ComboFix 11-07-29.03 - Tadeusz 29/07/2011 21:52:29.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7862.6185 [GMT 2:00] Running from: c:\users\Tadeusz\Downloads\ComboFix.exe AV: Kaspersky PURE *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky PURE *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky PURE *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 ))))))))))))))))))))))))))))))) . . 2011-07-29 19:55 . 2011-07-29 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-29 19:55 . 2011-07-29 19:55 -------- d-----w- c:\users\boinc_master\AppData\Local\temp 2011-07-29 19:28 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8015AFA3-1FE1-46F0-8BE8-B9FA971642AE}\mpengine.dll 2011-07-28 18:06 . 2011-07-28 18:06 -------- d-----w- c:\windows\system32\appmgmt 2011-07-28 18:01 . 2011-07-28 18:01 -------- d-----w- C:\found.000 2011-07-21 16:44 . 2011-07-21 16:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2011-07-21 16:44 . 2011-07-21 16:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2011-07-21 16:44 . 2011-07-21 16:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2011-07-21 16:44 . 2011-07-21 16:44 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-07-21 12:37 . 2011-07-21 12:37 -------- d-----w- c:\users\Tadeusz\AppData\Local\DVD-RB Pro 2011-07-21 10:59 . 2011-07-21 12:37 -------- d-----w- c:\program files (x86)\DVD-RB PRO 2011-07-21 10:57 . 2011-07-21 10:59 -------- d-----w- c:\program files (x86)\AviSynth 2.5 2011-07-20 18:05 . 2011-07-20 19:39 -------- d-----w- c:\users\Tadeusz\AppData\Local\Deployment 2011-07-20 18:05 . 2011-07-20 18:05 -------- d-----w- c:\users\Tadeusz\AppData\Local\Apps 2011-07-20 15:30 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll 2011-07-20 15:30 . 2011-07-20 15:31 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack 2011-07-20 15:23 . 2011-07-20 18:42 -------- d-----w- c:\users\Tadeusz\AppData\Local\Ashampoo Movie Shrink & Burn 3 2011-07-20 15:22 . 2011-07-20 15:22 -------- d-----w- c:\users\Tadeusz\AppData\Local\ashampoo 2011-07-20 15:22 . 2011-07-20 15:22 -------- d-----w- c:\programdata\ashampoo 2011-07-19 15:37 . 2011-07-19 15:37 -------- d-----w- c:\program files (x86)\Foxit Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-26 11:23 . 2011-06-14 13:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-14 13:22 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-06-14 13:22 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-06-05 13:15 . 2011-06-05 13:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-05 13:15 . 2011-06-05 13:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-06-05 13:15 . 2011-06-05 13:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-06-05 13:15 . 2011-06-05 13:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-06-05 13:15 . 2011-06-05 13:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-06-05 13:15 . 2011-06-05 13:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-06-05 13:15 . 2011-06-05 13:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-06-05 13:15 . 2011-06-05 13:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-06-05 13:15 . 2011-06-05 13:15 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-06-05 13:15 . 2011-06-05 13:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-06-05 13:15 . 2011-06-05 13:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-06-05 13:15 . 2011-06-05 13:15 222208 ----a-w- c:\windows\system32\msls31.dll 2011-06-05 13:15 . 2011-06-05 13:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-06-05 13:15 . 2011-06-05 13:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-06-05 13:15 . 2011-06-05 13:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-06-05 13:15 . 2011-06-05 13:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-06-05 13:15 . 2011-06-05 13:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-06-05 13:15 . 2011-06-05 13:15 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-06-05 13:15 . 2011-06-05 13:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-06-05 13:15 . 2011-06-05 13:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-06-05 13:15 . 2011-06-05 13:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-06-05 13:15 . 2011-06-05 13:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-06-05 13:15 . 2011-06-05 13:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-05 13:15 . 2011-06-05 13:15 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-06-05 13:15 . 2011-06-05 13:15 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-06-05 13:15 . 2011-06-05 13:15 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-06-05 13:15 . 2011-06-05 13:15 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-06-05 13:15 . 2011-06-05 13:15 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-05 13:15 . 2011-06-05 13:15 448512 ----a-w- c:\windows\system32\html.iec 2011-06-05 13:15 . 2011-06-05 13:15 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-05 13:15 . 2011-06-05 13:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-05 13:15 . 