Ok the program did its job. But you should know that when it said that its going to reboot my machine, skype gave me some error message with no name and no text and nothing else happened. I did wait a lot. So without closing combofix I got to start>restart. Combofix diplayed a warning, but it was too late. Come to think of it, OTL crashed when it started to restart my machine too. I remember that all my programs that have icons in the taskbar closed and the taskbar itself started to blink.
Here is the report from ComboFix
ComboFix 11-08-03.02 - PC 08.2011 г. 14:46:03.1.4 - x64]
Microsoft Windows 7 Ultimate 6.1.7600.0.1251.359.1033.18.4095.2507 [GMT 3:00]
Running from: c:\users\PC\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PC\AppData\Roaming\chrtmp
c:\users\PC\AppData\Roaming\explorer
c:\users\PC\AppData\Roaming\Microsoft\Windows\Recent\httpwww.google.bgurlq=httpvbox7.
complaybcea43cf&sa=X&ei=0AUTTsv9KYWfOpmh7LUL&ved=0CEIQuAIwAw&usg=AFQjCNHDx
OxQGiUjJpKV6Fk7QAg.URL
c:\windows\ktkm2.dll
c:\windows\ktkm3.dll
c:\windows\ktkm34.dll
c:\windows\ktkm36.dll
c:\windows\ktkm4.dll
c:\windows\ktkm8.dll
c:\windows\wpe pro.INI
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_conhost.exe pid: 1940 24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_conhost.exe pid: 4708 24: c:\windows\System32\en-US\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe pid: 560 274: c:\windows\System32\en-US\lsm.exe.mui
-------\Service_Skype.exe pid: 2212 1E8: c:\program files (x86)\Skype\Phone\Skype.exe
-------\Service_Sysinternals -
www.sysinternals.com.
.
((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
.
.
2011-08-02 06:32 . 2011-08-02 06:32 -------- d-----w- C:\_OTL
2011-07-31 12:32 . 2011-07-31 12:32 -------- d-----w- c:\users\PC\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2011-07-31 08:58 . 2011-07-31 08:58 388096 ----a-r- c:\users\PC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 08:53 . 2011-07-31 08:53 -------- d-----w- c:\users\PC\AppData\Roaming\Malwarebytes
2011-07-31 08:53 . 2011-07-06 16:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-31 08:53 . 2011-07-31 08:53 -------- d-----w- c:\programdata\Malwarebytes
2011-07-31 08:53 . 2011-07-06 16:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\users\PC\AppData\Roaming\SUPERAntiSpyware.com
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-31 08:51 . 2011-07-31 08:51 -------- d-----w- c:\programdata\!SASCORE
2011-07-29 18:25 . 2011-08-01 21:50 -------- d-----w- c:\users\PC\riotsGamesLogs
2011-07-25 10:51 . 2011-07-25 10:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-07-25 10:51 . 2011-07-25 10:51 -------- d-----r- c:\program files (x86)\Skype
2011-07-24 21:39 . 2011-07-24 21:39 -------- d--h--w- c:\windows\PIF
2011-07-24 21:39 . 1997-12-17 15:33 304128 ----a-w- c:\windows\IsUninst.exe
2011-07-19 19:25 . 2011-07-31 16:06 -------- d-----w- c:\users\PC\AppData\Roaming\gtk-2.0
2011-07-19 19:25 . 2011-07-19 19:25 -------- d-----w- c:\users\PC\.thumbnails
2011-07-19 19:14 . 2011-07-31 16:06 -------- d-----w- c:\users\PC\.gimp-2.6
2011-07-17 17:58 . 2011-07-17 17:58 -------- d-----w- c:\users\PC\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-02 12:29 . 2011-04-15 21:38 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-02 12:29 . 2011-04-15 21:38 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-02 11:17 . 2011-01-08 17:55 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-02 11:17 . 2011-01-08 17:55 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-30 11:23 . 2011-03-28 17:01 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-30 11:23 . 2011-03-16 17:41 234768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-30 11:00 . 2011-03-16 17:41 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-12 14:24 . 2011-06-12 14:18 2829 ----a-w- c:\windows\War3Unin.pif
2011-06-12 14:24 . 2011-06-12 14:18 139264 ----a-w- c:\windows\War3Unin.exe
2011-06-04 11:24 . 2011-04-16 11:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-06-04 11:24 . 2011-04-16 11:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-06-04 11:24 . 2011-04-16 11:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-04 11:24 . 2011-04-16 11:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-04 10:53 . 2011-06-04 10:28 2377696 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-05-24 14:24 . 2011-05-24 14:24 21832 ----a-w- c:\windows\system32\drivers\hamachi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-29 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"RocketDock"="e:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-06-28 3077528]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="e:\program files (x86)\SuperAntiSpyware\SUPERAntiSpyware.exe" [2011-07-27 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-25 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"QuickTime Task"="c:\program files (x86)\QuickTime Alternative\QTTask.exe" [2009-05-26 413696]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-06-05 2171904]
"Turbo Key"="c:\program files (x86)\ASUS\Turbo Key\TurboKey.exe" [2009-05-25 1768960]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT ACR"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2010-06-30 121456]
"HamaKMCONFIGMOUSE"="c:\program files (x86)\Hama Mouse driver V6.0\StartAutorun.exe" [2008-05-29 212992]
"LogMeIn Hamachi Ui"="e:\program files (x86)\Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"BabylonToolbar"="c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Malwarebytes' Anti-Malware"="e:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;e:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2010-04-16 109168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys
R3 GGSAFERDriver;GGSAFER Driver;e:\games\Garena\safedrv.sys
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys
R3 rak;rak;e:\games\RakionIS\Bin\rakion64.sys [2011-06-11 40056]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 X6va005;X6va005;c:\users\PC\AppData\Local\Temp\00588FF.tmp
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys
S1 SASDIFSV;SASDIFSV;e:\program files (x86)\SuperAntiSpyware\SASDIFSV64.SYS [2011-07-12 14928]
S1 SASKUTIL;SASKUTIL;e:\program files (x86)\SuperAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;e:\program files (x86)\SuperAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\program files (x86)\Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Hama Mouse driver V6.0\KMWDSrv.exe [2009-08-14 1818112]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d1b6712-1d81-11e0-b0b7-90e6ba0b07cb}]
\shell\AutoRun\command - H:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000Core.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 17:15]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1079075947-272208551-1207551106-1000UA.job
- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 17:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.bg/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 84.238.214.1 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 1940 24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe pid: 4708 24: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe pid: 560 274: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Skype.exe pid: 2212 1E8: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\PC\AppData\Local\Temp\00588FF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files (x86)\Acer Display\eDisplay Management\DTHtml.exe
c:\program files (x86)\Hama Mouse driver V6.0\KMConfig.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Hama Mouse driver V6.0\KMProcess.exe
c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\floater.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-08-03 15:02:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-03 12:02
.
Pre-Run: 107 339 268 096 bytes free
Post-Run: 107 624 402 944 bytes free
.
- - End Of File - - B9CD1AFCDD04AC4E8CDBD723F72C306E
