ComboFix 11-12-03.01 - Michael 12/03/2011  16:54:16.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.5885.3510 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
SP: McAfee VirusScan *Enabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll
c:\users\Michael\Documents\~WRL0001.tmp
c:\users\Michael\Documents\~WRL0002.tmp
c:\users\Michael\Documents\~WRL0003.tmp
c:\users\Michael\Documents\~WRL0057.tmp
c:\users\Michael\Documents\~WRL0142.tmp
c:\users\Michael\Documents\~WRL0521.tmp
c:\users\Michael\Documents\~WRL1191.tmp
c:\users\Michael\Documents\~WRL1201.tmp
c:\users\Michael\Documents\~WRL1640.tmp
c:\users\Michael\Documents\~WRL1973.tmp
c:\users\Michael\Documents\~WRL2130.tmp
c:\users\Michael\Documents\~WRL3907.tmp
c:\users\Michael\Documents\~WRL4058.tmp
c:\windows\iun6002.exe
c:\windows\System64
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-03 to 2011-12-03  )))))))))))))))))))))))))))))))
.
.
2011-12-03 22:09 . 2011-12-03 22:09	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\offreg.dll
2011-12-03 22:06 . 2011-12-03 22:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-03 03:38 . 2011-12-03 03:38	917840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{338E61FC-F13A-40F7-96DF-09A6B56EADA9}\gapaengine.dll
2011-12-03 03:38 . 2011-11-21 08:40	8822856	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E46FC314-9891-4F32-8AC8-96EE3B45163C}\mpengine.dll
2011-12-03 03:38 . 2010-10-19 20:51	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-12-01 20:09 . 2011-12-01 20:09	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2011-12-01 20:08 . 2011-12-01 20:09	--------	d-----w-	c:\program files\Microsoft Security Client
2011-12-01 20:08 . 2010-04-06 08:34	345984	----a-w-	c:\windows\system32\drivers\netio.sys
2011-11-09 21:13 . 2011-09-20 21:06	1423744	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:13 . 2011-09-20 14:04	40448	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-11-09 21:13 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 21:13 . 2011-10-17 11:41	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-09 21:12 . 2011-09-30 16:16	893440	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-09 21:12 . 2011-09-30 16:16	50688	----a-w-	c:\program files\Windows Mail\wabimp.dll
2011-11-09 21:12 . 2011-09-30 15:57	707584	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2011-11-06 17:02 . 2011-11-06 17:02	--------	d-----w-	c:\program files (x86)\Cisco
2011-11-06 16:56 . 2011-11-06 16:56	--------	d-----w-	c:\users\Michael\AppData\Roaming\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 22:09 . 2009-03-21 04:43	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2011-12-03 22:09 . 2009-09-06 13:58	58288	----a-w-	c:\windows\SysWow64\rpcnet.dll
2011-12-03 03:31 . 2009-03-21 04:45	17408	----a-w-	c:\windows\SysWow64\rpcnetp.dll
2011-12-03 03:30 . 2009-03-21 04:43	17408	----a-w-	c:\windows\SysWow64\rpcnetp.exe
2011-11-30 03:43 . 2011-08-17 21:16	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-23 04:52 . 2009-09-06 13:58	58288	------w-	c:\windows\SysWow64\rpcnet.exe
2011-10-03 09:06 . 2010-06-25 01:14	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-09-06 13:56 . 2011-10-13 00:36	2764288	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"="c:\program files (x86)\Dell Video Chat\DellVideoChat.exe" [2008-12-18 4823928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2008-11-10 95496]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-06-03 446635]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2008-11-10 19:16	140552	----a-w-	c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-21 18:32]
.
2011-05-01 c:\windows\Tasks\McQcTask.job
- c:\progra~2\mcafee\mqc\QcConsol.exe [2009-03-21 18:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-06-23 02:49	284208	----a-w-	c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-12 1657128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-01 15869984]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-01 82464]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-02-01 89120]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2008-09-26 2041112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-17 4119552]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-22 500208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"combofix"="c:\combofix\CF27733.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com?o=14196&l=dis
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Download with GetRight - c:\program files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with GetRight Browser - c:\program files (x86)\GetRight\GRbrowse.htm
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\n9tpb8rm.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-ares - c:\program files (x86)\Ares\Ares.exe
Wow6432Node-HKLM-Run-FAStartup - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Convert PowerPoint_is1 - c:\program files (x86)\Softinterface
AddRemove-EO_Video_1.3 - c:\windows\iun6002.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\McAfee\MSK\MskSrver.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~2\McAfee\MSC\mcmscsvc.exe
c:\progra~2\mcafee.com\agent\mcagent.exe
c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
c:\progra~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~2\mcafee\msc\mcuimgr.exe
c:\program files (x86)\Microsoft Office\Office12\WINWORD.EXE
.
**************************************************************************
.
Completion time: 2011-12-03  17:25:33 - machine was rebooted
ComboFix-quarantined-files.txt  2011-12-03 22:25
.
Pre-Run: 7,958,794,240 bytes free
Post-Run: 7,164,080,128 bytes free
.
- - End Of File - - 10932C25D65A0E0D01CAD650CFC371B9