jestein
Posts: 48 +0
ComboFix 12-10-04.02 - Admin 10/04/2012 13:13:50.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2519 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2012-10-03 06:32 . 2012-10-03 06:32 -------- d-----w- c:\programdata\FLEXnet
2012-10-03 06:26 . 2012-10-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-10-03 06:23 . 2012-10-04 05:34 -------- d-----w- c:\programdata\Rosetta Stone
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 4096000 ----a-w- c:\program files (x86)\GUT17D6.tmp
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-04 20:03 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-06 03:32 . 2012-09-06 03:32 -------- d-----w- c:\users\Lindsay\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:12 . 2012-04-14 02:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:12 . 2012-02-04 22:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24286133
*Deregistered* - 24286133
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:12]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-24286133.sys
SafeBoot-30756176.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 13:23:35
ComboFix-quarantined-files.txt 2012-10-04 20:23
ComboFix2.txt 2012-10-03 05:49
.
Pre-Run: 485,054,640,128 bytes free
Post-Run: 485,179,998,208 bytes free
.
- - End Of File - - ACDB10A95B1C7F2B11084A546419161B
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3838.2519 [GMT -7:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-04 to 2012-10-04 )))))))))))))))))))))))))))))))
.
.
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iPod
2099-10-22 12:04 . 2012-04-14 02:09 -------- d-----w- c:\program files\iTunes
2099-10-22 12:04 . 2002-01-01 18:14 -------- d-----w- c:\program files (x86)\iTunes
2099-10-22 12:03 . 2012-04-14 02:09 -------- d-----w- c:\program files\Bonjour
2099-10-22 12:03 . 2012-04-14 02:08 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Lindsay\AppData\Local\temp
2012-10-04 20:21 . 2012-10-04 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-04 05:44 . 2012-10-04 05:44 -------- d-----w- c:\users\Admin\AppData\Local\ElevatedDiagnostics
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-10-04 05:34 . 2012-10-04 05:34 -------- d-----w- c:\programdata\RosettaStoneLtdBackup
2012-10-03 06:32 . 2012-10-03 06:32 -------- d-----w- c:\programdata\FLEXnet
2012-10-03 06:26 . 2012-10-03 06:26 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-10-03 06:23 . 2012-10-04 05:34 -------- d-----w- c:\programdata\Rosetta Stone
2012-10-03 06:07 . 2012-10-03 07:12 -------- d-----w- c:\program files (x86)\Google
2012-10-03 06:07 . 2012-10-03 06:07 4096000 ----a-w- c:\program files (x86)\GUT17D6.tmp
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\users\Admin\AppData\Local\Google
2012-10-03 06:07 . 2012-10-03 06:07 -------- d-----w- c:\program files (x86)\GUM17D5.tmp
2012-10-02 03:58 . 2012-10-02 03:58 -------- d-----w- C:\FRST
2012-09-30 01:35 . 2012-09-30 01:35 -------- d-----w- c:\users\Admin\AppData\Local\Apple Computer
2012-09-28 04:15 . 2012-09-28 04:15 -------- d-----w- c:\users\Admin\AppData\Local\VideoDownloadConverter_4z
2012-09-28 02:43 . 2012-09-28 02:43 -------- d-----w- c:\program files (x86)\VideoDownloadConverter_4z
2012-09-28 01:59 . 2012-09-28 01:59 -------- d-----w- c:\users\Admin\AppData\Local\Panasonic
2012-09-27 05:31 . 2012-10-04 19:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-17 00:54 . 2012-09-17 00:54 -------- d-----w- c:\users\Lindsay\AppData\Local\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Utimaco
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Sophos
2012-09-17 00:53 . 2012-09-17 00:53 -------- d-----w- c:\program files (x86)\Common Files\Business Objects
2012-09-17 00:52 . 2012-09-17 00:53 -------- d-----w- c:\program files\Sophos
2012-09-17 00:50 . 2010-09-19 18:54 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-19 18:54 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SOPHOS-sqlagtctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 19:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:50 . 2010-09-17 17:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SOPHOS-sqlctr10.2.4000.0.dll
2012-09-17 00:49 . 2012-09-17 00:49 -------- d-----w- c:\windows\system32\RsFx
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\SysWow64\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\windows\system32\1033
2012-09-17 00:48 . 2012-09-17 00:48 -------- d-----w- c:\program files\Microsoft.NET
2012-09-17 00:46 . 2012-09-17 00:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-17 00:45 . 2012-09-17 00:49 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-17 00:44 . 2012-10-04 20:03 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-17 00:43 . 2012-09-17 00:43 -------- d-----w- c:\windows\system32\msmq
