Technics

December 7, 2012

Thankyou very much for all your help! Very much appreciated.

December 5, 2012

The scan came back all clear. I was unable to locate the view log option. This is the message I got after the scan.

Good news! We found no active infections on your PC

Keep it clean with Bitdefender Internet Security 2013!

December 4, 2012

Sorry abuot the tags not sure what happenned there.

December 4, 2012

<p>Hi, the system seems to be running normal.</p>

<p>Nothing was detected with the MS Safety scanner running a full scan.</p>

<div>McAfee® Labs Stinger Version 10.2.0.903 built on Dec 3 2012</div>

<div>Virus data file v1000.0000 created on Dec 3 2012.</div>

<div>Ready to scan for 5971 viruses, trojans and variants.</div>

<div>Scan initiated on Tue Dec 04 10:09:18 2012</div>

<div>Rootkit scan result : Not Scanned </div>

<div> Master Boot Record(s):....1</div>

<div> Possibly Infected:.............0</div>

<div> Boot Sector(s):.................1</div>

<div> Possibly Infected: ............0</div>

<div> Number of clean files: 20235</div>

December 3, 2012

The system seems ok.

ComboFix 12-12-01.02 - Rybicki 03/12/2012 12:31:11.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2012.1184 [GMT 8:00]

Running from: c:\users\Rybicki\Desktop\ComboFix.exe

Command switches used :: c:\users\Rybicki\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Rybicki\AppData\Local\{7B977AAD-6363-4B96-9B7B-B7B450C6F185}

.

((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))

.

2012-12-03 04:38 . 2012-12-03 04:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-02 04:46 . 2012-12-02 04:46 -------- d-----w- c:\users\Rybicki\AppData\Local\Trend Micro

2012-12-02 04:44 . 2012-12-02 05:07 -------- d-----w- c:\programdata\Ad-Aware Antivirus

2012-12-02 04:43 . 2012-12-02 04:43 -------- d-----w- c:\users\Rybicki\AppData\Roaming\LavasoftStatistics

2012-12-02 04:37 . 2012-12-02 14:35 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2012-12-02 04:36 . 2012-12-02 04:36 -------- d-----w- c:\users\Rybicki\AppData\Local\Downloaded Installations

2012-12-02 04:36 . 2012-12-02 04:36 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-12-02 04:36 . 2012-09-19 21:40 47496 ----a-w- c:\windows\system32\sbbd.exe

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\programdata\blekko toolbars

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\users\Rybicki\AppData\Local\adawarebp

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\program files (x86)\adawaretb

2012-12-02 04:35 . 2012-12-02 04:35 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2012-12-02 04:34 . 2012-12-03 04:26 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ad-Aware Antivirus

2012-12-01 14:47 . 2012-12-01 14:47 -------- d-----w- c:\program files (x86)\ERUNT

2012-11-28 13:47 . 2012-12-01 09:48 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Pueny

2012-11-28 13:47 . 2012-11-29 00:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ifweug

2012-11-28 13:47 . 2012-11-28 13:47 -------- d-----w- c:\users\Rybicki\AppData\Roaming\Ilebm

2012-11-23 11:16 . 2012-11-23 11:16 -------- d-----w- c:\users\Rybicki\AppData\Roaming\puush

2012-11-23 11:16 . 2012-11-23 11:17 -------- d-----w- c:\program files (x86)\puush

2012-11-16 19:09 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-16 19:09 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-16 19:09 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-16 19:09 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-16 02:41 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-11-16 02:41 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll

2012-11-16 02:41 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-03 04:15 . 2010-07-12 09:00 25640 ----a-w- c:\windows\gdrv.sys

2012-10-16 21:20 . 2012-11-28 00:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 21:20 . 2012-11-28 00:50 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 20:34 . 2012-11-28 00:50 559104 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-06 12:42 . 2012-08-08 05:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-06 12:42 . 2012-08-08 05:27 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-29 11:54 . 2012-08-03 11:01 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-28 05:16 . 2012-09-28 05:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-28 05:15 . 2012-07-01 05:38 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-28 05:15 . 2010-07-29 07:32 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-19 21:40 . 2012-09-19 21:40 47496 ----a-w- c:\windows\SysWow64\sbbd.exe

2012-09-14 19:23 . 2012-10-10 14:40 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-14 18:30 . 2012-10-10 14:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-09-12 12:19 . 2012-09-12 12:19 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys

.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Ifweug ----

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Ilebm ----

.

