[continued]
2012-09-18 00:17:33, Info CSI 000002ee [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:24{12}]"asycfilt.dll"; source file in store is also corrupted
2012-09-18 00:17:51, Info CSI 000002f0 [SR] Verify complete
2012-09-18 00:17:51, Info CSI 000002f1 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:17:51, Info CSI 000002f2 [SR] Beginning Verify and Repair transaction
2012-09-18 00:17:56, Info CSI 000002f4 [SR] Verify complete
2012-09-18 00:17:56, Info CSI 000002f5 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:17:56, Info CSI 000002f6 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:00, Info CSI 000002fa [SR] Verify complete
2012-09-18 00:18:00, Info CSI 000002fb [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:00, Info CSI 000002fc [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:05, Info CSI 000002fe [SR] Verify complete
2012-09-18 00:18:05, Info CSI 000002ff [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:05, Info CSI 00000300 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:11, Info CSI 00000302 [SR] Verify complete
2012-09-18 00:18:11, Info CSI 00000303 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:11, Info CSI 00000304 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:16, Info CSI 00000306 [SR] Verify complete
2012-09-18 00:18:16, Info CSI 00000307 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:16, Info CSI 00000308 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:21, Info CSI 0000030b [SR] Verify complete
2012-09-18 00:18:21, Info CSI 0000030c [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:21, Info CSI 0000030d [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:25, Info CSI 0000030f [SR] Verify complete
2012-09-18 00:18:26, Info CSI 00000310 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:26, Info CSI 00000311 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:31, Info CSI 00000313 [SR] Verify complete
2012-09-18 00:18:32, Info CSI 00000314 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:32, Info CSI 00000315 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:37, Info CSI 00000317 [SR] Verify complete
2012-09-18 00:18:38, Info CSI 00000318 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:38, Info CSI 00000319 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:46, Info CSI 0000031c [SR] Verify complete
2012-09-18 00:18:46, Info CSI 0000031d [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:46, Info CSI 0000031e [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:51, Info CSI 00000320 [SR] Verify complete
2012-09-18 00:18:51, Info CSI 00000321 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:51, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2012-09-18 00:18:55, Info CSI 00000324 [SR] Verify complete
2012-09-18 00:18:56, Info CSI 00000325 [SR] Verifying 100 (0x0000000000000064) components
2012-09-18 00:18:56, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2012-09-18 00:19:01, Info CSI 00000328 [SR] Verify complete
2012-09-18 00:19:01, Info CSI 00000329 [SR] Verifying 90 (0x000000000000005a) components
2012-09-18 00:19:01, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2012-09-18 00:19:06, Info CSI 0000032c [SR] Verify complete
2012-09-18 00:19:06, Info CSI 0000032d [SR] Repairing 10 (0x000000000000000a) components
2012-09-18 00:19:06, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2012-09-18 00:19:06, Info CSI 00000330 [SR] Cannot repair member file [l:22{11}]"sysmain.sdb" of Microsoft-Windows-Application-Experience-Mitigations-C1, Version = 6.1.7601.17571, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:06, Info CSI 00000332 [SR] Cannot repair member file [l:14{7}]"dps.dll" of Microsoft-Windows-DiagnosticInfrastructure-Server, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:06, Info CSI 00000334 [SR] Cannot repair member file [l:22{11}]"odbcint.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-DriverManager-Rll, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:06, Info CSI 00000336 [SR] Cannot repair member file [l:20{10}]"mapi32.dll" of Microsoft-Windows-Mapi, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:08, Info CSI 00000338 [SR] Cannot repair member file [l:30{15}]"NlsData0000.dll" of Microsoft-Windows-NaturalLanguage6, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000033a [SR] Cannot repair member file [l:22{11}]"ntprint.dll" of Microsoft-Windows-Printing-ClassInstallerAndPrintUI-Ntprint, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000033c [SR] Cannot repair member file [l:22{11}]"pnrpnsp.dll" of Microsoft-Windows-PeerToPeerPNRP, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000033e [SR] Cannot repair member file [l:18{9}]"dxva2.dll" of Microsoft-Windows-DirectXVideoAcceleration, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000340 [SR] Cannot repair member file [l:22{11}]"MP3DMOD.DLL" of Microsoft-Windows-MP3DMOD, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000342 [SR] Cannot repair member file [l:24{12}]"asycfilt.dll" of Microsoft-Windows-OLE-Automation-AsyncFilters, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000344 [SR] Cannot repair member file [l:22{11}]"odbcint.dll" of Microsoft-Windows-Microsoft-Data-Access-Components-(MDAC)-ODBC-DriverManager-Rll, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000345 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 00000348 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"odbcint.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 0000034a [SR] Cannot repair member file [l:22{11}]"ntprint.dll" of Microsoft-Windows-Printing-ClassInstallerAndPrintUI-Ntprint, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000034b [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 0000034e [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:22{11}]"ntprint.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 00000350 [SR] Cannot repair member file [l:22{11}]"pnrpnsp.dll" of Microsoft-Windows-PeerToPeerPNRP, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 (10), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000351 [SR] This component was referenced by [l:168{84}]"Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.P2P"