2012-09-17 00:42 . 2012-09-17 00:42 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-17 00:40 . 2012-09-17 00:53 -------- d-----w- c:\programdata\Sophos
2012-09-17 00:39 . 2012-09-17 00:39 -------- d-----w- C:\sec_51
2012-09-13 03:35 . 2012-09-13 03:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-13 03:35 . 2012-09-13 03:34 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-13 03:34 . 2012-09-13 03:34 -------- d-----w- c:\program files (x86)\Java
2012-09-13 03:33 . 2012-09-13 03:33 -------- d-----w- c:\programdata\McAfee
2012-09-13 03:32 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-09-13 03:32 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-09-13 03:32 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-09-13 03:32 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-09-13 03:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-09-13 03:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-09-13 03:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-09-13 03:30 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-09-13 03:30 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-13 03:26 . 2012-09-13 03:26 -------- d-----w- c:\programdata\!SASCORE
2012-09-13 03:22 . 2012-09-13 03:22 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-13 02:46 . 2012-09-13 02:46 -------- d-----w- c:\users\Admin\AppData\Roaming\Malwarebytes
2012-09-06 03:32 . 2012-09-06 03:32 -------- d-----w- c:\users\Lindsay\AppData\Roaming\ZoomBrowser EX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 08:12 . 2012-04-14 02:26 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 08:12 . 2012-02-04 22:08 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 03:34 . 2011-04-24 00:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-08 00:04 . 2011-03-02 03:08 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{48586425-6bb7-4f51-8dc6-38c88e3ebb58}"= "c:\program files (x86)\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{48586425-6bb7-4f51-8dc6-38c88e3ebb58}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 5664640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Lindsay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-1-23 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 5.0.lnk - c:\program files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2011-1-11 172544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-08 676936]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-08 25928]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-09-19 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SOPHOS;SQL Server Agent (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-26 140672]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-08 399432]
S2 MSSQL$SOPHOS;SQL Server (SOPHOS);c:\program files\Microsoft SQL Server\MSSQL10.SOPHOS\MSSQL\Binn\sqlservr.exe [2010-09-17 57966424]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [2010-04-17 36864]
S2 Sophos Certification Manager;Sophos Certification Manager;c:\program files (x86)\Sophos\Enterprise Console\CertificationManagerServiceNT.exe [2011-10-18 77824]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-05 694376]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 24286133
*Deregistered* - 24286133
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 08:12]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Feed.job
- c:\program files\Sophos\Patch\PatchDataLoader\PatchDataLoader.exe [2012-04-27 23:40]
.
2012-10-04 c:\windows\Tasks\Sophos Patch Purge.job
- c:\program files\Sophos\Patch\SQL Tasks\SQLTasks.exe [2012-04-27 23:40]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: jcatsdefender.com\caaoc
Trusted Zone: jcatsdefender.com\traincaaoc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C2E68E71-4D89-4571-ADDE-07B7D237543A}\E4544574541425D22343D274: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bsiu5cbq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=6F2055D6-ADB1-4FDC-94C0-8138DA23D0F4&n=77ee1931&ind=2012092721&p2=^HJ^xdm003^S03103^us&si=CNu90_qf17ICFURxQgodmgQAmg&searchfor=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-24286133.sys
SafeBoot-30756176.sys
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sophos Message Router]
"ImagePath"="\"c:\program files (x86)\Sophos\Enterprise Console\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-04 13:23:35
ComboFix-quarantined-files.txt 2012-10-04 20:23
ComboFix2.txt 2012-10-03 05:49
.
Pre-Run: 485,054,640,128 bytes free
Post-Run: 485,179,998,208 bytes free
.
- - End Of File - - ACDB10A95B1C7F2B11084A546419161B