ComboFix 12-11-04.01 - David 04/11/2012  17:30:10.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3837.2446 [GMT -6:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}
SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\David\AppData\Local\chromeupdate.crx
c:\users\David\AppData\Roaming\arecp.dll
c:\users\David\AppData\Roaming\Atvaso
c:\users\David\AppData\Roaming\Atvaso\opem.tyv
c:\users\David\AppData\Roaming\B34BFE
c:\users\David\AppData\Roaming\B34BFE\B34BFE.exe
c:\users\David\AppData\Roaming\Caohto
c:\users\David\AppData\Roaming\Caohto\nyip.exe
c:\users\David\AppData\Roaming\Inwaow
c:\users\David\AppData\Roaming\Inwaow\uxaxq.nea
c:\users\David\AppData\Roaming\psdhtu.dll
c:\users\David\AppData\Roaming\tztzh45u.exe
c:\users\David\AppData\Roaming\Vefeir
c:\users\David\AppData\Roaming\Vefeir\adyxp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-05 to 2012-11-05  )))))))))))))))))))))))))))))))
.
.
2012-11-04 23:50 . 2012-11-04 23:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-04 22:59 . 2012-11-04 22:59	--------	d-----w-	C:\_OTL
2012-11-04 21:27 . 2012-11-04 21:27	--------	d-----w-	c:\users\David\AppData\Roaming\AVG2013
2012-11-04 21:21 . 2012-11-04 21:21	--------	d-----w-	c:\users\David\AppData\Roaming\TuneUp Software
2012-11-04 21:18 . 2012-11-04 21:22	--------	d-----w-	c:\programdata\AVG2013
2012-11-04 21:18 . 2012-11-04 21:18	--------	d-----w-	C:\$AVG
2012-11-04 21:12 . 2012-11-04 21:30	--------	d-----w-	c:\programdata\MFAData
2012-11-04 21:12 . 2012-11-04 21:12	--------	d--h--w-	c:\programdata\Common Files
2012-11-04 21:12 . 2012-11-04 21:12	--------	d-----w-	c:\users\David\AppData\Local\MFAData
2012-11-04 21:12 . 2012-11-04 21:12	--------	d-----w-	c:\users\David\AppData\Local\Avg2013
2012-10-26 03:33 . 2012-10-26 03:33	--------	d-----w-	c:\program files (x86)\Adobe Download Assistant
2012-10-25 21:00 . 2012-11-04 18:21	--------	d-----w-	c:\users\David\AppData\Roaming\Yguv
2012-10-25 21:00 . 2012-10-25 21:00	--------	d-----w-	c:\users\David\AppData\Roaming\Myyhus
2012-10-24 23:33 . 2012-10-24 23:40	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-23 13:01 . 2012-10-17 07:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{99D5FB26-2626-489C-8D2B-7054F9B1D4F0}\mpengine.dll
2012-10-10 13:47 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 13:47 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 13:47 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 13:47 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 13:47 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 13:47 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 13:47 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 13:47 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 13:47 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 13:47 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 13:47 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-06 17:01 . 2012-10-06 17:01	--------	d-----w-	c:\program files (x86)\Maxis
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 23:40 . 2011-11-04 04:03	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 20:43 . 2006-11-02 12:35	65309168	----a-w-	c:\windows\system32\mrt.exe
2012-10-05 09:26 . 2012-10-05 09:26	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 09:30 . 2012-10-02 09:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-09-30 00:54 . 2012-02-01 19:53	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-21 09:46 . 2012-09-21 09:46	200032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-09-21 09:46 . 2012-09-21 09:46	225120	----a-w-	c:\windows\system32\drivers\avgloga.sys
2012-09-21 09:45 . 2012-09-21 09:45	61792	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-09-14 09:05 . 2012-09-14 09:05	40800	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 09:11 . 2012-09-13 09:11	151904	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-24 11:15 . 2012-09-22 05:01	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 05:01	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 05:02	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 05:02	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 05:02	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 05:02	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 05:02	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 05:02	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 05:02	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 05:02	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 05:02	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 05:02	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 05:02	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 05:02	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 05:02	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 05:02	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 05:02	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 05:02	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 05:02	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 05:02	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 05:02	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 05:02	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-05-15 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
.
c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
OpenOffice.org 2.4.lnk - c:\program files (x86)\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-15 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe [2008-02-12 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 23:40]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 03:52]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-11 03:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-15 444416]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=CA&userid=189f0472-9750-4e56-9631-2a5d6f5b62ff&searchtype=ds&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\SMINST\BLService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files (x86)\OpenOffice.org 2.4\program\soffice.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\OpenOffice.org 2.4\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2012-11-04  18:17:22 - machine was rebooted
ComboFix-quarantined-files.txt  2012-11-05 00:17
.
Pre-Run: 42,228,588,544 bytes free
Post-Run: 47,701,237,760 bytes free
.
- - End Of File - - 02C43D87F879FAADD0794F2A787CC390