2012-09-18 00:19:13, Info CSI 00000354 [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"pnrpnsp.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 00000358 [SR] Cannot repair member file [l:18{9}]"dxva2.dll" of Microsoft-Windows-DirectXVideoAcceleration, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000359 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 0000035c [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:18{9}]"dxva2.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 0000035e [SR] Cannot repair member file [l:22{11}]"sysmain.sdb" of Microsoft-Windows-Application-Experience-Mitigations-C1, Version = 6.1.7601.17571, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000035f [SR] This component was referenced by [l:154{77}]"Package_2_for_KB2492386~31bf3856ad364e35~amd64~~6.1.1.0.2492386-6_neutral_GDR"
2012-09-18 00:19:13, Info CSI 00000362 [SR] Could not reproject corrupted file [ml:520{260},l:68{34}]"\??\C:\Windows\apppatch\apppatch64"\[l:22{11}]"sysmain.sdb"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 00000364 [SR] Cannot repair member file [l:20{10}]"mapi32.dll" of Microsoft-Windows-Mapi, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000365 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 00000368 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"mapi32.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 0000036a [SR] Cannot repair member file [l:24{12}]"asycfilt.dll" of Microsoft-Windows-OLE-Automation-AsyncFilters, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 0000036b [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 0000036e [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:24{12}]"asycfilt.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 00000370 [SR] Cannot repair member file [l:14{7}]"dps.dll" of Microsoft-Windows-DiagnosticInfrastructure-Server, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000371 [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:13, Info CSI 00000374 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:14{7}]"dps.dll"; source file in store is also corrupted
2012-09-18 00:19:13, Info CSI 00000376 [SR] Cannot repair member file [l:22{11}]"MP3DMOD.DLL" of Microsoft-Windows-MP3DMOD, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:13, Info CSI 00000377 [SR] This component was referenced by [l:178{89}]"Microsoft-Media-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.MediaFoundation"
2012-09-18 00:19:13, Info CSI 0000037a [SR] Could not reproject corrupted file [ml:48{24},l:46{23}]"\??\C:\Windows\SysWOW64"\[l:22{11}]"MP3DMOD.DLL"; source file in store is also corrupted
2012-09-18 00:19:14, Info CSI 0000037c [SR] Cannot repair member file [l:30{15}]"NlsData0000.dll" of Microsoft-Windows-NaturalLanguage6, Version = 6.1.7601.17514, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2012-09-18 00:19:14, Info CSI 0000037d [SR] This component was referenced by [l:202{101}]"Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.WindowsFoundationDelivery"
2012-09-18 00:19:19, Info CSI 00000380 [SR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:30{15}]"NlsData0000.dll"; source file in store is also corrupted
2012-09-18 00:19:22, Info CSI 00000382 [SR] Repair complete
2012-09-18 00:19:22, Info CSI 00000383 [SR] Committing transaction
2012-09-18 00:19:22, Info CSI 00000387 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 00:25:11
-----------------------------
00:25:11.195 OS Version: Windows x64 6.1.7601 Service Pack 1
00:25:11.195 Number of processors: 2 586 0x602
00:25:11.195 ComputerName: Removed UserName:
00:25:14.487 Initialize success
00:26:35.909 AVAST engine defs: 12091400
00:29:16.029 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:29:16.029 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
00:29:16.059 Disk 0 MBR read successfully
00:29:16.059 Disk 0 MBR scan
00:29:16.069 Disk 0 unknown MBR code
00:29:16.079 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:29:16.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462737 MB offset 409600
00:29:16.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13899 MB offset 948094976
00:29:16.179 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:29:16.279 Disk 0 scanning C:\Windows\system32\drivers
00:29:40.463 Service scanning
00:30:11.537 Modules scanning
00:30:11.567 Disk 0 trace - called modules:
00:30:11.917 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:30:11.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004666060]
00:30:11.947 3 CLASSPNP.SYS[fffff8800105d43f] -> nt!IofCallDriver -> [0xfffffa8004665890]
00:30:11.957 5 hpdskflt.sys[fffff88002383189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800452a060]
