ComboFix 12-11-25.01 - Barukh 25/11/2012 17:57:29.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.3959.2478 [GMT 2:00]
Running from: c:\users\Barukh\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Barukh\AppData\Local\assembly\tmp
c:\users\Barukh\Documents\~WRL1271.tmp
c:\users\Barukh\Documents\~WRL2290.tmp
c:\users\Barukh\Documents\~WRL3996.tmp
c:\windows\es.exe
c:\windows\pthreadGC2.dll
c:\windows\s.bat
c:\windows\SysWow64\UNWISE.EXE
c:\windows\SysWow64\win.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RelevantKnowledge
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-23 05:50 . 2012-11-23 05:50 -------- d-----w- C:\FRST
2012-11-22 18:54 . 2012-11-22 18:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-11-16 01:15 . 2012-07-26 05:05 2560 ----a-w- c:\windows\system32\drivers\es-ES\wdf01000.sys.mui
2012-11-16 01:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-16 01:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-16 01:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-16 01:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-16 01:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-16 01:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-16 01:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-16 01:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-16 01:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-16 01:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 18:41 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-15 18:41 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-15 18:41 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-15 18:41 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-15 18:41 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-15 18:41 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 18:41 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 18:40 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-15 18:40 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-15 18:40 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-15 18:40 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-15 18:40 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-15 18:40 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-15 18:40 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-15 18:40 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-15 18:40 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-15 18:40 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-15 18:40 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-15 18:40 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-15 15:06 . 2012-11-15 15:07 -------- d-----w- c:\users\Barukh\AppData\Roaming\Games
2012-11-15 14:59 . 2012-11-15 14:59 -------- d-----w- c:\programdata\InstallShield
2012-11-15 08:50 . 2012-11-15 08:50 -------- d-----w- c:\windows\SysWow64\AGEIA
2012-11-15 08:50 . 2012-11-15 08:50 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-11-15 08:49 . 2012-11-15 08:49 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-11-15 08:49 . 2012-11-15 08:49 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-11-15 08:45 . 2012-11-15 08:45 -------- d-----w- c:\program files (x86)\The Adventure Company
2012-11-15 08:45 . 2004-08-09 04:04 73728 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2012-11-15 08:45 . 2004-08-09 04:03 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-11-15 08:45 . 2004-08-09 04:03 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-11-15 08:45 . 2004-08-09 04:03 81920 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-11-15 08:45 . 2004-08-09 04:03 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-11-15 08:45 . 2004-08-09 04:03 512000 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-11-15 08:45 . 2004-08-09 04:02 217088 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-11-11 19:35 . 2012-11-11 19:35 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-11-11 19:35 . 2012-11-11 19:35 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-10 18:00 . 2012-11-17 21:06 -------- d-----w- c:\users\Barukh\AppData\Local\VisualBeeClient
2012-11-10 17:58 . 2012-11-10 17:59 -------- d-----w- c:\users\Barukh\AppData\Local\VisualBeeExe
2012-11-10 17:57 . 2012-11-10 17:58 -------- d-----w- c:\programdata\VisualBee
2012-11-09 00:07 . 2012-11-09 00:07 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-11-08 22:24 . 2012-11-08 22:31 -------- d-----w- c:\users\Barukh\AppData\Roaming\BSplayer
2012-11-08 14:51 . 2012-11-08 14:51 -------- d-----w- c:\programdata\Ad-Aware Antivirus