2010-10-20 19:08 . 2012-11-28 13:48 399066 ----a-w- c:\users\Rybicki\AppData\Roaming\Ilebm\olwet.vuu

.

---- Directory of c:\users\Rybicki\AppData\Roaming\Pueny ----

.

---- Directory of c:\users\Rybicki\AppData\Roaming\puush ----

.

2012-11-23 11:16 . 2012-12-03 04:16 646 ----a-w- c:\users\Rybicki\AppData\Roaming\puush\puush.ini

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mega Manager"="c:\program files (x86)\Megaupload\Mega Manager\MegaManager.exe" [2011-07-29 2113536]

"c:\users\Rybicki\Downloads\LivestreamProcaster.exe"="c:\users\Rybicki\Downloads\LivestreamProcaster.exe" [2012-09-09 18199256]

"puush"="c:\program files (x86)\puush\puush.exe" [2012-11-23 565480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]

"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]

"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2008-10-01 548864]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-19 3677000]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-01-06 35840]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-02 14456]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-11-21 1236368]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]

S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-05-17 308592]

S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2012-09-12 82872]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [2009-06-29 411136]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 07:35]

.

2012-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000Core.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

2012-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2800316101-1893281304-1120784185-1000UA.job

- c:\users\Rybicki\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 03:10]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-05-07 2042368]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Rybicki\AppData\Roaming\Mozilla\Firefox\Profiles\h6zd0hbl.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\07\05\1d\07\06\1b?"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-03 12:40:30

ComboFix-quarantined-files.txt 2012-12-03 04:40

ComboFix2.txt 2012-12-02 03:59

.

Pre-Run: 405,921,566,720 bytes free

Post-Run: 405,901,275,136 bytes free

.

- - End Of File - - 60E13FE01D4B1C4DA5F643F352C789A5

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.03.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Rybicki :: Rybicki-PC [administrator]

3/12/2012 12:47:06 PM

mbam-log-2012-12-03 (12-47-06).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 421485

Time elapsed: 51 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

December 2, 2012

The system seems fine to me. The second registry entry that I checked to delete hasn't shown up on the report though.

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Rybicki [Admin rights]

Mode : Remove -- Date : 12/02/2012 11:30:29

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> NOT SELECTED

[RUN][sUSP PATH] HKCU\[...]\Run : Upyqpai (C:\Users\Rybicki\AppData\Roaming\Pueny\giam.exe) -> DELETED

[RUN][sUSP PATH] HKUS\S-1-5-21-2800316101-1893281304-1120784185-1000[...]\Run : EPSON NX430 TX435 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBP.EXE /FU "C:\Users\Rybicki\AppData\Local\Temp\E_S7E2.tmp" /EF "HKCU") -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500418AS ATA Device +++++

--- User ---

[MBR] 7effd017c166444088654c548abfb39c

[bSP] 3d7eda69ce55cc718d167f25dfdb61ad : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_12022012_02d1130.txt >>

RKreport[1]_S_12022012_02d1127.txt ; RKreport[2]_D_12022012_02d1130.txt

--------------------------------------------------------------------------------------------------------------------------

ComboFix 12-12-01.02 - Rybicki 02/12/2012 11:47:43.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.2012.990 [GMT 8:00]

Running from: c:\users\Rybicki\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))

.

2012-12-02 03:55 . 2012-12-02 03:55 -------- d-----w- c:\users\Default\AppData\Local\temp