00:30:17.897 AVAST engine scan C:\Windows
00:30:53.863 AVAST engine scan C:\Windows\system32
00:40:15.284 AVAST engine scan C:\Windows\system32\drivers
00:42:08.934 AVAST engine scan C:\Users\Removed
00:49:19.240 AVAST engine scan C:\ProgramData
00:50:22.644 Scan finished successfully
00:57:41.141 Disk 0 MBR has been saved successfully to "C:\Users\Removed\Desktop\MBR.dat"
00:57:41.141 The log file has been saved successfully to "C:\Users\Removed\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 00:25:11
-----------------------------
00:25:11.195 OS Version: Windows x64 6.1.7601 Service Pack 1
00:25:11.195 Number of processors: 2 586 0x602
00:25:11.195 ComputerName: Removed UserName:
00:25:14.487 Initialize success
00:26:35.909 AVAST engine defs: 12091400
00:29:16.029 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:29:16.029 Disk 0 Vendor: ST9500420AS 0006HPM1 Size: 476940MB BusType: 11
00:29:16.059 Disk 0 MBR read successfully
00:29:16.059 Disk 0 MBR scan
00:29:16.069 Disk 0 unknown MBR code
00:29:16.079 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
00:29:16.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 462737 MB offset 409600
00:29:16.139 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13899 MB offset 948094976
00:29:16.179 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
00:29:16.279 Disk 0 scanning C:\Windows\system32\drivers
00:29:40.463 Service scanning
00:30:11.537 Modules scanning
00:30:11.567 Disk 0 trace - called modules:
00:30:11.917 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
00:30:11.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004666060]
00:30:11.947 3 CLASSPNP.SYS[fffff8800105d43f] -> nt!IofCallDriver -> [0xfffffa8004665890]
00:30:11.957 5 hpdskflt.sys[fffff88002383189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800452a060]
00:30:17.897 AVAST engine scan C:\Windows
00:30:53.863 AVAST engine scan C:\Windows\system32
00:40:15.284 AVAST engine scan C:\Windows\system32\drivers
00:42:08.934 AVAST engine scan C:\Users\Removed
00:49:19.240 AVAST engine scan C:\ProgramData
00:50:22.644 Scan finished successfully
00:57:41.141 Disk 0 MBR has been saved successfully to "C:\Users\Removed\Desktop\MBR.dat"
00:57:41.141 The log file has been saved successfully to "C:\Users\Removed\Desktop\aswMBR.txt"
00:58:00.585 Verifying
00:58:10.605 Disk 0 Windows 601 MBR fixed successfully
00:58:25.567 Disk 0 MBR has been saved successfully to "C:\Users\Removed\Desktop\MBR.dat"
00:58:25.567 The log file has been saved successfully to "C:\Users\Removed\Desktop\aswMBR.txt"
ComboFix 12-09-16.01 - Removed 18/09/2012 1:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4092.1842 [GMT 1:00]
Running from: c:\users\Removed\AppData\Local\Opera\Opera\temporary_downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\SET6E5B.tmp
c:\windows\SysWow64\SETB95F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 00:10 . 2012-09-18 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-17 14:18 . 2012-09-17 14:18 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-17 14:15 . 2012-09-17 14:15 -------- d-----w- c:\programdata\McAfee
2012-09-16 14:28 . 2012-09-16 14:28 -------- d-----w- c:\users\Removed\AppData\Roaming\SUPERAntiSpyware.com
2012-09-16 14:28 . 2012-09-16 14:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-16 14:28 . 2012-09-16 14:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-16 14:22 . 2012-09-16 14:22 -------- d-----w- c:\program files (x86)\Trend Micro
2012-09-16 11:16 . 2012-09-16 11:16 -------- d-----w- c:\users\Removed\AppData\Roaming\Malwarebytes
2012-09-16 11:16 . 2012-09-16 11:16 -------- d-----w- c:\programdata\Malwarebytes
2012-09-16 11:16 . 2012-09-16 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-16 11:16 . 2012-09-07 16:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 21:30 . 2012-09-14 21:30 -------- d-----w- c:\program files (x86)\GameSpy Arcade
2012-09-14 16:30 . 2012-09-14 16:30 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-09-09 18:12 . 2012-09-09 18:12 -------- d-----w- C:\Games
2012-09-09 18:11 . 2012-09-09 18:13 -------- d-----w- c:\program files\red alert 2
2012-09-04 11:49 . 2012-09-04 11:49 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-09-01 20:27 . 2012-09-01 20:27 -------- d-----w- c:\programdata\Battle.net
2012-08-27 12:24 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 01:30 . 2011-09-18 02:42 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-14 22:00 . 2011-07-02 19:54 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-09-14 22:00 . 2009-07-13 23:19 680448 ----a-w- c:\windows\system32\adtschema.dll
2012-09-13 17:44 . 2011-12-11 15:33 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-09-13 17:44 . 2011-12-11 15:33 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-28 19:24 . 2012-08-15 17:32 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 19:24 . 2011-07-08 07:20 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-09 23:11 . 2012-08-09 23:11 30 ----a-w- c:\windows\system32\tkkc.bat
2012-07-18 18:15 . 2012-08-15 22:57 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 22:57 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 22:57 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 22:57 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 22:57 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-16_22.27.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-17 13:02 . 2012-09-17 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-16 00:17 . 2012-09-16 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-16 00:17 . 2012-09-16 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-17 13:02 . 2012-09-17 13:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-15 17:32 . 2012-08-15 17:32 157680 c:\windows\SysWOW64\javaws.exe
