redirects, adobe installer pop ups, and security shield malware installs

ComboFix 12-06-28.03 - Bre 07/29/2012  13:43:20.10.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.3031 [GMT -4:00]
Running from: c:\users\Bre\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\users\Bre\AppData\Local\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\users\Bre\AppData\Local\cxzegyct.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\L\201d3dde
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\n
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000004.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\00000008.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\000000cb.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000000.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000032.@
c:\windows\Installer\{604e7576-ec0d-7231-cc64-a8dfba4e3e1f}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected 
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy9_!Windows!System32!services.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-28 to 2012-07-29  )))))))))))))))))))))))))))))))
.
.
2012-07-29 17:49 . 2012-07-29 17:49     --------        d-----w-        c:\users\Public\AppData\Local\temp
2012-07-29 17:49 . 2012-07-29 17:49     --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-24 19:41 . 2012-07-24 19:41     955888  ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-07-24 19:41 . 2012-07-24 19:41     839152  ----a-w-        c:\windows\system32\deployJava1.dll
2012-07-24 19:41 . 2012-07-24 19:41     --------        d-----w-        c:\program files\Java
2012-07-23 00:42 . 2012-07-23 00:42     --------        d--h--r-        c:\users\Bre\AppData\Roaming\SecuROM
2012-07-23 00:39 . 2012-07-29 01:58     --------        d-----w-        c:\program files (x86)\Microsoft Games for Windows - LIVE
2012-07-23 00:39 . 2012-07-23 00:39     --------        d-----w-        c:\windows\SysWow64\xlive
2012-07-22 18:44 . 2012-07-29 01:02     --------        d-----w-        c:\program files (x86)\Rockstar Games
2012-07-21 23:18 . 2012-07-21 23:18     --------        d-----w-        c:\programdata\ManyCam
2012-07-21 23:17 . 2012-07-21 23:17     --------        d-----w-        c:\programdata\Ask
2012-07-21 01:47 . 2012-07-24 19:00     --------        d-----w-        C:\Temp
2012-07-21 01:47 . 2012-07-21 01:47     --------        d-----w-        c:\program files (x86)\Motorola
2012-07-20 08:48 . 2012-06-29 10:04     9133488 ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E6CCD709-95E5-45F7-90AE-2C731387D636}\mpengine.dll
2012-07-18 23:10 . 2012-07-18 23:13     --------        d-----w-        C:\FRST
2012-07-08 04:16 . 2012-07-08 04:16     --------        d-----w-        c:\users\Bre\AppData\Roaming\HideIPEasy
2012-07-08 04:16 . 2012-07-08 04:16     --------        d-----w-        c:\programdata\HideIPEasy
2012-07-08 04:15 . 2012-07-08 04:15     --------        d-----w-        c:\program files (x86)\Ask.com
2012-07-08 04:15 . 2012-07-08 04:15     --------        d-----w-        c:\users\Bre\AppData\Local\APN
2012-07-06 00:01 . 2012-07-06 00:01     --------        d-----w-        c:\users\Bre\AppData\Local\{B4F8B799-C6FD-11E1-8270-B8AC6F996F26}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:46 . 2012-04-25 22:50     24904   ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-24 21:45 . 2012-06-24 21:45     70344   ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 21:45 . 2012-06-24 21:45     426184  ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-31 16:25 . 2011-04-20 19:42     279656  ------w-        c:\windows\system32\MpSigStub.exe
2012-05-17 23:51 . 2012-05-17 23:51     283200  ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-05-17 22:50 . 2012-05-17 22:50     71680   ----a-w-        c:\windows\system32\frapsv64.dll
2012-05-17 22:50 . 2012-05-17 22:50     65536   ----a-w-        c:\windows\SysWow64\frapsvid.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . E38899074D4951D31B4040E994DD7C8D . 2870784 . . [6.1.7600.20910] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[7] 2011-02-26 . 0862495E0C825893DB75EF44FAEA8E93 . 2870272 . . [6.1.7600.16768] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-20 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[7] 2009-10-31 . B8EC4BD49CE8F6FC457721BFC210B67F . 2870272 . . [6.1.7600.20563] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[-] 2009-10-31 . D5A67267C4C3879E63E9BFBA991D823A . 2387456 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2009-10-31 . 9AAAEC8DAC27AA17B053E6352AD233AE . 2870272 . . [6.1.7600.16450] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[7] 2009-08-03 . 700073016DAC1C3D2E7E2CE4223334B6 . 2868224 . . [6.1.7600.20500] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[7] 2009-08-03 . F170B4A061C9E026437B193B4D571799 . 2868224 . . [6.1.7600.16404] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
.
