Doron_xyz
2011-05-20, 23:07
Hello ,
I removed several malware that after a little are coming to my notebook.
I used the Malwarebytes' Anti-Malware and ComboFix. I notiched some Locked Register Keys as well, in ComboFix.
PLease see the text file from both programs and let me know what else could be done,
Thanks,
Doron
Malwarebytes
===============================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6621
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
5/19/2011 11:51:53 PM
mbam-log-2011-05-19 (23-51-53).txt
Scan type: Full scan (C:\|)
Objects scanned: 313351
Time elapsed: 31 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qotkejri (Trojan.FakeAlertR.Gen) -> Value: qotkejri -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix:
================================
ComboFix 11-05-18.04 - Eric 05/19/2011 23:57:18.9.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4061.2009 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Edhy\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Doron\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-17 23:28 . 2011-05-20 04:01 -------- d-----w- c:\users\Eric\AppData\Local\temp
2011-05-17 16:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 16:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 21:52 . 2011-05-12 22:28 -------- d-----w- c:\programdata\MicroFour
2011-05-12 16:24 . 2011-05-17 20:14 -------- d-----w- c:\users\Eric\AppData\Local\Adobe
2011-05-10 18:00 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 18:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 18:00 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 18:00 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 18:00 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 18:00 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 18:00 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 18:00 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-27 01:30 . 2011-04-27 01:30 -------- d-----w- C:\182b852d4a22afc859
2011-04-26 21:53 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-26 21:53 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 21:53 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:53 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-22 14:13 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49FEE7D0-6694-44DC-B3BB-78BC63E28957}\mpengine.dll
2011-04-21 03:51 . 2011-04-21 03:51 -------- d-----w- c:\users\Doron\AppData\Local\{6A69163C-11E2-4745-AFBD-D1D5714F586E}
2011-04-20 14:07 . 2011-04-20 14:07 -------- d-----w- c:\users\Doron\AppData\Local\{4B7B71CC-E78D-4501-8DAE-ABDA93AC1A56}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 04:07 . 2011-04-17 04:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-17 04:07 . 2011-04-17 04:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 448512 ----a-w- c:\windows\system32\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 04:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 04:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-11 06:34 . 2011-04-14 02:39 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 02:39 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 02:39 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 02:39 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-09 20:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-14 02:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 02:37 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-26 21:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 21:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 02:38 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 02:38 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 02:38 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 02:39 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:15 . 2011-04-14 02:39 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 02:39 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 02:37 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 02:39 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 02:39 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 02:39 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 02:37 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 02:37 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 02:37 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-09 20:46 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 20:46 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 20:46 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-14 02:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-14 02:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-09 20:46 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 20:46 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-14 02:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-14 02:38 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-10_18.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 16:27 . 2011-05-18 14:53 65514 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-19 16:30 47628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-28 22:37 . 2011-05-19 16:30 20588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1010_UserData.bin
+ 2009-10-07 00:48 . 2011-05-18 14:35 13554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1001_UserData.bin
- 2009-07-14 05:30 . 2011-04-28 02:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_0e62256bde3faf4b\RimUsb_AMD64.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-09 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 21:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-05-17 23:14 78776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-10 18:00 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 21:01 . 2011-05-20 03:14 279778 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-04-24 18:58 726704 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 726704 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-24 18:58 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
- 2009-07-14 05:31 . 2011-04-28 02:51 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-05-11 14:12 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:12 . 2011-04-20 01:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-05-19 16:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-05-10 03:49 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-19 05:29 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 01:04 . 2011-05-18 01:04 478716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:45 . 2011-05-17 23:04 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-28 23:56 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-10 01:41 . 2011-05-19 05:29 5716796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1001-12288.dat
- 2009-07-14 02:34 . 2011-04-28 02:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-11 14:12 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-10-07 21:17 . 2011-05-10 18:41 44548040 c:\windows\system32\MRT.exe
+ 2011-04-17 04:51 . 2011-05-19 05:29 11655016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1010-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\utils\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\utils\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\media\logitech webcam\Logitech WebCam Software\eReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 49752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 McAfeeEngineService;McAfee Engine Service;c:\utils\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;d:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"LogMeIn GUI"="d:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="d:\program files\Canon Printer\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\l9zeooyn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\program files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{601ED020-FB6C-11D3-87D8-0050DA59922B}"=hex:51,66,7a,6c,4c,1d,38,12,4e,d3,0d,
64,5e,b5,bd,54,f8,ce,43,10,df,07,d6,3f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,5c,99,2f,e8,14,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-20 00:04:04
ComboFix-quarantined-files.txt 2011-05-20 04:04
ComboFix2.txt 2011-05-17 23:41
ComboFix3.txt 2011-05-16 20:03
ComboFix4.txt 2011-05-13 21:16
ComboFix5.txt 2011-05-20 03:56
.