2012-11-08 14:42 . 2012-11-08 14:42 -------- d-----w- c:\users\Barukh\AppData\Roaming\LavasoftStatistics
2012-11-08 12:07 . 2012-11-23 06:19 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-11-08 11:59 . 2012-11-08 11:59 -------- d-----w- c:\programdata\blekko toolbars
2012-11-08 11:59 . 2012-11-08 11:59 -------- d-----w- c:\users\Barukh\AppData\Local\adawarebp
2012-11-08 11:59 . 2012-11-21 09:01 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-11-08 11:59 . 2012-11-08 11:59 -------- d-----w- c:\program files (x86)\adawaretb
2012-11-08 11:59 . 2012-11-08 11:59 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2012-11-08 11:57 . 2012-11-09 00:06 -------- d-----w- c:\users\Barukh\AppData\Roaming\Ad-Aware Antivirus
2012-11-06 14:02 . 2012-11-06 14:02 -------- d-----w- c:\users\Barukh\AppData\Roaming\Frogwares
2012-11-06 13:24 . 2012-11-06 13:24 -------- d-----w- c:\program files (x86)\Focus
2012-11-06 09:17 . 2012-11-06 09:17 -------- d-----w- c:\users\Barukh\AppData\Local\DVDVideoSoft_Ltd
2012-11-03 19:07 . 2012-11-03 19:08 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-11-03 19:07 . 2012-11-03 19:07 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-10-30 00:31 . 2012-10-30 00:31 19528 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\3082\VSTOLoaderUI.dll
2012-10-30 00:31 . 2012-10-30 00:31 19512 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\3082\VSTOLoaderUI.dll
2012-10-30 00:31 . 2012-10-30 00:31 10832 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VSTO\10.0\3082\VSTOInstallerUI.dll
2012-10-30 00:31 . 2012-10-30 00:31 10816 ----a-w- c:\program files\Common Files\Microsoft Shared\VSTO\10.0\3082\VSTOInstallerUI.dll
2012-10-29 21:54 . 2012-11-22 16:04 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-16 01:02 . 2010-10-03 16:45 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 16:20 . 2012-04-05 07:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:20 . 2011-06-13 19:11 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-29 17:54 . 2010-11-06 17:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 17:37 . 2011-12-14 18:20 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-09-29 17:37 . 2011-12-14 18:20 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-24 13:32 . 2012-08-31 06:02 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-24 13:32 . 2010-10-17 20:06 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 13:06 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 13:07 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 13:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:07 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:07 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-12-25 16:36 . 2011-12-25 16:36 3498840 ----a-w- c:\program files (x86)\vstor40_x64.exe
2011-12-06 10:28 . 2011-12-25 16:35 1343488 ----a-w- c:\program files (x86)\wcwdes10.dll
2011-09-13 10:52 . 2011-12-25 16:35 897024 ----a-w- c:\program files (x86)\Instalar.exe
2010-11-20 22:51 . 2010-11-20 22:51 2790864 ----a-w- c:\program files (x86)\install_flash_player.exe
2010-10-15 15:27 . 2011-12-25 16:35 143360 ----a-w- c:\program files (x86)\Updatewcwdes10.exe
2010-02-08 19:50 . 2011-12-25 16:35 225280 ----a-w- c:\program files (x86)\wcwdes05.wll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db131c55-60c8-4adc-84dc-9e76ab06e2dc}"= "c:\program files (x86)\uTorrentBar_ES\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2011-09-03 17:27 2660016 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentBar_ES\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{db131c55-60c8-4adc-84dc-9e76ab06e2dc}"= "c:\program files (x86)\uTorrentBar_ES\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{db131c55-60c8-4adc-84dc-9e76ab06e2dc}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-17 15:46 222712 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-17 15:46 222712 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-17 15:46 222712 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Akamai NetSession Interface"="c:\users\Barukh\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"SkyDrive"="c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2012-11-17 255992]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"331BigDog"="c:\program files (x86)\USB Camera\VM331_STI.EXE" [2009-09-15 536576]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2010-01-25 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCam.exe" [2010-01-25 224352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-09-29 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 780616]
.
