ComboFix 11-08-18.02 - Adam Casey 19/08/2011 6:48.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.61.1033.18.6143.4752 [GMT 10:00]
Running from: c:\users\Adam Casey\Downloads\ComboFix.exe
Command switches used :: c:\users\Adam Casey\Desktop\CFscript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\DC++
c:\users\Adam Casey\AppData\Local\DC++
c:\users\Adam Casey\AppData\Local\DC++\ADLSearch.xml
c:\users\Adam Casey\AppData\Local\DC++\BACKUP\ADLSearch.xml
c:\users\Adam Casey\AppData\Local\DC++\BACKUP\DCPlusPlus.xml
c:\users\Adam Casey\AppData\Local\DC++\BACKUP\Favorites.xml
c:\users\Adam Casey\AppData\Local\DC++\BACKUP\HashIndex.xml
c:\users\Adam Casey\AppData\Local\DC++\BACKUP\Queue.xml
c:\users\Adam Casey\AppData\Local\DC++\Certificates\client.crt
c:\users\Adam Casey\AppData\Local\DC++\Certificates\client.key
c:\users\Adam Casey\AppData\Local\DC++\DCPlusPlus.xml
c:\users\Adam Casey\AppData\Local\DC++\Favorites.xml
c:\users\Adam Casey\AppData\Local\DC++\FileLists\FroBoz.FUIFFFQMOGL2JZBTUK74HSHKIWVYPE22PPGYLPQ.xml.bz2
c:\users\Adam Casey\AppData\Local\DC++\FileLists\IvanRebroff.PCJ7LGL5HOF3SAO2SIVCNGY62G7TCALJUIUCKOY.xml.bz2
c:\users\Adam Casey\AppData\Local\DC++\FileLists\Rickard.4H464ODOE7VV5UL37RKM6ADUMHC4EBXPXAAP7TI.xml.bz2
c:\users\Adam Casey\AppData\Local\DC++\FileLists\Skullduggery-Digs!.LMLXRWWB6QL3LZIDB5HFYNSPRSWLXVKPBWXII3I.xml.bz2
c:\users\Adam Casey\AppData\Local\DC++\HashData.dat
c:\users\Adam Casey\AppData\Local\DC++\HashIndex.xml
c:\users\Adam Casey\AppData\Local\DC++\Logs\Downloads.log
c:\users\Adam Casey\AppData\Local\DC++\Logs\Uploads.log
c:\users\Adam Casey\AppData\Local\DC++\Queue.xml
c:\users\Adam Casey\AppData\Local\DC++\Users.xml
c:\users\Adam Casey\AppData\Roaming\DC++
c:\users\Adam Casey\AppData\Roaming\DC++\ADLSearch.xml
c:\users\Adam Casey\AppData\Roaming\DC++\BACKUP\ADLSearch.xml
c:\users\Adam Casey\AppData\Roaming\DC++\BACKUP\DCPlusPlus.xml
c:\users\Adam Casey\AppData\Roaming\DC++\BACKUP\Favorites.xml
c:\users\Adam Casey\AppData\Roaming\DC++\BACKUP\HashIndex.xml
c:\users\Adam Casey\AppData\Roaming\DC++\BACKUP\Queue.xml
c:\users\Adam Casey\AppData\Roaming\DC++\Certificates\client.crt
c:\users\Adam Casey\AppData\Roaming\DC++\Certificates\client.key
c:\users\Adam Casey\AppData\Roaming\DC++\DCPlusPlus.xml
c:\users\Adam Casey\AppData\Roaming\DC++\Favorites.xml
c:\users\Adam Casey\AppData\Roaming\DC++\HashData.dat
c:\users\Adam Casey\AppData\Roaming\DC++\HashIndex.xml
c:\users\Adam Casey\AppData\Roaming\DC++\Queue.xml
c:\users\Adam Casey\AppData\Roaming\uTorrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Adobe Audition CS5.5.exe.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Adobe. Photoshop CS5.1 Extended Edition.exe.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\AnyDVD & AnyDVD HD 6.4.6.9 - Final.Incl.KeY.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\aoe2_org.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\apps\3609FC884502A1DF0AA5D9D160C827BB1BD51FC9.btapp
c:\users\Adam Casey\AppData\Roaming\uTorrent\apps\4585805A0BEAAAA6F570825EB241201C227B5E09.btapp
c:\users\Adam Casey\AppData\Roaming\uTorrent\Assassins.Creed.Brotherhood-SKIDROW.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Cakewalk.Sonar.Producer.Edition.v6.0.READ.NFO-BEAT.rar.1.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Cakewalk.Sonar.Producer.Edition.v6.0.READ.NFO-BEAT.rar.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Cakewalk.Sonitus.FX.Plugin.Suite.VST.DX.v3.3.1.0-DOA.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\dht.dat
c:\users\Adam Casey\AppData\Roaming\uTorrent\dht.dat.old
c:\users\Adam Casey\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\users\Adam Casey\AppData\Roaming\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\users\Adam Casey\AppData\Roaming\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\users\Adam Casey\AppData\Roaming\uTorrent\ie\ie.1311234010.tmp
c:\users\Adam Casey\AppData\Roaming\uTorrent\Minecraft Beta 1.4 wolf update latest.rar.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Minecraft_Beta_Cracked_v1.7.3.zip.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\MinecraftSP.zip.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Never Back Down (2008).torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Never Let Me Go (2010) BRRip x264 by Pruny.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\resume.dat
c:\users\Adam Casey\AppData\Roaming\uTorrent\resume.dat.old
c:\users\Adam Casey\AppData\Roaming\uTorrent\rss.dat
c:\users\Adam Casey\AppData\Roaming\uTorrent\rss.dat.old
c:\users\Adam Casey\AppData\Roaming\uTorrent\settings.dat
c:\users\Adam Casey\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Adam Casey\AppData\Roaming\uTorrent\sr-acbrh-Mbb.rar.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\Up In Smoke.avi.torrent
