ComboFix 12-12-23.01 - raghuvir.s 12/24/2012 9:50.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.808 [GMT 5.5:30] Running from: f:\general\Software\Combofix\ComboFix.exe Command switches used :: f:\general\Software\Combofix\CFscript.txt AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . . ((((((((((((((((((((((((( Files Created from 2012-11-24 to 2012-12-24 ))))))))))))))))))))))))))))))) . . 2012-12-17 10:17 . 2012-12-18 09:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2012-12-17 10:06 . 2012-12-17 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\2BrightSparks 2012-12-17 10:06 . 2012-12-17 10:06 -------- d-----w- c:\program files\Recuva 2012-12-17 10:05 . 2012-12-17 10:05 -------- d-----w- c:\program files\GUM4C.tmp 2012-12-17 10:05 . 2012-12-17 10:05 -------- d-----w- c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\Windows Desktop Search 2012-12-14 07:03 . 2012-12-17 11:25 -------- d-----w- c:\program files\V9 Redirect Virus Removal Tool 2012-12-13 06:47 . 2012-12-20 06:02 -------- d-----w- c:\program files\Everything 2012-12-13 06:38 . 2012-12-13 06:38 -------- d-----w- c:\program files\2BrightSparks 2012-12-13 06:10 . 2012-12-13 06:10 -------- d-----w- c:\program files\TSR Soft 2012-12-13 05:53 . 2012-12-17 10:06 -------- d-----w- c:\program files\AntiTwin 2012-12-12 09:14 . 2012-12-17 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-12 09:14 . 2012-12-17 10:06 -------- d-----w- c:\program files\iTunes 2012-12-12 05:44 . 2012-12-12 12:39 4096000 ----a-w- c:\program files\GUT4D.tmp 2012-12-03 07:18 . 2012-12-17 10:05 -------- d-----w- c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\CoreFTP 2012-12-01 05:13 . 2012-12-01 05:13 -------- d-----w- c:\documents and settings\raghuvir.s.RSPINDIA\AppData 2012-11-28 09:40 . 2012-11-28 10:21 -------- d-----w- c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\EPANET 2012-11-28 09:39 . 2012-11-28 09:40 -------- d-----w- c:\program files\EPANET2 2012-11-28 09:39 . 2012-11-28 09:39 796672 ----a-w- c:\windows\GPInstall.exe 2012-11-28 09:05 . 2010-01-19 16:46 7680 ----a-w- c:\windows\system32\drivers\bautopw.sys 2012-11-28 05:22 . 2012-11-28 05:22 -------- d-sh--w- c:\documents and settings\aravind.RSPINDIA\PrivacIE 2012-11-28 05:21 . 2012-11-28 05:22 -------- d-----w- c:\documents and settings\aravind.RSPINDIA\Local Settings\Application Data\SFT_eng7 2012-11-28 05:18 . 2012-11-28 05:18 -------- d-----w- c:\documents and settings\aravind.RSPINDIA\Application Data\BUFFALO 2012-11-28 05:18 . 2012-11-28 05:18 -------- d-sh--w- c:\documents and settings\aravind.RSPINDIA\IETldCache 2012-11-27 12:32 . 2011-01-06 08:43 480632 ----a-w- c:\windows\UN080616.EXE 2012-11-27 12:27 . 2008-04-17 12:55 173360 ----a-w- c:\windows\UN020914.EXE 2012-11-27 12:27 . 2012-11-28 08:53 -------- d-----w- C:\BUFFALO 2012-11-27 04:14 . 2012-11-28 08:49 -------- d-----w- c:\windows\system32\NtmsData . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-06 03:44 . 2012-04-04 03:47 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-06 03:44 . 2011-09-21 03:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-19 06:32 . 2012-11-09 04:44 51716 ----a-w- c:\windows\system32\pdf995mon.dll 2012-11-19 06:32 . 2012-11-09 04:44 249856 ----a-w- c:\windows\system32\pdfmona.dll 2012-10-24 21:42 . 2012-10-24 21:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-24 21:42 . 2012-10-24 21:42 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-17 11:07 . 2011-05-16 09:43 397312 ----a-w- c:\windows\system32\TubeFinder.exe 2011-08-18 07:03 . 2011-08-18 07:08 454120 ----a-w- c:\program files\cnet_advdp_exe.