ComboFix 11-12-22.03 - Administrator 12/22/2011   9:32.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2039.1373 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((   Files Created from 2011-11-22 to 2011-12-22  )))))))))))))))))))))))))))))))
.
.
2011-12-21 21:43 . 2011-12-21 21:43	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-12-21 21:42 . 2011-12-21 21:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-21 21:42 . 2011-12-21 21:43	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-21 21:42 . 2011-09-01 01:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-15 16:42 . 2011-12-15 16:42	--------	d-----w-	c:\program files\Common Files\xing shared
2011-12-14 15:08 . 2011-12-14 15:08	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RoboForm
2011-12-13 07:12 . 2011-12-13 07:12	388096	----a-r-	c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-13 07:12 . 2011-12-13 07:12	--------	d-----w-	c:\program files\Trend Micro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-15 16:41 . 2007-10-27 19:48	499712	----a-w-	c:\windows\system32\msvcp71.dll
2011-12-15 16:41 . 2007-10-27 19:48	348160	----a-w-	c:\windows\system32\msvcr71.dll
2011-11-30 04:30 . 2011-09-20 14:50	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 18:01 . 2010-06-29 05:51	41184	----a-w-	c:\windows\avastSS.scr
2011-11-28 18:01 . 2007-10-28 00:34	199816	----a-w-	c:\windows\system32\aswBoot.exe
2011-11-28 17:54 . 2010-08-30 17:36	111320	----a-w-	c:\windows\system32\drivers\aswFW.sys
2011-11-28 17:53 . 2010-08-30 17:36	435032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-04-02 16:34	314456	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:53 . 2010-08-30 17:35	195416	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2011-11-28 17:52 . 2007-10-28 00:35	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2007-10-28 00:35	52952	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2007-10-28 00:34	111320	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2007-10-28 00:34	105176	----a-w-	c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2008-04-02 16:34	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2007-10-28 00:35	30808	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2011-11-23 13:25 . 2001-08-23 12:00	1859584	----a-w-	c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2001-08-23 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2001-08-23 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2001-08-23 12:00	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2007-10-27 19:10	385024	------w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2001-08-23 12:00	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2001-08-23 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2001-08-23 12:00	2148864	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2001-08-17 13:48	2027008	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2007-10-27 19:10	186880	------w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2007-10-27 18:43	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-10-03 12:06 . 2010-04-22 14:50	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-10-03 09:37 . 2008-10-13 22:02	73728	----a-w-	c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2001-08-23 12:00	599040	----a-w-	c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-30 02:59	611328	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2001-08-23 12:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2001-08-23 12:00	20480	----a-w-	c:\windows\system32\oleaccrc.dll
2010-09-04 15:18 . 2010-09-04 15:18	463699	----a-w-	c:\program files\Setup.exe
2008-09-07 23:55 . 2008-09-07 23:55	207872	-c--a-w-	c:\program files\ZonedOut.exe
2004-03-11 20:27 . 2007-10-28 17:30	40960	-c----w-	c:\program files\Uninstall_CDS.exe
2011-12-14 15:04 . 2011-12-14 15:05	1692144	----a-w-	c:\program files\opera\program\plugins\rf-np-plugin.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-22_00.36.16   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-22 17:26 . 2011-12-22 17:26	16384              c:\windows\Temp\Perflib_Perfdata_adc.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Free_Traffic_Bar\prxtbFre0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0ed0633c-a54d-47f1-94e7-5bded41ae674}"= "c:\program files\Free_Traffic_Bar\prxtbFre0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0ED0633C-A54D-47F1-94E7-5BDED41AE674}"= "c:\program files\Free_Traffic_Bar\prxtbFre0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2011-12-14 107000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
"MULTIMEDIA KEYBOARD"="c:\program files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2001-10-24 147456]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-30 18082304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-15 296056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
OnlyWire.LNK - c:\program files\OnlyWire\OnlyWireWindows.exe [2010-6-23 622504]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IBP]
2008-04-14 00:12	1695232	--sh--w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-04-06 17:36	1298542	------w-	c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSRS]
2009-05-26 01:31	733188	------w-	c:\program files\NCH Swift Sound\MSRS\msrs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pareto_Update]
2009-01-13 14:59	189808	------w-	c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\VoissAssistant.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\IBP 11\\IBP.exe"=
"c:\\Program Files\\SubmitEaze\\j2re1.6\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\web server extensions\\50\\bin\\TCPTEST.EXE"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\NotePage\\FeedForAll\\FeedForAll.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\OnlyWire\\OnlyWireWindows.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Yahtzee.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"83:TCP"= 83:TCP:Web Dictate Web Server
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [8/30/2010 9:35 AM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [8/30/2010 9:35 AM 195416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [8/30/2010 9:36 AM 111320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/30/2010 9:36 AM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/2/2008 8:34 AM 314456]
R1 msikbd2k;Multimedia Keyboard Filter Driver;c:\windows\system32\drivers\Msikbd2k.sys [12/18/2007 2:40 PM 6656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2008 8:34 AM 20568]
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [8/30/2010 9:35 AM 127192]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/21/2011 1:43 PM 366152]
R2 MSRSService;MSRS Recording System;c:\program files\NCH Swift Sound\MSRS\msrs.exe [5/25/2009 5:31 PM 733188]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/25/2007 7:16 PM 113896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/21/2011 1:42 PM 22216]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 7:31 AM 136176]
S2 ISD;Intel(r) 82802 Firmware Hub Device (Intel(r) Security Driver);c:\windows\system32\DRIVERS\ISECDRV.SYS --> c:\windows\system32\DRIVERS\ISECDRV.SYS [?]