c:\users\Adam Casey\AppData\Roaming\uTorrent\World of Warcraft 3.3.5a (no install).torrent
c:\windows\SysWow64\PSHEDU.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 20:56 . 2011-08-18 20:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-12 13:39 . 2011-08-12 13:39 -------- d-----w- c:\program files (x86)\Syncrosoft
2011-08-12 13:39 . 2011-08-12 13:39 -------- d-----w- c:\programdata\eLicenser
2011-08-12 13:38 . 2011-08-12 13:39 -------- d-----w- c:\program files (x86)\eLicenser
2011-08-12 13:35 . 2011-08-12 13:35 2892 ----a-w- c:\windows\SysWow64\audcon.sys
2011-08-12 13:35 . 2011-08-12 13:35 -------- d-----w- c:\programdata\Syncrosoft
2011-08-12 13:35 . 2009-09-17 07:20 1695232 ----a-w- c:\windows\system32\synsoacc.dll
2011-08-12 13:35 . 2007-10-24 00:47 29432 ----a-w- c:\windows\system32\drivers\synUSB64.sys
2011-08-12 13:35 . 2009-05-19 06:21 86016 ----a-w- c:\windows\SysWow64\SYNSOPOS.exe
2011-08-12 13:35 . 2006-01-29 01:48 401462 ----a-w- c:\windows\SysWow64\temp.002
2011-08-12 13:35 . 2009-09-17 07:20 1261568 ----a-w- c:\windows\SysWow64\SYNSOACC.dll
2011-08-12 13:35 . 2006-01-29 01:48 147456 ----a-w- c:\windows\SysWow64\SynsoLChk.dll
2011-08-12 13:34 . 2006-09-20 05:13 163840 ----a-w- c:\windows\SysWow64\ArtFfct.dll
2011-08-12 13:34 . 2011-08-12 13:34 -------- d-----w- c:\programdata\Arturia
2011-08-12 13:34 . 2011-08-12 13:34 -------- d-----w- c:\program files (x86)\Arturia
2011-08-12 13:21 . 2011-08-12 13:21 -------- d-----w- c:\windows\Sun
2011-08-12 12:21 . 2011-08-12 12:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe Systems Shared
2011-08-12 11:15 . 2011-07-21 12:36 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-12 11:15 . 2011-07-21 12:36 601424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{583709C9-2877-4304-B2A0-E8E456A41DCE}\gapaengine.dll
2011-08-12 11:15 . 2011-07-12 11:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB22CCDD-2F44-496A-8F96-5CF3BDB938AE}\mpengine.dll
2011-08-11 12:05 . 2011-08-11 12:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-08-10 01:08 . 2011-08-10 01:08 -------- d-----w- c:\program files (x86)\VstPlugins
2011-08-10 01:08 . 2011-08-10 01:08 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2011-08-10 01:08 . 2011-08-10 01:08 -------- d-----w- c:\program files (x86)\GForce
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-08 07:00 . 2011-08-08 07:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-08 07:00 . 2011-08-08 07:00 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-04 09:36 . 2009-12-26 23:43 685944 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2011-08-04 09:36 . 2011-08-04 09:36 -------- d-----w- c:\program files (x86)\Illustrate
2011-08-04 09:33 . 2011-08-04 09:33 -------- d-----w- c:\programdata\SlySoft
2011-08-04 09:31 . 2011-08-04 22:15 -------- d-----w- c:\program files (x86)\SlySoft
2011-08-04 09:18 . 2011-08-04 09:18 -------- d-----w- c:\program files (x86)\Pegasys Inc
2011-08-04 07:23 . 2011-08-04 07:23 -------- d-----w- c:\program files (x86)\Qualcomm
2011-08-04 07:23 . 2005-11-14 05:17 317952 ----a-w- c:\windows\SysWow64\Roboex32.dll
2011-08-04 07:23 . 2005-11-14 04:49 1712128 ----a-w- c:\windows\SysWow64\gdiplus.dll
2011-08-04 07:23 . 2005-11-14 05:17 48640 ----a-w- c:\windows\SysWow64\INETWH32.DLL
2011-08-02 03:33 . 2011-08-02 03:33 -------- d-----w- c:\program files (x86)\Notepad++
2011-08-02 00:45 . 2011-08-02 00:45 -------- d-----w- c:\program files (x86)\Suite Spot Studios
2011-07-28 13:16 . 2011-08-12 13:35 -------- d-----w- C:\VSTPlugins
2011-07-28 13:16 . 2011-07-28 13:16 -------- d-----w- c:\program files (x86)\Cakewalk
2011-07-28 01:57 . 2011-07-28 01:57 -------- d-----w- c:\program files\GForce
2011-07-27 07:29 . 2011-07-27 07:29 -------- d-----w- c:\windows\system32\appmgmt
2011-07-26 23:29 . 2010-04-09 08:30 627744 ----a-r- c:\windows\system32\drivers\rtl8192cu.sys
2011-07-26 23:29 . 2010-04-01 02:37 614400 ------r- c:\windows\system32\Rtlihvs.dll
2011-07-26 23:29 . 2010-04-01 02:37 380928 ------r- c:\windows\system32\RtlUI2.exe
2011-07-26 23:29 . 2010-04-01 02:37 188416 ------r- c:\windows\system32\RTLExtUI.dll
2011-07-26 23:29 . 2009-02-04 16:49 451072 ----a-w- c:\windows\SysWow64\ISSRemoveSP.exe
2011-07-26 03:22 . 2011-07-28 14:09 -------- d-----w- c:\program files\Cakewalk
2011-07-26 03:22 . 2011-07-28 14:09 -------- d-----w- C:\Cakewalk Projects
2011-07-24 03:44 . 2011-07-24 03:44 -------- d-----w- c:\windows\system32\SPReview
2011-07-24 03:43 . 2011-07-24 03:43 -------- d-----w- c:\windows\system32\EventProviders
2011-07-24 03:25 . 2011-07-24 03:25 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-24 01:05 . 2011-07-24 01:05 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B4.TMP
