ComboFix 12-02-25.02 - Tibi 02/28/2012 9:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2558 [GMT 2:00]
Running from: c:\users\Tibi\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tibi\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 07:59 . 2012-02-28 07:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-27 12:49 . 2012-02-27 12:49 -------- d-----w- c:\program files\Motorola Inc
2012-02-27 08:12 . 2012-02-28 08:02 -------- d-----w- C:\Temp
2012-02-27 08:12 . 2012-02-27 08:12 -------- d-----w- c:\users\Tibi\AppData\Roaming\Motorola
2012-02-27 08:11 . 2012-02-27 08:11 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-02-27 08:11 . 2012-02-27 08:11 -------- d-----w- c:\program files (x86)\Motorola
2012-02-26 12:54 . 2012-02-26 12:54 -------- d-----w- c:\users\Tibi\AppData\Roaming\LibreOffice
2012-02-26 12:43 . 2012-02-26 12:44 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
2012-02-26 12:39 . 2012-02-26 12:39 -------- d-----w- c:\program files\7-Zip
2012-02-26 12:38 . 2012-02-26 12:38 -------- d-----w- c:\users\Tibi\AppData\Roaming\IrfanView
2012-02-26 12:38 . 2012-02-26 12:38 -------- d-----w- c:\program files (x86)\IrfanView
2012-02-26 12:27 . 2012-02-26 12:27 -------- d-----w- c:\users\Tibi\AppData\Roaming\SumatraPDF
2012-02-26 12:27 . 2012-02-26 12:27 -------- d-----w- c:\program files (x86)\SumatraPDF
2012-02-25 21:14 . 2012-02-25 21:25 -------- d-----w- c:\users\Tibi\AppData\Roaming\ImgBurn
2012-02-25 21:07 . 2012-02-25 21:07 -------- d-----w- c:\program files (x86)\ImgBurn
2012-02-24 12:36 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E429E47-65BD-4119-8BC0-D97A7A2C7CAE}\mpengine.dll
2012-02-22 17:53 . 2012-02-22 18:12 -------- d-----w- c:\users\Tibi\AppData\Roaming\gDEBugger
2012-02-22 17:52 . 2012-02-22 17:53 -------- d-----w- c:\programdata\GraphicRemedy
2012-02-15 12:59 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 12:59 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 12:59 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 12:59 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 12:59 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 12:59 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 12:59 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 12:59 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-12 12:20 . 2012-02-12 12:20 -------- d-----w- c:\program files (x86)\Audio Sliders
2012-02-12 12:10 . 2012-02-12 12:11 -------- d-----w- c:\users\Tibi\AppData\Roaming\TeraCopy
2012-02-12 12:10 . 2012-02-12 12:10 -------- d-----w- c:\program files\TeraCopy
2012-02-08 20:01 . 2012-02-08 20:01 -------- d-----w- c:\users\Tibi\AppData\Local\ElevatedDiagnostics
2012-02-06 13:53 . 2012-02-26 12:18 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-02-06 13:53 . 2012-02-26 12:18 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-04 13:30 . 2012-02-04 13:30 -------- d-----w- c:\users\Tibi\AppData\Local\SKIDROW
2012-02-03 20:04 . 2012-02-24 12:31 -------- d-----w- c:\program files (x86)\Common Files\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 17:24 . 2011-12-10 11:09 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 14:47 . 2011-12-10 10:53 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-29 03:10 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 16:56 . 2011-12-13 19:13 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-01-25 11:45 . 2011-12-10 16:57 1556544 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-01-09 12:35 . 2012-01-09 12:35 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-27 20:30 . 2011-12-27 20:30 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-12-27 20:30 . 2011-12-27 20:30 426496 ----a-w- c:\windows\system32\wrap_oal.dll
2011-12-27 20:30 . 2011-12-27 20:30 409600 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-12-27 20:30 . 2011-12-27 20:30 116736 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-21 18:43 . 2011-12-21 18:43 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-19 11:45 . 2012-01-12 14:52 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-19 11:45 . 2012-01-12 14:52 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-19 11:45 . 2011-12-19 11:45 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-12-19 11:43 . 2011-12-19 11:43 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-12-19 11:43 . 2011-12-19 11:43 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-12-10 11:26 . 2011-12-10 11:26 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-12-10 11:04 . 2011-12-10 11:04 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-12-10 11:04 . 2011-12-10 11:04 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-12-10 11:04 . 2011-12-10 11:04 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-12-10 11:04 . 2011-12-10 11:04 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-12-10 11:04 . 2011-12-10 11:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-12-10 11:04 . 2011-12-10 11:04 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-12-10 11:04 . 2011-12-10 11:04 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-12-10 11:04 . 2011-12-10 11:04 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-12-10 11:04 . 2011-12-10 11:04 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-12-10 11:04 . 2011-12-10 11:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-12-10 11:04 . 2011-12-10 11:04 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-12-10 11:04 . 2011-12-10 11:04 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-12-10 11:04 . 2011-12-10 11:04 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-12-10 11:04 . 2011-12-10 11:04 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-12-10 11:04 . 2011-12-10 11:04 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-12-10 11:04 . 2011-12-10 11:04 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-12-10 11:04 . 2011-12-10 11:04 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-12-10 11:04 . 2011-12-10 11:04 222208 ----a-w- c:\windows\system32\msls31.dll
2011-12-10 11:04 . 2011-12-10 11:04 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-12-10 11:04 . 2011-12-10 11:04 12288 ----a-w- c:\windows\system32\mshta.exe
2011-12-10 11:04 . 2011-12-10 11:04 114176 ----a-w- c:\windows\system32\admparse.dll
2011-12-10 11:04 . 2011-12-10 11:04 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-12-10 11:04 . 2011-12-10 11:04 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-12-10 11:04 . 2011-12-10 11:04 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-12-10 11:04 . 2011-12-10 11:04 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-12-10 11:04 . 2011-12-10 11:04 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-12-10 11:04 . 2011-12-10 11:04 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-12-10 11:04 . 2011-12-10 11:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-12-10 11:04 . 2011-12-10 11:04 448512 ----a-w- c:\windows\system32\html.iec
2011-12-10 11:04 . 2011-12-10 11:04 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-10 11:04 . 2011-12-10 11:04 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-12-10 11:04 . 2011-12-10 11:04 160256 ----a-w- c:\windows\system32\wextract.exe
2011-12-10 11:04 . 2011-12-10 11:04 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-12-10 11:04 . 2011-12-10 11:04 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-12-10 10:30 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2011-12-10 10:30 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2011-12-10 10:30 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2011-12-10 10:30 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2011-12-10 10:30 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2011-12-09 10:40 . 2011-12-10 10:53 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-12-09 10:40 . 2011-12-10 10:53 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-12-10 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-12-10 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-25 343168]
.
c:\users\Tibi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-01-25 547872]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 136176]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2992512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2011-06-10 2044688]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-20 2072896]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 12:53]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-27 12:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.42.129
FF - ProfilePath - c:\users\Tibi\AppData\Roaming\Mozilla\Firefox\Profiles\fqj3aajy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.blink_allowed - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-02-28 10:17:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 08:17
.
Pre-Run: 70,910,386,176 bytes free
Post-Run: 71,115,952,128 bytes free
.
- - End Of File - - F0EE459183852161469E2F7AF12E6B01