c:\users\Barukh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Screen Capturer.lnk - c:\program files (x86)\Screen Capturer\ScreenCapturer.exe [2008-12-8 147456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McMPFSvc;McAfee Servicio Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-16 79376]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-09 17152]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-12-11 232992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-29 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-27 283200]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\DfsdkS64.exe [2009-08-24 544768]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys [2011-03-08 12824]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-06-15 103472]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2011-03-21 68928]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-14 382272]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-12-09 2320920]
S2 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [2011-09-28 885160]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-01-25 31216]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-02-19 167816]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-28 325152]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys [2009-11-09 207232]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11280]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
<NO NAME> REG_SZ
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 16:20]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 18:47]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-12 18:47]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003Core.job
- c:\users\Barukh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 13:14]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1373113754-2393914652-2236859404-1003UA.job
- c:\users\Barukh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-27 13:14]
.
2012-06-15 c:\windows\Tasks\Quark Updater.job
- c:\program files (x86)\Quark\Quark Update\AutoUpdate.exe [2011-03-08 13:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-17 15:46 261624 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-17 15:46 261624 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-17 15:46 261624 ----a-w- c:\users\Barukh\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Barukh\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2010-03-22 03:38 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-11-28 508472]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-12-17 4367808]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-12-17 6988736]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"Ashampoo WinOptimizer Live-Tuner"="c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTuner.exe" [2011-09-28 2656680]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://
www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://
www.google.com/ie
uSearchURL,(Default) = hxxp://
www.google.com/search?q=%s
mSearchAssistant =
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: Free YouTube Download - c:\users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Barukh\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.16.3
DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://
www.responsa.co.il/NetisUtils/install/safeview.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://
www.myheritage.es/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\users\Barukh\AppData\Roaming\Mozilla\Firefox\Profiles\rvjqfgf8.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=116294&tt=4512_7&babsrc=HP_ss&mntrId=0270c0e0000000000000c217fefd0c6c
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=116294&tt=4512_7&babsrc=KW_ss&mntrId=0270c0e0000000000000c217fefd0c6c&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files (x86)\SpeedBit Video Downloader\SPFireFox
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{cd90bf73-20f6-44ef-993d-bb920303bd2e} - (no file)
URLSearchHooks-{a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CD90BF73-20F6-44EF-993D-BB920303BD2E} - (no file)
WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Pid 1.00 - c:\users\Barukh\Downloads\PiD-CONSPiRE\Pid\Uninstall.exe
AddRemove-CohMapPack - c:\program files (x86)\City of Heroes\vm_bind_filesi18.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{0329E7D6-6F54-462D-93F6-F5C3118BADF2}"=hex:51,66,7a,6c,4c,1d,38,12,b8,e4,3a,
07,66,21,43,03,ec,e0,b6,83,14,d5,e9,e6
"{F053C368-5458-45B2-9B4D-D8914BDDDBFF}"=hex:51,66,7a,6c,4c,1d,38,12,06,c0,40,
f4,6a,1a,dc,00,e4,5b,9b,d1,4e,83,9f,eb
"{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e,
71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96,
33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd
"{389943B0-C3A2-4E69-82CB-8596A84CB3DC}"=hex:51,66,7a,6c,4c,1d,38,12,de,40,8a,
3c,90,8d,07,0b,fd,dd,c6,d6,ad,12,f7,c8
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{92A9ACF4-9333-43AE-9698-DB283326F87F}"=hex:51,66,7a,6c,4c,1d,38,12,9a,af,ba,
96,01,dd,c0,06,e9,8e,98,68,36,78,bc,6b
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FF7C3CF0-4B15-11D1-ABED-709549C10000}"=hex:51,66,7a,6c,4c,1d,38,12,9e,3f,6f,
fb,27,05,bf,54,d4,fb,33,d5,4c,9f,44,14
"{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27,
25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2c,ad,4d,8c,e9,dd,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-25 18:18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-25 16:18
.
Pre-Run: 230.501.990.400 bytes libres
Post-Run: 229.991.776.256 bytes libres
.
- - End Of File - - 195AD340046BC13D992F1C2265D737ED