ComboFix 14-09-18.01 - Idan 09/20/2014 2:52.3.4 - x64Microsoft Windows 7 Ult

1. ComboFix 14-09-18.01 - Idan 09/20/2014 2:52.3.4 - x64
2. Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1033.18.4063.3050 [GMT 3:00]
3. Running from: c:\users\Idan\Desktop\ComboFix.exe
4. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
5. .
6. .
7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
8. .
9. .
10. c:\users\Idan\AppData\Roaming\Origin
11. c:\users\Idan\AppData\Roaming\Origin\Cloud Saves\blacklist
12. c:\users\Idan\AppData\Roaming\Origin\local.xml
13. .
14. .
15. ((((((((((((((((((((((((( Files Created from 2014-08-20 to 2014-09-20 )))))))))))))))))))))))))))))))
16. .
17. .
18. 2014-09-20 00:06 . 2014-09-20 00:06 -------- d-----w- c:\users\Public\AppData\Local\temp
19. 2014-09-20 00:06 . 2014-09-20 00:06 -------- d-----w- c:\users\Default\AppData\Local\temp
20. 2014-09-19 23:43 . 2014-09-19 23:43 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F769969-3DB4-4F7D-94B4-23A667CD22B5}\offreg.dll
21. 2014-09-19 09:02 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F769969-3DB4-4F7D-94B4-23A667CD22B5}\mpengine.dll
22. 2014-09-13 16:49 . 2014-09-14 09:42 -------- d-----w- c:\users\Idan\AppData\Local\CrashDumps
23. 2014-09-12 18:08 . 2014-09-12 18:08 -------- d-----w- c:\program files (x86)\4KDownload
24. 2014-09-12 00:01 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
25. 2014-09-12 00:01 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
26. 2014-09-11 21:51 . 2014-09-11 21:52 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
27. 2014-09-11 21:51 . 2014-09-11 21:51 -------- d-----w- c:\programdata\RogueKiller
28. 2014-09-11 21:22 . 2014-09-11 21:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
29. 2014-09-11 21:22 . 2014-09-11 21:22 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
30. 2014-09-11 21:21 . 2014-09-11 21:21 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
31. 2014-09-11 06:04 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
32. 2014-09-11 06:04 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
33. 2014-09-11 06:03 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
34. 2014-09-11 06:03 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
35. 2014-09-11 06:02 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
36. 2014-09-11 06:02 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
37. 2014-09-11 06:02 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
38. 2014-09-11 06:02 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
39. 2014-09-11 06:02 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
40. 2014-09-11 06:02 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
41. 2014-09-11 06:02 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
42. 2014-09-07 09:34 . 2014-09-11 10:17 -------- d-----w- C:\FRST
43. 2014-09-05 22:08 . 2014-09-05 22:08 -------- d-----w- c:\users\Idan\AppData\Local\ESN
44. 2014-09-05 21:09 . 2014-09-05 22:24 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
45. 2014-09-04 21:13 . 2014-09-04 21:13 -------- d-----w- c:\windows\ERUNT
46. 2014-09-03 23:32 . 2010-08-30 05:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
47. 2014-08-29 18:10 . 2014-08-29 18:10 -------- d-----w- c:\program files\Speccy
48. 2014-08-28 08:30 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
49. 2014-08-28 08:30 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
50. 2014-08-28 08:30 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
51. .
52. .
53. .
54. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
55. .
56. 2014-09-12 00:01 . 2011-05-05 16:34 101694776 ----a-w- c:\windows\system32\MRT.exe
57. 2014-09-06 13:24 . 2011-03-28 16:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
58. 2014-09-05 22:17 . 2011-05-05 18:03 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
59. 2014-09-05 22:14 . 2011-05-05 18:03 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
60. 2014-09-05 21:08 . 2011-05-05 18:03 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
61. 2014-08-25 03:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
62. 2014-07-24 23:35 . 2014-07-24 23:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
63. 2014-07-24 20:47 . 2014-07-24 20:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
64. 2014-07-19 17:42 . 2014-07-19 17:42 319912 ----a-w- c:\windows\system32\javaws.exe
65. 2014-07-19 17:42 . 2014-07-19 17:42 189352 ----a-w- c:\windows\system32\javaw.exe
66. 2014-07-19 17:42 . 2014-07-19 17:42 189352 ----a-w- c:\windows\system32\java.exe
67. 2014-07-19 17:42 . 2014-07-19 17:42 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
68. 2014-07-16 03:23 . 2014-08-13 20:53 2048 ----a-w- c:\windows\system32\tzres.dll
69. 2014-07-16 02:46 . 2014-08-13 20:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll
70. 2014-07-14 02:02 . 2014-08-13 20:51 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
71. 2014-07-14 01:40 . 2014-08-13 20:51 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
72. 2014-07-13 09:18 . 2012-04-30 16:00 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
73. 2014-07-13 09:18 . 2011-05-20 15:51 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
74. 2014-07-09 02:03 . 2014-08-13 20:53 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
75. 2014-07-09 02:03 . 2014-08-13 20:53 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
76. 2014-07-09 02:03 . 2014-08-13 20:53 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
77. 2014-07-09 02:03 . 2014-08-13 20:53 6656 ----a-w- c:\windows\system32\KBDRU.DLL
78. 2014-07-09 02:03 . 2014-08-13 20:53 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
79. 2014-07-09 01:31 . 2014-08-13 20:53 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
80. 2014-07-09 01:31 . 2014-08-13 20:53 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
81. 2014-06-30 22:24 . 2014-08-14 00:03 8856 ----a-w- c:\windows\system32\icardres.dll
82. 2014-06-30 22:14 . 2014-08-14 00:03 8856 ----a-w- c:\windows\SysWow64\icardres.dll
83. 2014-06-25 02:05 . 2014-08-13 20:53 14175744 ----a-w- c:\windows\system32\shell32.dll
84. .