2011-07-24 01:03 . 2011-07-24 01:14 -------- d-----w- c:\programdata\WinZip
2011-07-23 17:08 . 2011-07-23 17:08 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-23 02:56 . 2011-07-23 02:56 -------- d-----w- c:\programdata\KingsIsle Entertainment
2011-07-23 02:51 . 2011-07-27 07:28 -------- d-----r- c:\program files (x86)\Skype
2011-07-23 02:51 . 2011-07-23 02:51 -------- d-----w- c:\programdata\Skype
2011-07-22 17:49 . 2011-07-12 11:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-22 11:01 . 2010-11-20 13:27 605696 ----a-w- c:\windows\system32\wmpeffects.dll
2011-07-22 11:00 . 2010-11-20 13:27 24064 ----a-w- c:\windows\system32\sisbkup.dll
2011-07-22 10:59 . 2010-11-20 13:27 13824 ----a-w- c:\windows\system32\wshirda.dll
2011-07-22 10:57 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-22 07:19 . 2011-07-22 07:19 163644 ----a-w- c:\windows\SysWow64\drivers\SECDRV.SYS
2011-07-22 07:10 . 2011-08-04 07:23 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-07-22 07:10 . 2011-07-22 07:10 -------- d-----w- c:\program files (x86)\The Creative Assembly
2011-07-22 07:10 . 2011-07-22 07:10 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-07-22 04:31 . 2011-07-22 04:31 -------- d-----w- c:\programdata\LightScribe
2011-07-22 04:29 . 2011-07-22 04:29 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-07-22 04:15 . 2011-07-22 04:17 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-07-22 04:15 . 2011-07-22 04:15 -------- d-----w- c:\programdata\Nero
2011-07-22 04:15 . 2011-07-22 04:15 -------- d-----w- c:\program files (x86)\Nero
2011-07-22 03:16 . 2011-07-22 03:16 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-22 03:16 . 2011-07-22 03:16 -------- d-----w- c:\windows\system32\Wat
2011-07-22 02:36 . 2011-07-22 02:36 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2011-07-22 02:18 . 2011-07-22 02:18 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-22 02:18 . 2011-07-22 02:18 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-07-21 23:32 . 2011-07-28 07:03 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-07-21 23:32 . 2011-07-28 07:03 -------- d-----w- c:\program files (x86)\Steam
2011-07-21 23:30 . 2007-04-04 08:55 403304 ----a-w- c:\windows\system32\xactengine2_7.dll
2011-07-21 21:57 . 2011-07-21 04:24 -------- d-----w- c:\windows\Panther
2011-07-21 21:45 . 2011-07-21 21:45 -------- d-----w- C:\Windows.old
2011-07-21 17:56 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
2011-07-21 17:56 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-07-21 17:55 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-07-21 17:55 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-07-21 17:55 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2011-07-21 17:55 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2011-07-21 17:55 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-07-21 17:55 . 2010-12-23 10:42 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-07-21 17:55 . 2010-12-23 10:42 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-07-21 17:55 . 2010-12-23 10:36 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-07-21 17:55 . 2010-12-23 05:54 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-07-21 17:55 . 2010-12-23 05:54 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-07-21 17:54 . 2010-12-23 05:54 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2011-07-21 17:54 . 2010-12-23 05:50 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-07-21 17:52 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-21 17:52 . 2010-11-20 13:33 288640 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-07-21 17:50 . 2011-04-29 05:55 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 17:50 . 2011-04-29 04:57 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-07-21 17:49 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-21 17:49 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-21 17:49 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-07-21 17:49 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-07-21 17:47 . 2011-04-29 05:55 244736 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-21 17:47 . 2011-04-29 04:57 189952 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2011-07-21 17:43 . 2011-02-18 10:56 613376 ----a-w- c:\windows\system32\vbscript.dll
2011-07-21 17:43 . 2011-02-18 05:43 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-07-21 17:42 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-07-21 17:42 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-07-21 17:41 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-21 17:41 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-07-21 17:41 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-07-21 17:41 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-07-21 17:40 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-07-21 17:40 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-07-21 17:40 . 2010-09-30 10:41 100864 ----a-w- c:\windows\system32\fontsub.dll
