ComboFix 11-11-08.01 - Karol 11/07/2011  23:09:17.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2009.1005 [GMT -7:00]
Running from: c:\users\Karol\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Karol\AppData\Local\d05703f7\U
c:\users\Karol\AppData\Local\d05703f7\U\80000000.@
c:\users\Karol\AppData\Local\d05703f7\U\800000cb.@
c:\users\Karol\Documents\~WRL0003.tmp
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
.
.
(((((((((((((((((((((((((   Files Created from 2011-10-08 to 2011-11-08  )))))))))))))))))))))))))))))))
.
.
2011-11-08 06:19 . 2011-11-08 06:19	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E2B4D16-E604-42C3-A38D-F9C0F2AACB39}\offreg.dll
2011-11-08 06:15 . 2011-11-08 06:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-11-08 05:42 . 2011-10-07 04:16	8570192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E2B4D16-E604-42C3-A38D-F9C0F2AACB39}\mpengine.dll
2011-11-02 02:55 . 2011-11-02 02:55	--------	d-----w-	c:\users\Karol\AppData\Roaming\Malwarebytes
2011-11-02 02:55 . 2011-11-02 02:55	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-02 02:55 . 2011-11-02 02:55	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-02 02:55 . 2011-08-31 23:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-01 03:00 . 2011-11-01 03:00	--------	d-----w-	c:\windows\Sun
2011-10-30 19:20 . 2011-10-31 01:12	--------	d-----w-	c:\program files\Microsoft Security Client
2011-10-17 02:49 . 2011-10-17 02:49	--------	d-----w-	c:\program files (x86)\Moffsoft FreeCalc
2011-10-17 02:46 . 2011-10-17 02:46	--------	d--h--w-	c:\programdata\Common Files
2011-10-17 02:09 . 2011-10-17 02:47	--------	d-----w-	c:\programdata\MFAData
2011-10-17 02:06 . 2011-10-17 02:06	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-10-15 02:45 . 2011-10-15 02:58	--------	d-----w-	c:\users\Karol\AppData\Roaming\AVS4YOU
2011-10-15 02:44 . 2011-10-15 02:45	--------	d-----w-	c:\programdata\AVS4YOU
2011-10-15 02:43 . 2010-05-27 18:32	10833920	----a-w-	c:\windows\SysWow64\libmfxsw32.dll
2011-10-15 02:43 . 2010-05-27 18:32	10915840	----a-w-	c:\windows\SysWow64\libmfxhw32.dll
2011-10-15 02:43 . 2010-05-27 18:32	774144	----a-w-	c:\windows\SysWow64\htmlayout.dll
2011-10-15 02:43 . 2010-05-27 18:32	1003008	----a-w-	c:\windows\SysWow64\libeay32.dll
2011-10-15 02:43 . 2011-06-23 19:26	974848	----a-w-	c:\windows\SysWow64\mfc70.dll
2011-10-15 02:43 . 2011-06-23 19:26	487424	----a-w-	c:\windows\SysWow64\msvcp70.dll
2011-10-15 02:43 . 2011-06-23 19:26	344064	----a-w-	c:\windows\SysWow64\msvcr70.dll
2011-10-15 02:43 . 2011-06-23 19:25	24576	----a-w-	c:\windows\SysWow64\msxml3a.dll
2011-10-15 02:43 . 2011-10-15 02:49	--------	d-----w-	c:\program files (x86)\AVS4YOU
2011-10-15 02:43 . 2011-10-15 02:46	--------	d-----w-	c:\program files (x86)\Common Files\AVSMedia
2011-10-12 02:26 . 2011-08-17 05:26	613888	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 02:26 . 2011-08-17 04:24	465408	----a-w-	c:\windows\SysWow64\psisdecd.dll
2011-10-12 02:26 . 2011-08-17 04:19	75776	----a-w-	c:\windows\SysWow64\psisrndr.ax
2011-10-12 02:26 . 2011-08-17 05:25	108032	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 02:26 . 2011-09-06 03:03	3138048	----a-w-	c:\windows\system32\win32k.sys
2011-10-12 02:25 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 02:25 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2011-10-12 02:25 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 02:25 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-10-12 02:08 . 2011-11-08 06:14	--------	d-sh--w-	c:\users\Karol\AppData\Local\d05703f7
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-30 19:13 . 2011-06-10 04:06	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-05 02:53 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-09-05 02:53 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-05 1400784]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-05 20:07	1400784	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-10-05 1400784]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 136176]
R2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
R3 Assault cube Server;Assault cube Server;c:\program files (x86)\AssaultCube_v1.1.0.4\bin_win32\ac_server.exe [2010-11-14 350720]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 136176]
R3 IGRS;IGRS;c:\program files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-08-14 509192]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-09-22 579400]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\DRIVERS\ser2ph64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;d:\test\ECECECEC\WinRing0x64.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-23 46080]
S2 SITomcat;SI Tomcat;c:\program files (x86)\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe [2003-10-27 65536]
S2 SITransbase;SI Transbase;c:\program files (x86)\GM SPO\eSI\Transbase\tbmux32.exe [2001-11-20 165376]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys [x]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
IgrsSvcs	REG_MULTI_SZ   	ReadyComm.DirectRouter PS_MDP
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 06:01]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 06:01]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-18 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-18 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-18 365592]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2009-09-29 4366704]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2009-08-19 5825536]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"combofix"="c:\combofix\CF32301.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.lds.org/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Karol\AppData\Roaming\Mozilla\Firefox\Profiles\vjowvrpa.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://g.live.com/1rewlive4startup/home
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DIC2V5&o=13732&locale=en_US&apn_uid=4A986DAE-A592-44CB-B886-CF8475E5E2CB&apn_ptnrs=D5&apn_sauid=47733EFF-208F-4E28-8E32-550C40FED590&apn_dtid=gog187YYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Dictionary.com Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
   6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b8,ab,c5,95,71,8c,cc,01
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*p*Q<FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*p*œ<FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*p*P?FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*È=FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*TˆN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*°UˆN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*e*åUˆN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*œ<FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*=FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*c=FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*È=FN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-2423268403-297460026-2122372973-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*k*e*�BFN\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\GM SPO\eSI\Transbase\tbkern32.exe
c:\program files (x86)\GM SPO\eSI\Transbase\tbkern32.exe
.
**************************************************************************
.
Completion time: 2011-11-07  23:28:48 - machine was rebooted
ComboFix-quarantined-files.txt  2011-11-08 06:28
.
Pre-Run: 54,769,606,656 bytes free
Post-Run: 54,240,595,968 bytes free
.
- - End Of File - - 777CA5F85B7B2E9F22374A4B8C256FA1