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928] . [HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{6B34ACCF-1B63-4E1A-8633-461917C75544}"= "c:\program files\Freecorder 6\tbcore3.dll" [2012-08-01 2711928] . [HKEY_CLASSES_ROOT\clsid\{6b34accf-1b63-4e1a-8633-461917c75544}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808.3] [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}] [HKEY_CLASSES_ROOT\TBSB00808.TBSB00808] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952] "Backup Utility TaskTray Tool"="c:\program files\BUFFALO\Backup_Utility\BUTray.exe" [2011-09-06 3603528] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-24 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952] "Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BUFFALO RAMDISK Tray Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BUFFALO RAMDISK Tray Utility.lnk backup=c:\windows\pss\BUFFALO RAMDISK Tray Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BUFFALO RAMDISK Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BUFFALO RAMDISK Utility.lnk backup=c:\windows\pss\BUFFALO RAMDISK Utility.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^raghuvir.s.RSPINDIA^Start Menu^Programs^Startup^fliptoast.lnk] path=c:\documents and settings\raghuvir.s.RSPINDIA\Start Menu\Programs\Startup\fliptoast.lnk backup=c:\windows\pss\fliptoast.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^raghuvir.s.RSPINDIA^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\raghuvir.s.RSPINDIA\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2012-05-26 01:02 4327744 ------w- c:\documents and settings\raghuvir.s.RSPINDIA\Local Settings\Application Data\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2011-11-02 02:21 59240 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-11-28 08:43 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Backup Utility TaskTray Tool] 2011-09-06 07:32 3603528 ------w- c:\program files\BUFFALO\Backup_Utility\BUTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuffaloTools] 2011-08-18 08:15 175176 ----a-w- c:\program files\BUFFALO\BuffaloTools\BuffaloTools.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] 2008-11-03 20:14 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileOpenBroker] 2012-04-30 14:26 836480 ----a-w- c:\program files\FileOpen\Services\FileOpenBroker32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service] 2011-03-24 07:11 167936 ------w- c:\program files\Freecorder\FLVSrvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 06:14 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2005-01-07 11:37 61952 ------w- c:\windows\system32\HdAShCut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2007-01-13 04:17 163840 ----a-w- c:\windows\system32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2007-11-26 09:24 1057064 -c--a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-11-28 19:19 151952 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-01 09:27 153136 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2007-01-13 04:16 135168 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-24 21:42 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] 2007-11-26 09:24 1629480 -c--a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WEB Framework] 2011-07-28 19:30 368640 ----a-w- c:\program files\WEB Framework\wbfrmwrk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "gusvc"=3 (0x3) "gupdatem"=3 (0x3) "gupdate"=2 (0x2) "Bonjour Service"=2 (0x2) "BFBackupUtilityVSSService"=2 (0x2) "BFBackupUtilityService"=2 (0x2) "BBUpdate"=3 (0x3) "BBSvc"=2 (0x2) "Akamai"=2 (0x2) "AdobeFlashPlayerUpdateSvc"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\hasplms.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Documents and Settings\\raghuvir.s.RSPINDIA\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "f:\\Rathaur\\Software\\SweetImSetup.exe"= "c:\\Program Files\\WEB Framework\\wbfrmwrk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "15000:UDP"= 15000:UDP:Kaspersky Administration Kit "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 BFRD4G;BUFFALO RAM Disk Driver;c:\windows\system32\drivers\BFRD4G.sys [7/29/2011 10:51 AM 36344] R0 bftpdskc;BUFFALO TurboPC Cache Filter;c:\windows\system32\drivers\bftpdskc.sys [6/8/2012 4:09 PM 41856] R2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc32.exe [4/30/2012 7:56 PM 213888] R2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 klnagent;Kaspersky Lab Network Agent;c:\program files\Kaspersky