I found a response here to this issue and I installed ComboFix, ran it and the log file it produced contained the text below. I don't know what to do now. I would appreciate any advice. Thanks.
ComboFix 12-12-07.01 - CalnKat 08/12/2012 20:38:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1656 [GMT 0:00]
Running from: c:\users\CalnKat\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\ebfboedheelhbibelmfjonmllecbhdpk.crx
c:\programdata\Bcool\settings.ini
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-07 07:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0694C13A-6846-4A5A-988F-41A28E874D18}\mpengine.dll
2012-12-05 21:14 . 2012-12-05 21:41 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\users\CalnKat\AppData\Roaming\Malwarebytes
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-02 19:45 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 08:08 . 2012-11-29 08:08 -------- d-----w- c:\program files\CCleaner
2012-11-29 08:00 . 2012-11-29 08:04 -------- d-----w- c:\program files\Auslogics
2012-11-28 21:27 . 2012-11-28 21:27 14664 ----a-w- c:\windows\stinger.sys
2012-11-28 21:25 . 2012-11-28 21:55 -------- d-----w- c:\program files\stinger
2012-11-20 21:24 . 2012-11-20 21:24 -------- d-----w- c:\programdata\HP Product Assistant
2012-11-18 20:14 . 2012-11-18 20:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-18 16:24 . 2012-11-18 16:24 -------- d-----w- c:\users\CalnKat\AppData\Roaming\LavasoftStatistics
2012-11-18 16:21 . 2012-11-18 16:21 -------- d-----w- c:\programdata\Lavasoft
2012-11-18 16:21 . 2012-11-18 16:26 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\programdata\blekko toolbars
2012-11-18 16:20 . 2012-11-18 16:22 -------- d-----w- c:\users\CalnKat\AppData\Local\adawarebp
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\program files\Toolbar Cleaner
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\program files\adawaretb
2012-11-18 16:19 . 2012-11-18 16:27 -------- d-----w- c:\users\CalnKat\AppData\Roaming\Ad-Aware Antivirus
2012-11-15 09:37 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 09:37 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 21:41 . 2012-04-12 07:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-19 21:41 . 2011-12-12 08:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 16:29 . 2012-11-07 16:29 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-10-30 22:51 . 2011-12-11 22:48 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-11 22:48 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-12-11 22:48 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-12-11 22:48 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-11 22:48 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-11 22:48 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-11 22:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-11 22:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-07 19:56 . 2012-10-07 19:57 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 19:56 . 2012-01-01 09:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 14:03 . 2012-10-05 14:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-10-05 14:03 . 2012-10-05 14:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-05 14:03 . 2012-10-05 14:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-05 14:03 . 2012-10-05 14:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-05 14:03 . 2012-10-05 14:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-10-05 14:03 . 2012-10-05 14:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-05 14:03 . 2012-10-05 14:03 367104 ----a-w- c:\windows\system32\html.iec
2012-10-05 14:03 . 2012-10-05 14:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-10-05 14:03 . 2012-10-05 14:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-05 14:03 . 2012-10-05 14:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-10-05 14:03 . 2012-10-05 14:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-10-05 14:03 . 2012-10-05 14:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-10-05 14:03 . 2012-10-05 14:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-10-05 14:03 . 2012-10-05 14:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-10-05 14:03 . 2012-10-05 14:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-05 13:28 . 2008-09-12 13:16 920088 ----a-r- c:\windows\system32\igxpun.exe
2012-09-24 22:16 . 2012-10-17 18:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 13:28 . 2012-10-10 21:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 17:50 . 2012-11-18 20:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\CalnKat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R265 Series]
2006-05-19 03:00 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-16 12:37 138096 ----atw- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 21:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2012-06-08 11:06 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-26 21:34 1199576 ----a-w- c:\users\CalnKat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-12-23 21:26 396152 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:41]
.
2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4132164841-1199426508-1231601739-1000Core.job
- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 12:37]
.
2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4132164841-1199426508-1231601739-1000UA.job
- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://search.gboxapp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.gboxapp.com/?q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C8CF10B0-9DD4-4F7A-BDBB-F11E4489D95D&n=77ee147d&ind=2012091517&id=ZXxdm040YYgb&ptnrS=ZXxdm040YYgb&si=radiopi&searchfor=
FF - ExtSQL: 2012-11-18 16:20; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-11-18 20:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111252&tt=280612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a07b000e0000000000000024d277710b
FF - user.js: extensions.BabylonToolbar_i.hardId - a07b000e0000000000000024d277710b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15523
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 20:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-08 20:47:55
ComboFix-quarantined-files.txt 2012-12-08 20:47
.
Pre-Run: 35,110,653,952 bytes free
Post-Run: 35,042,385,920 bytes free
.
- - End Of File - - E79448363BA2324FE047B777C2DC1671
ComboFix 12-12-07.01 - CalnKat 08/12/2012 20:38:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2939.1656 [GMT 0:00]
Running from: c:\users\CalnKat\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\ebfboedheelhbibelmfjonmllecbhdpk.crx
c:\programdata\Bcool\settings.ini
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
.
.
((((((((((((((((((((((((( Files Created from 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))))
.
.
