ComboFix 12-04-17.01 - user 04/18/2012  20:10:14.5.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.2013.1112 [GMT 10:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: Online Armor Firewall *Enabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-03-18 to 2012-04-18  )))))))))))))))))))))))))))))))
.
.
2012-04-18 10:23 . 2012-04-18 10:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-18 09:58 . 2012-04-18 09:54	74752	----a-w-	c:\windows\system32\drivers\tdx.sys
2012-04-18 09:27 . 2012-04-18 09:37	--------	d-----w-	c:\program files\7 Quick Fix
2012-04-18 09:26 . 2012-04-18 09:26	--------	d-----w-	c:\program files\Webroot
2012-04-15 04:55 . 2012-03-07 01:01	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-04-15 04:55 . 2012-03-07 01:03	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-04-15 04:55 . 2012-03-07 01:02	44376	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-04-15 04:55 . 2012-03-07 01:01	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-04-15 04:55 . 2012-03-07 01:03	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-04-15 04:55 . 2012-03-07 01:01	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-04-15 04:54 . 2012-03-07 01:15	41184	----a-w-	c:\windows\avastSS.scr
2012-04-15 04:54 . 2012-03-07 01:15	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-04-15 04:54 . 2012-04-15 04:54	--------	d-----w-	c:\programdata\AVAST Software
2012-04-15 04:54 . 2012-04-15 04:54	--------	d-----w-	c:\program files\AVAST Software
2012-04-15 04:52 . 2012-04-15 04:56	--------	d-----w-	c:\program files\SpywareGuard
2012-04-15 04:50 . 2012-04-15 04:50	--------	d-----w-	c:\program files\SpywareBlaster
2012-04-15 03:12 . 2012-04-15 03:48	--------	d-----w-	c:\programdata\OnlineArmor
2012-04-15 03:12 . 2012-04-15 03:12	--------	d-----w-	c:\users\user\AppData\Roaming\OnlineArmor
2012-04-15 03:10 . 2012-02-10 04:33	42152	----a-w-	c:\windows\system32\drivers\oahlp32.sys
2012-04-15 03:10 . 2012-02-10 04:33	29312	----a-w-	c:\windows\system32\drivers\OAnet.sys
2012-04-15 03:10 . 2012-02-10 04:33	25192	----a-w-	c:\windows\system32\drivers\OAmon.sys
2012-04-15 03:10 . 2012-02-10 04:33	205864	----a-w-	c:\windows\system32\drivers\OADriver.sys
2012-04-15 03:10 . 2012-04-15 13:07	--------	d-----w-	c:\program files\Online Armor
2012-04-14 22:01 . 2012-04-14 22:01	--------	d-----w-	C:\_OTL
2012-04-14 11:44 . 2012-04-14 11:44	2	--shatr-	c:\windows\winstart.bat
2012-04-14 11:44 . 2012-04-14 11:54	--------	d-----w-	c:\program files\UnHackMe
2012-04-14 11:29 . 2012-04-14 11:58	--------	d-----w-	c:\program files\Common Files\PC Tools
2012-04-14 11:28 . 2012-04-14 11:28	--------	d-----w-	c:\users\user\AppData\Roaming\TestApp
2012-04-14 11:28 . 2012-04-14 11:28	--------	d-----w-	c:\programdata\PC Tools
2012-04-14 10:39 . 2012-04-14 10:39	335504	----a-w-	c:\windows\system32\drivers\TrufosAlt.sys
2012-04-14 07:39 . 2012-04-14 07:39	--------	d-----w-	c:\program files\ESET
2012-04-14 07:04 . 2012-04-14 07:04	--------	d-----w-	C:\_OTM
2012-04-14 04:18 . 2012-04-14 04:18	--------	d-----w-	c:\program files\Common Files\Java
2012-04-14 04:17 . 2012-04-14 04:17	--------	d-----w-	c:\program files\Oracle
2012-04-14 03:27 . 2012-04-14 03:33	--------	d-----w-	c:\programdata\RegAce
2012-04-14 02:57 . 2012-04-14 02:57	--------	d-----w-	c:\program files\HitmanPro
2012-04-12 00:30 . 2012-04-12 00:30	--------	d-----w-	c:\users\user\AppData\Local\YoYo_Games_Ltd
2012-04-12 00:30 . 2012-04-12 00:30	--------	d-----w-	c:\users\user\AppData\Local\GameMaker8.1
2012-04-12 00:29 . 2012-04-12 00:30	--------	d-----w-	c:\users\user\AppData\Roaming\GameMaker
2012-04-12 00:29 . 2012-04-12 00:29	--------	d-----w-	c:\users\user\GameMaker 8.1
2012-04-11 17:01 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 17:01 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 17:01 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 17:01 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 17:00 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 17:00 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 06:17 . 2012-04-11 06:19	--------	d-----w-	c:\users\user\AppData\Local\Temporary Projects
2012-04-10 09:56 . 2012-04-18 10:23	--------	d-----w-	c:\users\user\AppData\Local\temp
2012-04-10 08:14 . 2012-04-10 08:22	--------	d-----w-	c:\programdata\HitmanPro
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53	182160	----a-w-	c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-22 21:12 . 2012-03-22 21:12	--------	d-----w-	c:\users\user\AppData\Roaming\Ovzius
2012-03-20 09:54 . 2012-03-20 09:54	--------	d-----w-	c:\program files\Microsoft Analysis Services
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 05:56 . 2010-11-29 00:12	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-25 16:09 . 2012-02-24 04:57	188128	----a-w-	c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