Lab\NetworkAgent 8\klnagent.exe [10/20/2010 1:38 PM 141688] R2 MSSQL$SIZINGMSDE;SQL Server (SIZINGMSDE);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 5:29 AM 29178224] R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:37 PM 35088] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [9/3/2009 3:24 PM 24848] S3 bautopw;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautopw.sys [11/28/2012 2:35 PM 7680] S3 bftpusbx;BUFFALO TurboPC USB Filter;c:\windows\system32\drivers\bftpusbx.sys [6/8/2012 4:09 PM 11776] S3 DialComService;DIAL Communication Service;c:\program files\DIAL GmbH\DIAL Communication Framework\DialComService.exe [2/14/2011 3:26 AM 1623552] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [6/4/2011 12:35 PM 36608] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys --> c:\windows\system32\DRIVERS\klim5.sys [?] S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [2/28/2006 5:30 PM 14336] S4 BFBackupUtilityService;Backup Utility Service;c:\program files\BUFFALO\Backup_Utility\BUService.exe -Service_Execute --> c:\program files\BUFFALO\Backup_Utility\BUService.exe -Service_Execute [?] S4 BFBackupUtilityVSSService;Backup Utility VSS Service for Windows XP;c:\program files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe -Service_Execute --> c:\program files\BUFFALO\Backup_Utility\BUVSSServiceXP.exe -Service_Execute [?] . --- Other Services/Drivers In Memory --- . *Deregistered* - FileOpenWebPublisherScreenHookDriver . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:44] . 2012-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 12:27] . 2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 03:59] . 2012-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-25 03:59] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = 172.16.10.15:8080 uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;*10; uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube Download - c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to iPod Converter - c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\raghuvir.s.RSPINDIA\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html IE: {{5E6D5FF7-A4CD-4d85-BB22-A429B57C5317} - {429D37EE-1709-412e-A210-A81A65D56C88} - TCP: DhcpNameServer = 172.16.10.50 TCP: Interfaces\{58F55EA3-2AC7-4346-9217-5A9C8EA5C66F}: NameServer = 125.22.47.125 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-12-24 09:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_5891ae0.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2654803419-384604545-938035817-21958_Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) @=hex:ce,95,aa,32,d3,21,cd,01 DUMPHIVE0.003 (REGF) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\{057C7771-F320-4C2A-A2EA-747945FA82F2}*] @=hex:e8,8a,7e,a7,1e,0b,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*] @=hex:3e,0a,78,f8,1c,0b,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\{97A98033-9FA1-4E80-A339-59787B43CC89}*] @=hex:16,cc,ba,f8,1c,0b,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*] @=hex:78,29,28,f4,1c,0b,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\{C4B20040-7D5A-4558-9E19-B7DF94366F97}*] @=hex:70,e2,81,fd,1c,0b,cd,01 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(1912) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\iTunes\iTunesMiniPlayer.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll c:\program files\Windows Desktop Search\deskbar.dll c:\program files\Windows Desktop Search\en-us\dbres.dll.mui c:\program files\Windows Desktop Search\dbres.dll c:\program files\Windows Desktop Search\wordwheel.dll c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui c:\program files\Windows Desktop Search\msnlExtRes.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-12-24 09:58:56 ComboFix-quarantined-files.txt 2012-12-24 04:28 ComboFix2.txt 2012-12-21 05:36 ComboFix3.txt 2012-12-21 05:19 ComboFix4.txt 2012-12-20 07:03 . Pre-Run: 28,250,931,200 bytes free Post-Run: 28,273,704,960 bytes free . - - End Of File - - 1592A300B03AA11679F239ED470677CA