2012-12-07 07:29 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0694C13A-6846-4A5A-988F-41A28E874D18}\mpengine.dll
2012-12-05 21:14 . 2012-12-05 21:41 -------- d---a-w- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\users\CalnKat\AppData\Roaming\Malwarebytes
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 19:45 . 2012-12-02 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-02 19:45 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-29 08:08 . 2012-11-29 08:08 -------- d-----w- c:\program files\CCleaner
2012-11-29 08:00 . 2012-11-29 08:04 -------- d-----w- c:\program files\Auslogics
2012-11-28 21:27 . 2012-11-28 21:27 14664 ----a-w- c:\windows\stinger.sys
2012-11-28 21:25 . 2012-11-28 21:55 -------- d-----w- c:\program files\stinger
2012-11-20 21:24 . 2012-11-20 21:24 -------- d-----w- c:\programdata\HP Product Assistant
2012-11-18 20:14 . 2012-11-18 20:14 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-11-18 16:24 . 2012-11-18 16:24 -------- d-----w- c:\users\CalnKat\AppData\Roaming\LavasoftStatistics
2012-11-18 16:21 . 2012-11-18 16:21 -------- d-----w- c:\programdata\Lavasoft
2012-11-18 16:21 . 2012-11-18 16:26 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\programdata\blekko toolbars
2012-11-18 16:20 . 2012-11-18 16:22 -------- d-----w- c:\users\CalnKat\AppData\Local\adawarebp
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\program files\Toolbar Cleaner
2012-11-18 16:20 . 2012-11-18 16:20 -------- d-----w- c:\program files\adawaretb
2012-11-18 16:19 . 2012-11-18 16:27 -------- d-----w- c:\users\CalnKat\AppData\Roaming\Ad-Aware Antivirus
2012-11-15 09:37 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 09:37 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 21:41 . 2012-04-12 07:03 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-19 21:41 . 2011-12-12 08:02 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-07 16:29 . 2012-11-07 16:29 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-10-30 22:51 . 2011-12-11 22:48 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-12-11 22:48 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-12-11 22:48 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-10-30 22:51 . 2011-12-11 22:48 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-12-11 22:48 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-12-11 22:48 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-12-11 22:46 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-12-11 22:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-07 19:56 . 2012-10-07 19:57 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 19:56 . 2012-01-01 09:37 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-05 14:03 . 2012-10-05 14:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-10-05 14:03 . 2012-10-05 14:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-10-05 14:03 . 2012-10-05 14:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-10-05 14:03 . 2012-10-05 14:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-10-05 14:03 . 2012-10-05 14:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-10-05 14:03 . 2012-10-05 14:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-10-05 14:03 . 2012-10-05 14:03 367104 ----a-w- c:\windows\system32\html.iec
2012-10-05 14:03 . 2012-10-05 14:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-10-05 14:03 . 2012-10-05 14:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-10-05 14:03 . 2012-10-05 14:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-10-05 14:03 . 2012-10-05 14:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-10-05 14:03 . 2012-10-05 14:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-10-05 14:03 . 2012-10-05 14:03 101888 ----a-w- c:\windows\system32\admparse.dll
2012-10-05 14:03 . 2012-10-05 14:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-10-05 14:03 . 2012-10-05 14:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-10-05 13:28 . 2008-09-12 13:16 920088 ----a-r- c:\windows\system32\igxpun.exe
2012-09-24 22:16 . 2012-10-17 18:47 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-13 13:28 . 2012-10-10 21:02 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-24 17:50 . 2012-11-18 20:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\CalnKat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-24 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2008-3-5 393216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 20:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R265 Series]
2006-05-19 03:00 139264 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIBNE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-16 12:37 138096 ----atw- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-05-28 11:40 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 21:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2012-06-08 11:06 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 19:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-26 21:34 1199576 ----a-w- c:\users\CalnKat\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]
2008-01-11 02:07 574864 ----a-w- c:\program files\TOSHIBA\Registration\ToshibaRegistration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba TEMPO]
2008-04-24 09:22 103824 ----a-w- c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-12-23 21:26 396152 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 21:41]
.
2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4132164841-1199426508-1231601739-1000Core.job
- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 12:37]
.
2012-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4132164841-1199426508-1231601739-1000UA.job
- c:\users\CalnKat\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-16 12:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://search.gboxapp.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.gboxapp.com/?q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=C8CF10B0-9DD4-4F7A-BDBB-F11E4489D95D&n=77ee147d&ind=2012091517&id=ZXxdm040YYgb&ptnrS=ZXxdm040YYgb&si=radiopi&searchfor=
FF - ExtSQL: 2012-11-18 16:20; {87934c42-161d-45bc-8cef-ef18abe2a30c}; c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2012-11-18 20:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\CalnKat\AppData\Roaming\Mozilla\Firefox\Profiles\9u5jlmze.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111252&tt=280612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a07b000e0000000000000024d277710b
FF - user.js: extensions.BabylonToolbar_i.hardId - a07b000e0000000000000024d277710b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15523
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.178:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 20:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-08 20:47:55
ComboFix-quarantined-files.txt 2012-12-08 20:47
.
Pre-Run: 35,110,653,952 bytes free
Post-Run: 35,042,385,920 bytes free
.
- - End Of File - - E79448363BA2324FE047B777C2DC1671