S2 nhksrv;Netropa NHK Server;c:\program files\Netropa\Multimedia Keyboard\nhksrv.exe [12/18/2007 2:40 PM 28672]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/20/2011 7:31 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-07-27 22:24]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 15:31]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-20 15:31]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-115176313-682003330-500Core1cc06789b3ca7ac.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:28]
.
2011-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-115176313-682003330-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-01 18:28]
.
2011-12-22 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2011-12-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
2011-12-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1482476501-115176313-682003330-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2011-12-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1482476501-115176313-682003330-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-30 00:02]
.
2011-12-22 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-12-22 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-12-22 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2011-12-22 c:\windows\Tasks\User_Feed_Synchronization-{B3373D59-21A2-40B0-B7E0-6FE630ED01A1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Trusted Zone: istockphoto.com\secure
TCP: DhcpNameServer = 192.168.0.1
DPF: {0DA69429-A757-4D6F-A827-DB1AF052DDAF} - hxxps://mytbb.primus.ca/webportal/plugins/VA.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-22 09:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1482476501-115176313-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,df,18,6c,d3,2f,a1,43,ba,f1,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,10,09,11,01,df,23,4b,9a,99,41,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,10,df,18,6c,d3,2f,a1,43,ba,f1,40,\
.
[HKEY_USERS\S-1-5-21-1482476501-115176313-682003330-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1482476501-115176313-682003330-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85CB1A53-9CF4-F38D-19CD-083ABD857E81}*]
"dajbemij"=hex:64,62,6b,64,62,6a,64,62,61,6d,65,67,6e,64,6a,6f,6c,67,67,6c,69,
   6a,6b,63,67,6a,70,6e,66,66,64,6a,6e,63,6e,63,69,6b,6e,68,00,00
"iagdhegancddcabdkc"=hex:69,61,6d,6d,6b,68,62,63,6e,62,61,6f,6c,6e,64,68,6b,67,
   00,00
"haadbiedlmnodjdg"=hex:6a,61,63,6e,63,68,65,65,6e,66,69,64,6e,62,67,63,67,69,
   65,63,00,1b
"eaoahldiih"=hex:66,61,69,61,65,70,68,66,6e,61,61,66,00,fc
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{6D0C447E-484F-F7CA-50C2-03626B394D20}\InProcServer32*]
"jaimklekancmiphiaaop"=hex:6a,61,67,70,67,6d,6c,67,61,6d,67,6d,67,65,70,67,6c,
   6c,63,6f,00,00
"iaimamggedkglmdnaj"=hex:6a,61,67,70,61,6d,6e,65,6d,6b,66,62,6c,64,6b,6e,6e,69,
   6b,66,00,9c
"faimklpkcnpa"=hex:66,61,6b,6d,6e,66,6c,6f,6d,68,61,6f,00,ff
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,e7,d8,8e,bb,0b,42,4f,a8,a1,9c,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,e7,d8,8e,bb,0b,42,4f,a8,a1,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3348)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-22  09:56:39
ComboFix-quarantined-files.txt  2011-12-22 17:56
ComboFix2.txt  2011-12-22 00:42
.
Pre-Run: 29,316,177,920 bytes free
Post-Run: 29,300,113,408 bytes free
.
- - End Of File - - A0EC5347B762DB9109DDA0944AA1F4EA