ComboFix 12-08-14.05 - sanja 14/08/2012 18:09:33.4.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3963.1556 [GMT -4:00] Running from: c:\users\sanja\Documents\Downloads\TATA\ComboFix.exe Command switches used :: c:\users\sanja\Documents\Downloads\TATA\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\ERDNT\cache64\services.exe --> c:\windows\system32\services.exe . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 22:19 . 2012-08-14 22:19 -------- d-----w- c:\users\sanja\AppData\Local\temp 2012-08-14 22:19 . 2012-08-14 22:19 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-08-14 22:19 . 2012-08-14 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-13 18:43 . 2012-08-13 18:43 -------- d-----w- C:\_OTL 2012-08-13 17:57 . 2012-08-13 17:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-13 17:57 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\users\sanja\AppData\Roaming\SUPERAntiSpyware.com 2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-13 03:10 . 2012-08-13 03:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-08-13 02:12 . 2012-08-13 02:12 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-08-05 21:54 . 2012-07-23 19:59 24960 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-08-02 23:30 . 2012-08-02 23:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\programdata\IObit 2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\users\sanja\AppData\Roaming\IObit 2012-08-02 23:27 . 2012-08-02 23:27 -------- d-----w- c:\program files (x86)\IObit 2012-07-27 00:12 . 2012-07-27 00:12 -------- d-----w- c:\users\sanja\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1 2012-07-27 00:02 . 2012-07-27 00:02 -------- d-----w- c:\users\sanja\AppData\Local\Macromedia 2012-07-26 23:50 . 2012-08-14 22:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-26 23:50 . 2012-07-26 23:50 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-14 22:02 . 2011-09-04 16:05 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-13 02:12 . 2010-07-14 19:48 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-07-12 02:04 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe 2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll 2012-06-13 13:58 . 2012-07-12 02:03 2769408 ----a-w- c:\windows\system32\win32k.sys 2012-06-08 17:59 . 2012-07-11 20:28 12899840 ----a-w- c:\windows\system32\shell32.dll 2012-06-05 16:47 . 2012-07-11 20:28 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-05 16:47 . 2012-07-11 20:28 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-05 16:22 . 2012-07-11 20:28 1797120 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:22 . 2012-07-11 20:28 1869824 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:29 . 2012-07-11 20:28 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:19 . 2012-06-22 20:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 20:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 20:20 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 20:20 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 20:19 35864 ----a-w- c:\windows\SysWow64\wups.dll 2012-06-02 22:19 . 2012-06-22 20:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-22 20:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll 2012-06-02 22:15 . 2012-06-22 20:20 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 20:19 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 22:12 . 2012-06-22 20:19 88576 ----a-w- c:\windows\SysWow64\wudriver.dll 2012-06-02 19:19 . 2012-06-22 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:19 . 2012-06-22 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 20:19 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 19:12 . 2012-06-22 20:19 33792 ----a-w- c:\windows\SysWow64\wuapp.exe 2012-06-02 00:22 . 2012-07-11 20:28 347136 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:22 . 2012-07-11 20:28 254464 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 00:05 . 2012-07-11 20:28 77312 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 00:04 . 2012-07-11 20:28 278528 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 00:03 . 2012-07-11 20:28 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-05-31 16:25 . 2010-03-22 01:28 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-31 04:04 . 2012-07-06 13:27 9013136 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{412849A8-A463-4935-ADAA-868D51D6F98B}\mpengine.dll . . ((((((((((((((((((((((((((((( SnapShot_2012-08-13_21.05.24 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-13 18:35 . 2012-08-14 22:02 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-08-13 18:35 . 2012-08-13 19:32 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-21 12:06 . 2012-08-13 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-21 12:06 . 2012-08-14 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-08-13 18:49 . 2012-08-13 18:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-08-13 18:49 . 2012-08-14 22:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-21 12:06 . 2012-08-13 18:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-21 12:06 . 2012-08-14 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-14 22:02 . 2012-08-14 22:02 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe + 2012-08-14 22:02 . 2012-08-14 22:02 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.dll + 2012-07-26 23:50 . 2012-08-14 22:02 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe - 2012-07-26 23:50 . 2012-08-03 01:09 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2008-01-21 03:20 . 2012-08-14 22:02 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-01-21 03:20 . 2012-08-13 19:32 327680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-25 22:45 . 2012-08-14 22:01 196402 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-10-22 15:15 . 2012-08-14 01:59 222780 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2006-11-02 12:46 . 2012-08-13 21:12 603282 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-08-13 19:22 603282 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-08-13 21:12 106696 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2012-08-13 19:22 106696 c:\windows\system32\perfc009.dat + 2012-08-14 22:02 . 2012-08-14 22:02 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.exe + 2012-08-14 22:02 . 2012-08-14 22:02 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_271_ActiveX.dll - 2008-01-21 03:20 . 2012-08-13 19:32 1638400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-01-21 03:20 . 2012-08-14 22:02 1638400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968] "BitTorrent DNA"="c:\users\sanja\Program Files (x86)\DNA\btdna.exe" [2009-11-07 323392] "ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "NDSTray.exe"="NDSTray.exe" [BU] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . c:\users\sanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 22:02] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34] . 2012-08-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b89ea438-9161-45ca-8632-bcf2363f0534.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-08-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9c71027-d5d9-4ca5-8a6a-d7735a8d2203.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808] "RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288] "Skytel"="Skytel.exe" [2007-11-20 1826816] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU] "SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU] "00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 64.71.255.198 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\sanja\AppData\Roaming\Mozilla\Firefox\Profiles\q2dgay51.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q= . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Network Associates] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . Completion time: 2012-08-14 18:30:24 ComboFix-quarantined-files.txt 2012-08-14 22:30 ComboFix2.txt 2012-08-13 23:58 ComboFix3.txt 2012-08-13 21:16 ComboFix4.txt 2011-12-29 22:04 ComboFix5.txt 2012-08-14 22:07 . Pre-Run: 173,757,837,312 bytes free Post-Run: 172,978,454,528 bytes free . - - End Of File - - 9E46CB0A786744827685559686A980CB