+ 2012-09-17 14:17 . 2012-08-28 19:10 157680 c:\windows\SysWOW64\javaws.exe
+ 2012-09-17 14:17 . 2012-08-28 19:10 149488 c:\windows\SysWOW64\javaw.exe
- 2012-08-15 17:32 . 2012-08-15 17:32 149488 c:\windows\SysWOW64\javaw.exe
+ 2012-09-17 14:17 . 2012-08-28 19:09 149488 c:\windows\SysWOW64\java.exe
- 2012-08-15 17:32 . 2012-08-15 17:32 149488 c:\windows\SysWOW64\java.exe
- 2009-07-14 02:36 . 2012-09-16 11:16 730952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-17 20:20 730952 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-17 20:20 150746 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-09-16 11:16 150746 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-09-17 13:01 372400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-09-16 00:03 372400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-08 00:42 . 2012-09-16 23:14 2727248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-09-17 17:59 . 2012-09-17 17:59 5096448 c:\windows\Installer\1103606.msi
- 2011-06-25 20:26 . 2012-09-16 00:04 28258640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380760752-479500143-2808968161-1000-12288.dat
+ 2011-06-25 20:26 . 2012-09-17 13:01 28258640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-380760752-479500143-2808968161-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 0]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
.
c:\users\Removed\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-9-17 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 ccosm;Contrl Center of Storm Media;\JHV-PC-8GIGRAM\Downloads\StormII\stormliv.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 135664]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;c:\windows\System32\FreeOTFECypherBlowfish.sys [2010-02-07 27760]
R3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;c:\windows\System32\FreeOTFECypherCAST5.sys [2010-02-07 34928]
R3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;c:\windows\System32\FreeOTFECypherCAST6_Gladman.sys [2010-02-07 34928]
R3 FreeOTFECypherDES;FreeOTFECypherDES;c:\windows\System32\FreeOTFECypherDES.sys [2010-02-07 60016]
R3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;c:\windows\System32\FreeOTFECypherMARS_Gladman.sys [2010-02-07 30832]
R3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;c:\windows\System32\FreeOTFECypherRC6_ltc.sys [2010-02-07 29296]
R3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;c:\windows\System32\FreeOTFECypherSerpent_Gladman.sys [2010-02-07 35952]
R3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;c:\windows\System32\FreeOTFECypherTwofish_ltc.sys [2010-02-07 35440]
R3 FreeOTFEHashMD;FreeOTFEHashMD;c:\windows\System32\FreeOTFEHashMD.sys [2010-02-07 22640]
R3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\System32\FreeOTFEHashRIPEMD.sys [2010-02-07 38512]
R3 FreeOTFEHashTiger;FreeOTFEHashTiger;c:\windows\System32\FreeOTFEHashTiger.sys [2010-02-07 26224]
R3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;c:\windows\System32\FreeOTFEHashWhirlpool.sys [2010-02-07 34928]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-17 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2010-01-28 38368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-13 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2010-01-04 90352]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-03-16 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-01-07 304720]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-03-01 41552]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-04-04 377936]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-06-30 254528]
S1 FreeOTFE;FreeOTFE;c:\windows\System32\FreeOTFE.sys [2010-02-07 38512]
S1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\System32\FreeOTFECypherAES_ltc.sys [2010-02-07 50800]
S1 FreeOTFEHashSHA;FreeOTFEHashSHA;c:\windows\System32\FreeOTFEHashSHA.sys [2010-02-07 29296]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [2010-05-21 329168]
S2 Neurotechnology;Neurotechnology;c:\program files (x86)\VirtualDub-1.9.11 with DShowInputDriver\plugins\Activation\pg.exe [2011-08-04 230720]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-01-28 294880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 118864]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 29264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 21:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 20:09]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-05 20:09]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\users\Removed\AppData\Roaming\Mozilla\Firefox\Profiles\rda0e265.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.co.uk/#hl=en&output=search&sclient=psy-ab&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d9,70,84,23,48,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Setup"="EXPIRED"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-18 01:12:36
ComboFix-quarantined-files.txt 2012-09-18 00:12
ComboFix2.txt 2012-09-17 23:14
.
Pre-Run: 182,797,524,992 bytes free
Post-Run: 182,635,413,504 bytes free
.
- - End Of File - - 8008A5AC4848D62013CDC8BC94FDC037