2012-02-22 19:39 . 2011-05-17 03:17	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-13 20:37	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 20:37	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 20:37	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-14 02:09 . 2012-02-14 02:09	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38 . 2012-03-14 17:57	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-02-08 06:03 . 2012-02-24 19:12	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{33CBE32D-9367-48C9-8A4D-D7A4713AF49A}\mpengine.dll
2012-02-03 03:54 . 2012-03-14 17:57	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-01-28 18:10 . 2010-11-28 08:06	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-25 05:32 . 2012-03-13 20:37	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 20:37	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 20:37	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2011-03-29 21:51 . 2011-03-29 21:51	104050688	----a-w-	c:\program files\Samsung New PC Studio.msi
2012-03-18 09:45 . 2011-11-03 22:04	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 01:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-21 7858720]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-17 421160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"apmwinapp"="c:\program files\Paragon Software\HFS+ for Windows  9.0\apmwinsrv.exe" [2011-10-03 65328]
"HFS Activator"="c:\program files\Paragon Software\HFS+ for Windows  9.0\activation\hfsactivator.exe" [2011-10-03 246064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"TrustDefenderWD"="c:\program files\TrustDefender\TrustDefender\TDWatchdog.exe" [2011-10-25 1790408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-02-10 2645440]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OE1FSC1SRjRCWi1GSEFUTy1WUlYzQS00NktZTi1ERU1CUg&inst=NzYtODk1OTEwODUwLVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMi1TUDErMS1TVUQrMS1TMUkrMS1TVTMrMS1UVUcrMy1ERFQrMjQwODgtRDM4MUwrNi1JMTArMS1TVDEwQVBQKzEtREQxMCsx&prod=94&ver=10.0.1415" [?]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-02-10 359352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-02-10 42152]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-02-10 25192]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-02-10 4369208]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-05-10 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 136176]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2011-10-03 163632]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-19 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-19 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-19 121856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1343400]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2011-10-03 42928]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2011-10-03 44464]
S0 mounthlp;Mounter helper driver for HFS volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2011-10-03 31792]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-02-10 205864]
S1 tdtdi;tdtdi;c:\windows\system32\drivers\tdtdi.sys [2012-01-19 50832]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2011-10-03 15152]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-02-10 208472]
S2 TrustDefender;TrustDefender;c:\program files\TrustDefender\TrustDefender\TrustDefender.exe [2011-10-25 1917384]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-09-04 54784]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-02-10 29312]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
HSFHWALI
AVWLP_USB
cfosspeed
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-11 07:55]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3565015860-2070285025-1218467848-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 05:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\o5dra2xo.default\
FF - prefs.js: browser.startup.homepage - hxxp://newcastle.edu.au/students/current/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60,
   bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6b,1f,dc,44,6d,f6,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,78,6e,3c,95,15,40,4b,94,9b,d8,\
.
[HKEY_USERS\S-1-5-21-3565015860-2070285025-1218467848-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{033577D1-7746-88E4-052B-2CF7610FB7EA}*]
"oalkoglghjiodemhjhaoekbmlfehbk"=hex:6b,61,6e,6e,6d,63,61,6b,69,61,66,64,61,6f,
   6b,6e,67,69,66,66,70,64,00,00
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3096)
c:\program files\SpywareGuard\spywareguard.dll
c:\windows\system32\MSVBVM60.DLL
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
c:\program files\WinRAR\rarext.dll
c:\program files\MagicISO\misosh.dll
c:\program files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
c:\program files\Nero\Nero 7\Nero CoverDesigner\CoverEdCtrl.ocx
.
Completion time: 2012-04-18  20:25:02
ComboFix-quarantined-files.txt  2012-04-18 10:25
ComboFix2.txt  2012-04-14 11:15
ComboFix3.txt  2012-04-14 03:22
.
Pre-Run: 123,572,822,016 bytes free
Post-Run: 123,268,890,624 bytes free
.
- - End Of File - - C67CBDB6972EDCDF9D2AB39470C06B76