fb,df,af,8f,05,fc,ac,b6,04,ce,70,a5,21
"{167D9323-F7CC-48F5-948A-6F012831A69F}"=hex:51,66,7a,6c,4c,1d,38,12,4d,90,6e,
12,fe,b9,9b,0d,eb,9c,2c,41,2d,6f,e2,8b
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d0,a2,34,31,0f,bc,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a2,6e,12,56,62,af,41,94,d5,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d7,a2,6e,12,56,62,af,41,94,d5,0c,\
.
[HKEY_USERS\S-1-5-21-2503263900-158799546-2591639019-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AD6A3628-D3C3-DF2B-60B4-30788E7CE3FD}*]
"makjhmocnempbododhjoojkfap"=hex:6f,61,6c,70,69,65,6a,6f,64,64,6e,62,6a,70,65,
63,68,6c,63,6e,61,64,64,66,63,6e,6e,66,64,69,00,62
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-12-22 19:49:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-23 00:49
.
Pre-Run: 761,791,774,720 bytes free
Post-Run: 761,672,978,432 bytes free
.
- - End Of File - - 55F6BD5D7FFFC4379E39AC986EB1E5B0
Last edited by roadran322 on 23rd December 2011, 2:33 am; edited 1 time in total