2011-06-05 13:15 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-06-05 13:15 . 2011-06-05 13:15 160256 ----a-w- c:\windows\system32\wextract.exe 2011-06-05 13:15 . 2011-06-05 13:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-05 13:15 . 2011-06-05 13:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-05 13:15 . 2011-06-05 13:15 12288 ----a-w- c:\windows\system32\mshta.exe 2011-06-05 13:15 . 2011-06-05 13:15 114176 ----a-w- c:\windows\system32\admparse.dll 2011-06-05 13:15 . 2011-06-05 13:15 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-05 12:54 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-06-04 01:01 . 2011-06-04 01:01 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin 2011-06-03 05:57 . 2011-07-13 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-05-24 17:14 . 2011-06-01 10:52 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-24 11:42 . 2011-06-29 06:59 404480 ----a-w- c:\windows\system32\umpnpmgr.dll 2011-05-24 10:40 . 2011-06-29 06:59 64512 ----a-w- c:\windows\SysWow64\devobj.dll 2011-05-24 10:40 . 2011-06-29 06:59 44544 ----a-w- c:\windows\SysWow64\devrtl.dll 2011-05-24 10:39 . 2011-06-29 06:59 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37 . 2011-06-29 06:59 252928 ----a-w- c:\windows\SysWow64\drvinst.exe 2011-05-04 05:25 . 2011-06-29 06:59 2315776 ----a-w- c:\windows\system32\tquery.dll 2011-05-04 05:22 . 2011-06-29 06:59 2223616 ----a-w- c:\windows\system32\mssrch.dll 2011-05-04 05:22 . 2011-06-29 06:59 778752 ----a-w- c:\windows\system32\mssvp.dll 2011-05-04 05:22 . 2011-06-29 06:59 75264 ----a-w- c:\windows\system32\msscntrs.dll 2011-05-04 05:22 . 2011-06-29 06:59 491520 ----a-w- c:\windows\system32\mssph.dll 2011-05-04 05:22 . 2011-06-29 06:59 288256 ----a-w- c:\windows\system32\mssphtb.dll 2011-05-04 05:19 . 2011-06-29 06:59 591872 ----a-w- c:\windows\system32\SearchIndexer.exe 2011-05-04 05:19 . 2011-06-29 06:59 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe 2011-05-04 05:19 . 2011-06-29 06:59 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe 2011-05-04 04:34 . 2011-06-29 06:59 1549312 ----a-w- c:\windows\SysWow64\tquery.dll 2011-05-04 04:32 . 2011-06-29 06:59 666624 ----a-w- c:\windows\SysWow64\mssvp.dll 2011-05-04 04:32 . 2011-06-29 06:59 337408 ----a-w- c:\windows\SysWow64\mssph.dll 2011-05-04 04:32 . 2011-06-29 06:59 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll 2011-05-04 04:32 . 2011-06-29 06:59 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll 2011-05-04 04:32 . 2011-06-29 06:59 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll 2011-05-04 04:28 . 2011-06-29 06:59 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28 . 2011-06-29 06:59 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28 . 2011-06-29 06:59 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29 . 2011-06-15 12:46 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-05-03 04:30 . 2011-06-15 12:46 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:05 129624 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" [2010-10-01 348760] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456] R2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400] R2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280] R2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech QuickCam S5500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x] R4 BOINC;WORLDC~1|World Community Grid;c:\program files (x86)\BOINC\boinc.exe [2010-05-28 529152] R4 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 136176] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 136176] R4 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616] R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824] R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456] R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880] R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [x] S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 MSSQL$MYMOVIES;SQL Server (MYMOVIES);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-06-18 190496] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-02-23 2320920] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 02:19] . 2011-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-17 02:19] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2010-10-01 20:06 170584 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE\x64\ShellEx.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2010-04-27 23:48 5947656 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 410136] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-04 16414824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 TCP: DhcpNameServer = 192.168.178.1 FF - ProfilePath - c:\users\Tadeusz\AppData\Roaming\Mozilla\Firefox\Profiles\dmq4hait.default\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-07-29 21:58:10 ComboFix-quarantined-files.txt 2011-07-29 19:58 . Pre-Run: 57,639,333,888 bytes free Post-Run: 58,583,007,232 bytes free . - - End Of File - - 53746F155B1574924D5CEB3DC2106D90