(((((((((((((((((((((((((((((   SnapShot_2012-07-23_22.08.13   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-27 18:45 . 2010-04-27 18:45   72856              c:\windows\SysWOW64\xliveinstallhost.exe
+ 2012-07-29 04:03 . 2012-07-29 08:04   32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012072920120730\index.dat
- 2012-04-25 20:24 . 2012-07-23 21:01   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-04-25 20:24 . 2012-07-29 17:25   49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-22 16:06 . 2012-07-29 13:44   32768              c:\windows\SysWOW64\%APPDATA%\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-22 16:06 . 2012-07-23 13:23   32768              c:\windows\SysWOW64\%APPDATA%\Microsoft\Internet Explorer\UserData\index.dat
+ 2009-10-30 05:01 . 2012-07-24 19:02   55846              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-24 19:02   30738              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-20 19:48 . 2012-07-24 19:02   14790              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-520610219-17727062-633966983-1000_UserData.bin
- 2011-04-20 19:20 . 2012-07-23 00:39   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-07-24 16:16   16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-04-20 19:20 . 2012-07-24 16:16   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-20 19:20 . 2012-07-23 00:39   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 16:16   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-23 00:39   32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-29 00:38   94000              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-29 01:58 . 2012-07-29 01:58   76926              c:\windows\Installer\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}\GameForWindowsLiveDash.exe
+ 2011-09-19 10:39 . 2012-07-29 17:39   3266              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-09-19 10:39 . 2012-07-23 21:40   3266              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-23 22:04 . 2012-07-23 22:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 17:41 . 2012-07-29 17:41   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-29 17:41 . 2012-07-29 17:41   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-23 22:04 . 2012-07-23 22:04   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-27 18:45 . 2010-04-27 18:45   187544              c:\windows\SysWOW64\xliveinstall.dll
+ 2012-07-29 01:41 . 2012-07-29 17:25   163840              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-23 12:12 . 2012-07-23 21:32   262144              c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-06-23 12:12 . 2012-07-29 17:25   262144              c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:36 . 2012-07-23 21:45   660172              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 21:05   660172              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-23 21:45   121100              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-24 21:05   121100              c:\windows\system32\perfc009.dat
+ 2012-07-24 19:41 . 2012-07-24 19:41   268784              c:\windows\system32\javaws.exe
+ 2012-07-24 19:41 . 2012-07-24 19:41   189424              c:\windows\system32\javaw.exe
+ 2012-07-24 19:41 . 2012-07-24 19:41   188912              c:\windows\system32\java.exe
+ 2009-07-14 05:01 . 2012-07-29 17:39   509684              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-24 19:40 . 2012-07-24 19:40   891392              c:\windows\Installer\29ad14.msi
+ 2007-11-07 12:12 . 2007-11-07 12:12   232960              c:\windows\Installer\15e4ead4.msi
- 2009-07-14 04:54 . 2012-07-23 21:32   2539520              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-29 17:25   2539520              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-07-29 17:40   6355560              c:\windows\system32\FNTCACHE.DAT
- 2011-10-15 21:46 . 2012-07-23 21:40   1529032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-15 21:46 . 2012-07-24 18:54   1529032              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-08 18:46 . 2011-04-08 18:46   3371008              c:\windows\Installer\161bf66d.msi
+ 2011-09-28 21:45 . 2011-09-28 21:45   13642888              c:\windows\SysWOW64\xlivefnt.dll
+ 2011-09-28 21:45 . 2011-09-28 21:45   15453832              c:\windows\SysWOW64\xlive.dll
+ 2009-07-14 04:54 . 2012-07-29 17:25   14057472              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-19 10:39 . 2012-07-29 17:39   27670972              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-520610219-17727062-633966983-1000-12288.dat
+ 2012-02-10 21:23 . 2012-02-10 21:23   21598208              c:\windows\Installer\161bf678.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33        1519304 ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-02-25 1770400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
.
c:\users\Bre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-10-9 0]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 102912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico [2011-9-18 29310]
VPro620.lnk - c:\windows\VPro620.exe [2011-9-28 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages       REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ConduitHelper"="c:\users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
"Gateway Photo Frame"="c:\program files (x86)\Gateway Photo Frame\ButtonMonitor.exe" -A
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
R2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-04-26 223088]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-06-30 35840]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-01-28 66728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 136176]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-09-19 16008]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys [2012-01-11 34304]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2011-04-04 21504]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-20 114608]
R3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-07-19 15360]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]
R3 SPC620;Philips SPC620NC PC Camera;c:\windows\system32\drivers\SPC620.sys [2007-09-28 581120]
R3 SPC620m;Philips SPC620NC PC Cameram;c:\windows\system32\drivers\SPC620m.sys [2007-09-28 8192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-17 283200]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt       REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-18 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-07-28 110360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=sx2800&r=173604117307p0358v115k49i15222
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Bre\AppData\Roaming\Mozilla\Firefox\Profiles\y7r4no5l.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-RunOnce-HideIPEasyunstall - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-520610219-17727062-633966983-1000\Software\SecuROM\License information*]
"datasecu"=hex:09,cf,65,35,52,57,ba,14,c0,48,fa,84,1d,2a,ca,43,37,60,39,a6,cb,
   23,78,f1,ba,97,f3,bf,83,b0,02,a6,d8,6e,8d,5e,16,c0,c2,aa,13,02,67,99,73,52,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-07-29  13:51:04
ComboFix-quarantined-files.txt  2012-07-29 17:51
ComboFix2.txt  2012-07-24 19:05
ComboFix3.txt  2012-07-23 22:12
ComboFix4.txt  2012-07-18 20:20
ComboFix5.txt  2012-07-29 17:42
.
Pre-Run: 131,277,897,728 bytes free
Post-Run: 131,071,291,392 bytes free
.
- - End Of File - - 28F70FACBA26905B59D40BACA80A15B5