85. .
86. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
87. .
88. .
89. *Note* empty entries & legit default entries are not shown
90. REGEDIT4
91. .
92. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
93. "Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2014-06-23 585560]
94. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-07-08 152392]
95. .
96. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
97. "ConsentPromptBehaviorAdmin"= 0 (0x0)
98. "ConsentPromptBehaviorUser"= 3 (0x3)
99. "EnableLUA"= 0 (0x0)
100. "EnableUIADesktopToggle"= 0 (0x0)
101. "PromptOnSecureDesktop"= 0 (0x0)
102. .
103. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
104. R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
105. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
106. R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
107. R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
108. R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
109. R3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
110. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
111. R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
112. R3 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [x]
113. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
114. R3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\DRIVERS\AE2500w764.sys;c:\windows\SYSNATIVE\DRIVERS\AE2500w764.sys [x]
115. R3 mdareDriver_47;mdareDriver_47;c:\users\Idan\AppData\Local\Temp\FCPreScan\mdare64_47.sys;c:\users\Idan\AppData\Local\Temp\FCPreScan\mdare64_47.sys [x]
116. R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
117. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
118. R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
119. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
120. R3 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
121. R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
122. R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
123. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
124. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
125. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
126. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
127. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
128. R3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
129. R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
130. R3 vna_ap;Check Point Virtual Network Adapter - Apollo;c:\windows\system32\DRIVERS\vnaap.sys;c:\windows\SYSNATIVE\DRIVERS\vnaap.sys [x]
131. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
132. R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
133. S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
134. S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [x]
135. S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
136. S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
137. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
138. S3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
139. S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
140. S3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
141. S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys;c:\windows\SYSNATIVE\drivers\t3.sys [x]
142. .
143. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
144. start [BU]
145. .
146. Contents of the 'Scheduled Tasks' folder
147. .
148. 2014-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
149. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-30 09:18]
150. .
151. 2013-07-07 c:\windows\Tasks\AdobeAAMUpdater-1.0-HOME-Idan.job
152. - c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-05-14 14:42]
153. .
154. 2014-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf8bf01afa2a3e.job
155. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-06-14 12:55]
156. .
157. 2013-11-30 c:\windows\Tasks\User_Feed_Synchronization-{3146813A-EEB2-45D8-B257-E1B5B6353C39}.job
158. - c:\windows\system32\msfeedssync.exe [2013-11-30 01:02]
159. .
160. .
161. --------- X64 Entries -----------
162. .
163. .
164. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
165. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-05 11786344]
166. "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
167. .
168. ------- Supplementary Scan -------
169. .
170. uLocal Page = c:\windows\system32\blank.htm
171. uStart Page = hxxp://www.google.co.il/
172. mLocal Page = c:\windows\SysWOW64\blank.htm
173. uInternet Settings,ProxyOverride = *.local
174. TCP: DhcpNameServer = 192.117.235.235 62.219.186.7
175. FF - ProfilePath - c:\users\Idan\AppData\Roaming\Mozilla\Firefox\Profiles\qxx9bulx.default\
176. .
177. - - - - ORPHANS REMOVED - - - -
178. .
179. ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
180. AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
181. .
182. .
183. .
184. --------------------- LOCKED REGISTRY KEYS ---------------------
185. .
186. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
187. @Denied: (A 2) (Everyone)
188. @="FlashBroker"
189. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
190. .
191. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
192. "Enabled"=dword:00000001
193. .
194. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
195. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
196. .
197. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
198. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
199. .
200. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
201. @Denied: (A 2) (Everyone)
202. @="IFlashBroker5"
203. .
204. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
205. @="{00020424-0000-0000-C000-000000000046}"
206. .
207. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
208. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
209. "Version"="1.0"
210. .
211. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
212. @Denied: (A 2) (Everyone)
213. @="FlashBroker"
214. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
215. .
216. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
217. "Enabled"=dword:00000001
218. .
219. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
220. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
221. .
222. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
223. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
224. .
225. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
226. @Denied: (A 2) (Everyone)
227. @="Shockwave Flash Object"
228. .
229. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
230. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
231. "ThreadingModel"="Apartment"
232. .
233. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
234. @="0"
235. .
236. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
237. @="ShockwaveFlash.ShockwaveFlash.11"
238. .
239. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
240. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
241. .
242. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
243. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
244. .
245. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
246. @="1.0"
247. .
248. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
249. @="ShockwaveFlash.ShockwaveFlash"
250. .
251. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
252. @Denied: (A 2) (Everyone)
253. @="Macromedia Flash Factory Object"
254. .
255. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
256. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
257. "ThreadingModel"="Apartment"
258. .
259. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
260. @="FlashFactory.FlashFactory.1"
261. .
262. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
263. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
264. .
265. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
266. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
267. .
268. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
269. @="1.0"
270. .
271. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
272. @="FlashFactory.FlashFactory"
273. .
274. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
275. @Denied: (A 2) (Everyone)
276. @="IFlashBroker5"
277. .
278. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
279. @="{00020424-0000-0000-C000-000000000046}"
280. .
281. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
282. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
283. "Version"="1.0"
284. .
285. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
286. @Denied: (Full) (Everyone)
287. .
288. Completion time: 2014-09-20 03:09:15
289. ComboFix-quarantined-files.txt 2014-09-20 00:09
290. .
291. Pre-Run: 173,182,648,320 bytes free
292. Post-Run: 172,613,902,336 bytes free
293. .
294. - - End Of File - - 9086E8362DDEE8668658976ED524BE25
295. A36C5E4F47E84449FF07ED3517B43A31