Pre-Run: 122,839,584,768 bytes free
Post-Run: 122,860,253,184 bytes free
.
- - End Of File - - 8A2FC32211C4E39A88629976DA28D426
I removed several malware that after a little are coming to my notebook.
I used the Malwarebytes' Anti-Malware and ComboFix. I notiched some Locked Register Keys as well, in ComboFix.
PLease see the text file from both programs and let me know what else could be done,
Thanks,
Doron
Malwarebytes
===============================
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6621
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
5/19/2011 11:51:53 PM
mbam-log-2011-05-19 (23-51-53).txt
Scan type: Full scan (C:\|)
Objects scanned: 313351
Time elapsed: 31 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\qotkejri (Trojan.FakeAlertR.Gen) -> Value: qotkejri -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ComboFix:
================================
ComboFix 11-05-18.04 - Eric 05/19/2011 23:57:18.9.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4061.2009 [GMT -4:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Edhy\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Doron\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 04:01 . 2011-05-20 04:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-05-17 23:28 . 2011-05-20 04:01 -------- d-----w- c:\users\Eric\AppData\Local\temp
2011-05-17 16:39 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-17 16:39 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-12 21:52 . 2011-05-12 22:28 -------- d-----w- c:\programdata\MicroFour
2011-05-12 16:24 . 2011-05-17 20:14 -------- d-----w- c:\users\Eric\AppData\Local\Adobe
2011-05-10 18:00 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-10 18:00 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-10 18:00 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-10 18:00 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-10 18:00 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-10 18:00 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-10 18:00 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-10 18:00 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-10 18:00 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-04-27 01:30 . 2011-04-27 01:30 -------- d-----w- C:\182b852d4a22afc859
2011-04-26 21:53 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-04-26 21:53 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-04-26 21:53 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 21:53 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-22 14:13 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{49FEE7D0-6694-44DC-B3BB-78BC63E28957}\mpengine.dll
2011-04-21 03:51 . 2011-04-21 03:51 -------- d-----w- c:\users\Doron\AppData\Local\{6A69163C-11E2-4745-AFBD-D1D5714F586E}
2011-04-20 14:07 . 2011-04-20 14:07 -------- d-----w- c:\users\Doron\AppData\Local\{4B7B71CC-E78D-4501-8DAE-ABDA93AC1A56}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-17 04:07 . 2011-04-17 04:07 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-17 04:07 . 2011-04-17 04:07 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-17 04:07 . 2011-04-17 04:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-17 04:07 . 2011-04-17 04:07 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-17 04:07 . 2011-04-17 04:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-17 04:07 . 2011-04-17 04:07 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-17 04:07 . 2011-04-17 04:07 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-17 04:07 . 2011-04-17 04:07 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-17 04:07 . 2011-04-17 04:07 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-17 04:07 . 2011-04-17 04:07 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-17 04:07 . 2011-04-17 04:07 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-17 04:07 . 2011-04-17 04:07 448512 ----a-w- c:\windows\system32\html.iec
2011-04-17 04:07 . 2011-04-17 04:07 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-17 04:07 . 2011-04-17 04:07 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-17 04:07 . 2011-04-17 04:07 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-17 04:07 . 2011-04-17 04:07 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-17 04:07 . 2011-04-17 04:07 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-17 04:07 . 2011-04-17 04:07 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-17 04:07 . 2011-04-17 04:07 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-17 04:07 . 2011-04-17 04:07 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-17 04:07 . 2011-04-17 04:07 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-17 04:07 . 2011-04-17 04:07 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-17 04:01 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-17 04:01 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-11 06:34 . 2011-04-14 02:39 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-14 02:39 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 05:33 . 2011-04-14 02:39 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-14 02:39 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-09 20:41 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-14 02:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-14 02:37 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-04 06:19 . 2011-04-26 21:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-26 21:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 06:24 . 2011-04-14 02:38 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 06:21 . 2011-04-14 02:38 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 05:36 . 2011-04-14 02:38 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-03-03 03:52 . 2011-04-14 02:39 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-02-24 06:15 . 2011-04-14 02:39 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-24 05:38 . 2011-04-14 02:39 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-23 04:56 . 2011-04-14 02:37 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 04:56 . 2011-04-14 02:39 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 04:56 . 2011-04-14 02:39 411648 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 04:55 . 2011-04-14 02:39 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 04:55 . 2011-04-14 02:37 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 04:55 . 2011-04-14 02:37 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 04:55 . 2011-04-14 02:37 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 12:05 . 2011-03-09 20:46 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 20:46 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-09 20:46 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 12:03 . 2011-04-14 02:38 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 09:00 . 2011-04-14 02:38 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-02-19 06:30 . 2011-03-09 20:46 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-09 20:46 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-19 06:30 . 2011-04-14 02:38 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-19 04:34 . 2011-04-14 02:38 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-05-10_18.25.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-07 16:27 . 2011-05-18 14:53 65514 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-19 16:30 47628 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-28 22:37 . 2011-05-19 16:30 20588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1010_UserData.bin
