Need help cant remove Rootkit.0Access from computer :(

ComboFix 12-06-28.03 - Amitabh 07/01/2012 13:11:13.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2575 [GMT -7:00]
Running from: c:\users\Amitabh\Desktop\ComboFix.exe
Command switches used :: c:\users\Amitabh\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\SysWOW64\services.exe --> c:\windows\System32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Shalabh\AppData\Local\temp
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 21:18 . 2012-07-01 21:18 -------- d-----w- c:\users\Alpana\AppData\Local\temp
2012-06-29 18:55 . 2012-06-29 18:55 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-29 18:27 . 2012-06-29 18:27 -------- d-----w- c:\users\Amitabh\AppData\Local\Activision
2012-06-26 00:35 . 2012-06-26 00:35 -------- d-----w- c:\users\Shalabh\AppData\Local\Activision
2012-06-25 00:45 . 2012-06-25 00:45 -------- d-----w- c:\users\Amitabh\AppData\Roaming\NVIDIA
2012-06-24 03:35 . 2012-06-24 20:08 -------- d-----w- C:\AdobeTemp
2012-06-23 14:29 . 2012-06-23 14:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 06:26 . 2012-06-21 06:26 -------- d-----w- c:\users\Shalabh\A8B9466986544126BD28D0D2412CDED6.TMP
2012-06-21 00:08 . 2012-06-28 07:37 -------- d-----w- c:\users\Shalabh\AppData\Local\ApplicationHistory
2012-06-21 00:07 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\SpellEx
2012-06-21 00:04 . 2012-06-21 00:04 -------- d-----w- c:\windows\SysWow64\URTTEMP
2012-06-20 23:38 . 2012-06-20 23:38 -------- d-----w- c:\program files\DIFX
2012-06-20 23:38 . 2009-09-03 23:30 128512 ----a-w- c:\windows\system32\drivers\tiehdusb.sys
2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\TI Education
2012-06-20 23:37 . 2012-06-21 00:07 -------- d-----w- c:\program files (x86)\Common Files\TI Shared
2012-06-19 16:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:15 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:15 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-19 16:15 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:15 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-19 16:15 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:15 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-19 16:15 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:15 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-19 16:15 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 16:15 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-06-13 21:36 . 2012-06-13 21:36 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 21:36 . 2012-06-13 21:36 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-03 21:24 . 2012-05-09 01:35 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-06-03 21:23 . 2010-11-27 01:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2012-06-03 20:41 . 2012-05-24 17:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-06-02 19:20 . 2012-06-02 19:20 -------- d-----w- c:\users\Shalabh\AppData\Roaming\IObit
2012-06-02 19:19 . 2012-06-02 19:19 -------- d-----w- c:\programdata\IObit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 02:14 . 2012-04-05 00:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 02:14 . 2011-05-15 13:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 10:48 . 2012-03-15 02:05 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-03-15 02:05 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2011-11-18 20:50 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2011-11-18 20:50 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2011-06-12 00:54 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2011-06-12 00:54 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2011-06-12 00:54 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2011-06-12 00:54 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2011-06-12 00:54 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 09:29 . 2011-06-12 00:57 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2011-06-12 00:57 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2011-06-12 00:57 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2011-06-12 00:57 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2011-06-12 00:57 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-04-18 17:08 . 2012-03-15 02:05 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-04-04 22:56 . 2009-06-16 00:15 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-30_22.29.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-18 02:19 . 2012-07-01 16:16 29582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1001_UserData.bin
- 2008-02-18 02:19 . 2012-06-30 17:17 29582 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1001_UserData.bin
- 2008-02-17 20:29 . 2012-06-30 13:16 22870 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1000_UserData.bin
+ 2008-02-17 20:29 . 2012-07-01 13:26 22870 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1317974818-1678399554-1570300057-1000_UserData.bin
+ 2012-07-01 16:14 . 2012-07-01 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-30 17:15 . 2012-06-30 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-30 17:15 . 2012-06-30 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-01 16:14 . 2012-07-01 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-12-04 18:05 . 2012-07-01 16:16 104704 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-07-01 16:16 206170 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-02-17 20:25 . 2012-06-30 17:15 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-02-17 20:25 . 2012-07-01 19:03 475136 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 09:16 . 2012-06-30 14:50 526600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-02-11 09:16 . 2012-07-01 14:47 526600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2008-02-17 20:25 . 2012-06-30 17:15 5144576 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-02-17 20:25 . 2012-07-01 19:03 5144576 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-09 04:02 . 2012-07-01 00:13 2385600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-05-09 04:02 . 2012-06-30 07:48 2385600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-11 06:32 . 2012-07-01 14:47 5027508 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1000-8192.dat
+ 2008-02-17 20:25 . 2012-07-01 19:03 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-02-17 20:25 . 2012-06-30 17:15 16187392 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-08 08:04 . 2012-07-01 07:22 63133672 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1001-8192.dat
+ 2011-10-31 07:55 . 2012-07-01 14:47 24284919 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1317974818-1678399554-1570300057-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTBFirstRun"="c:\program files (x86)\Hewlett-Packard\SDP\hprun.exe" [2007-07-19 20480]
"googletalk"="c:\users\Amitabh\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-09 65536]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-18 1484856]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 02:14]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000Core.job
- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1000UA.job
- c:\users\Amitabh\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-15 20:33]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001Core.job
- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1317974818-1678399554-1570300057-1001UA.job
- c:\users\Shalabh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Shalabh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-25 5430272]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: att.com
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.254
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Amitabh\AppData\Roaming\Mozilla\Firefox\Profiles\up9n5bpd.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\DVDPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-07-01 14:27:10
ComboFix-quarantined-files.txt 2012-07-01 21:27
ComboFix2.txt 2012-06-30 22:39
.
Pre-Run: 167,281,922,048 bytes free
Post-Run: 167,071,113,216 bytes free
.
- - End Of File - - F8788B3D96E30C3C9A61937CF07416E9

Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → RootKit fun Started by suite662, 08 Jan 2013 PUP.FunMoods, PUP.MyWebSearch and 8 more... 1 2	Hot 26 replies 1,646 views	Maurice Naggar 03 Feb 2013
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → a couple of trojans keep coming back Started by warrior6, 07 Jan 2013 trojan, Trojan.Clicker and 2 more...	6 replies 552 views	Maurice Naggar 19 Jan 2013
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → computer infected: Trojan.Dropper.BCMiner,Rootkit.0Access,Rootkit.0Access.64 Started by ken08, 08 Oct 2012 trojan.dropperBCminer and 1 more...	Hot 19 replies 1,346 views	Maurice Naggar 11 Oct 2012
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → Trojan.Agent, Trojan:DOS/Alureon.A, Virus Win64/Sirefef.A, Rootkit.0Access, Trojan.0Access Started by zia16sun, 07 Oct 2012 Trojan.Agent, Trojan.0Access and 3 more... 1 2 3	Hot 47 replies 5,466 views	Maurice Naggar 14 Oct 2012
Malware Removal Support → Malware Removal Help → Resolved HijackThis Logs → Sirefef and Rootkit.0Access Started by dj5400, 06 Oct 2012 Sirefef, Rootkit.0Access and 1 more...	Hot 18 replies 1,311 views	LDTate 14 Oct 2012

#21 MrCharlie

#22 wolfshalabh

#23 wolfshalabh

#24 MrCharlie

#25 wolfshalabh

#26 MrCharlie

#27 Maurice Naggar

Also tagged with one or more of these keywords: Rootkit.0Access

RootKit fun

a couple of trojans keep coming back

computer infected: Trojan.Dropper.BCMiner,Rootkit.0Access,Rootkit.0Access.64

Trojan.Agent, Trojan:DOS/Alureon.A, Virus Win64/Sirefef.A, Rootkit.0Access, Trojan.0Access

Sirefef and Rootkit.0Access

0 user(s) are reading this topic

Need help cant remove Rootkit.0Access from computer :(

Also tagged with one or more of these keywords: Rootkit.0Access

0 user(s) are reading this topic

Sign In