2011-07-21 17:40 . 2010-09-30 06:47 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2011-07-21 17:40 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-07-21 17:40 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-24 03:51 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-24 03:51 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-16 04:26 . 2011-08-11 03:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-12 01:34 . 2011-07-12 01:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 01:34 . 2011-07-12 01:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 01:34 . 2011-07-12 01:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 01:34 . 2011-07-12 01:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 01:20 . 2011-07-12 01:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 01:20 . 2011-07-12 01:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 01:20 . 2011-07-12 01:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 01:20 . 2011-07-12 01:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-05 08:37 . 2011-07-05 08:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 08:37 . 2011-07-05 08:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-18_14.08.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-21 06:31 . 2011-08-18 21:00 32600 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-18 21:00 36610 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-21 06:32 . 2011-08-18 20:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 06:32 . 2011-08-18 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 06:32 . 2011-08-18 14:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-21 06:32 . 2011-08-18 20:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-07-21 06:32 . 2011-08-18 20:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-21 06:32 . 2011-08-18 14:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-07-21 06:32 . 2011-08-18 13:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-21 06:32 . 2011-08-18 20:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-21 06:32 . 2011-08-18 13:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 06:32 . 2011-08-18 20:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-07-21 04:32 . 2011-08-18 21:00 9186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2815916078-2259092287-661349574-1000_UserData.bin
+ 2011-08-18 20:57 . 2011-08-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-18 14:08 . 2011-08-18 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-08-18 14:08 . 2011-08-18 14:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-18 20:57 . 2011-08-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-08-18 14:07 476732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-08-18 20:56 476732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-07-23 06:42 . 2011-08-18 20:56 1429460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2815916078-2259092287-661349574-1000-12288.dat
- 2011-07-23 06:42 . 2011-08-18 14:07 1429460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2815916078-2259092287-661349574-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\Adam Casey\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-12-06 2387968]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-09-20 2177984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-11 1523360]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FP10 Control Panel.lnk - c:\program files\PreSonus\1394AudioDriver_FirePod\FirePod.exe [2011-7-21 1133952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files (x86)\Qualcomm\Eudora\EuShlExt.dll" [2005-11-14 86016]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192cu.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 SynUSB64;SynUSB64;c:\windows\system32\DRIVERS\SynUSB64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-12-06 13:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 211.31.138.11 211.29.132.12
FF - ProfilePath - c:\users\Adam Casey\AppData\Roaming\Mozilla\Firefox\Profiles\u88r5vt9.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
.
**************************************************************************
.
Completion time: 2011-08-19 07:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 21:06
ComboFix2.txt 2011-08-18 14:18
.
Pre-Run: 34,543,427,584 bytes free
Post-Run: 34,467,356,672 bytes free
.
- - End Of File - - 4A1FD70702CC81A725F799E5FD0C07EA
Upload was successful