+ 2009-10-07 00:48 . 2011-05-18 14:35 13554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-123169825-2983614903-3252433451-1001_UserData.bin
- 2009-07-14 05:30 . 2011-04-28 02:51 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\DriverStore\FileRepository\rimusbnt.inf_amd64_neutral_0e62256bde3faf4b\RimUsb_AMD64.sys
+ 2007-05-14 20:06 . 2007-05-14 20:06 27520 c:\windows\system32\drivers\RimUsb_AMD64.sys
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-07 00:36 . 2011-05-09 23:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-07 00:36 . 2011-05-19 21:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-09 23:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 21:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-05-17 23:14 78776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-05-10 18:00 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-10 17:54 . 2011-05-10 17:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-19 16:27 . 2011-05-19 16:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-07 21:01 . 2011-05-20 03:14 279778 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-04-24 18:58 726704 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 726704 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-04-24 18:58 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-05-17 04:57 147596 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-04-28 02:51 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-05-17 04:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-05-10 18:00 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys
+ 2011-05-10 18:00 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys
- 2009-07-14 05:31 . 2011-04-28 02:51 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2009-07-14 05:31 . 2011-05-11 14:12 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:12 . 2011-04-20 01:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-05-19 16:30 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2011-05-10 03:49 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-19 05:29 477948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-18 01:04 . 2011-05-18 01:04 478716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:45 . 2011-05-17 23:04 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-04-28 23:56 6817720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-12-10 01:41 . 2011-05-19 05:29 5716796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1001-12288.dat
- 2009-07-14 02:34 . 2011-04-28 02:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-05-11 14:12 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-10-07 21:17 . 2011-05-10 18:41 44548040 c:\windows\system32\MRT.exe
+ 2011-04-17 04:51 . 2011-05-19 05:29 11655016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-123169825-2983614903-3252433451-1010-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\utils\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\utils\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - d:\media\logitech webcam\Logitech WebCam Software\eReg.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 lvsels64;Logitech Selective Suspend Filter;c:\windows\system32\DRIVERS\lvsels64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-11-09 49752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files (x86)\LogMeIn\x64\RaInfo.sys [2008-08-11 15928]
S2 McAfeeEngineService;McAfee Engine Service;c:\utils\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2008-09-29 17920]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MsDtsServer100;SQL Server Integration Services 10.0;d:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2008-07-10 214040]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);d:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2008-07-10 34840]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [x]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 18:23]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"LogMeIn GUI"="d:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2008-08-11 57928]
"BCSSync"="d:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"CanonMyPrinter"="d:\program files\Canon Printer\BJMyPrt.exe" [2010-03-25 2726728]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Se&nd to OneNote - d:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
DPF: {2D168880-539F-4967-BA11-F7C2862B9E1D} - hxxp://www.shockwave.com/content/diaperdash/sis/DiaperDashWeb.1.0.0.4.cab
DPF: {74EF5274-F439-2168-B543-14745B625C72} - hxxp://www.shockwave.com/content/weddingdash2/sis/WeddingDash2Web.1.0.0.13.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
DPF: {FCB28D51-A017-46B2-9FB3-F7BFD53B2E42} - hxxp://www.shockwave.com/content/chocolatierdecadence/sis/Chocolatier3Web.1.0.0.6.cab
FF - ProfilePath - c:\users\Eric\AppData\Roaming\Mozilla\Firefox\Profiles\l9zeooyn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - d:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - d:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - d:\program files (x86)\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - d:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}"=hex:51,66,7a,6c,4c,1d,38,12,ed,e2,e6,
8b,ec,e5,85,03,cf,88,91,ea,bc,02,ef,f7
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{00C6482D-C502-44C8-8409-FCE54AD9C208}"=hex:51,66,7a,6c,4c,1d,38,12,43,4b,d5,
04,30,8b,a6,01,fb,1f,bf,a5,4f,87,86,1c
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{601ED020-FB6C-11D3-87D8-0050DA59922B}"=hex:51,66,7a,6c,4c,1d,38,12,4e,d3,0d,
64,5e,b5,bd,54,f8,ce,43,10,df,07,d6,3f
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e2,5c,99,2f,e8,14,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-20 00:04:04
ComboFix-quarantined-files.txt 2011-05-20 04:04
ComboFix2.txt 2011-05-17 23:41
ComboFix3.txt 2011-05-16 20:03
ComboFix4.txt 2011-05-13 21:16
ComboFix5.txt 2011-05-20 03:56
.
Pre-Run: 122,839,584,768 bytes free
Post-Run: 122,860,253,184 bytes free
.
- - End Of File - - 8A2FC32211C4E39A88629976DA28D426