-
Combo Fix log
ComboFix 12-06-26.02 - Shelby 06/26/2012 13:21:52.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4056.2938 [GMT -4:00]
Running from: c:\users\Shelby\Downloads\ComboFix.exe
Command switches used :: c:\users\Shelby\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6"
"c:\windows.old\Documents and Settings\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Documents and Settings\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6"
"c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm"
"c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
C:\TDSSKiller_Quarantine
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0000.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0000.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0001.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\mbr0000\tsk0001.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\object.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0000.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0001.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0002.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0002.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0003.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0003.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0004.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0004.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0005.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0005.ini
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0006.dta
c:\tdsskiller_quarantine\21.06.2012_15.44.02\mbr0000\tdlfs0000\tsk0006.ini
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric3.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric4.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric5.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric6.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric7.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric8.zip
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\AppData\Local\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\ec625cb-7627966d
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\57a3fb8e-3775af0e
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-22fff9be
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\53784821-4355561b
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\e5a51ab-236f96ea
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\3eb5fd45-6b8d64b6
c:\windows.old\Users\Shelby\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\64a5ca89-58885d98
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\13NEMFE3\daclips-300x250-default[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Content.IE5\1P238XEW\xitnf0qeioodcbb478d6[1].htm
c:\windows.old\Users\Shelby\Local Settings\Temporary Internet Files\Low\Content.IE5\JQABFQSB\daclips-300x250-default[1].htm
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 17:35 . 2012-06-26 17:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 12:36 . 2012-06-26 12:37 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-22 19:29 . 2012-06-22 19:29 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 15:16 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:16 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:16 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:16 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:16 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:16 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:16 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:15 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:15 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 22:18 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2012-06-19 22:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-19 22:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-19 22:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-19 22:18 . 2012-05-15 01:32 3144192 ----a-w- c:\windows\system32\win32k.sys
2012-06-19 22:16 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 22:16 . 2012-04-07 12:18 3213824 ----a-w- c:\windows\system32\msi.dll
2012-06-19 22:16 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-19 22:14 . 2012-04-24 05:59 1460224 ----a-w- c:\windows\system32\crypt32.dll
2012-06-19 22:14 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-19 22:14 . 2012-04-24 05:59 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 05:59 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-19 22:14 . 2012-04-24 04:47 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-19 22:14 . 2012-04-24 04:47 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-13 21:09 . 2012-06-21 18:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-13 19:30 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 19:29 . 2012-05-04 10:08 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 19:29 . 2012-05-04 10:08 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-11 19:29 . 2011-03-25 03:22 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-06-11 19:29 . 2011-03-25 03:23 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-06-11 19:29 . 2011-03-25 03:23 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-06-11 19:29 . 2011-03-25 03:23 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-06-11 19:29 . 2011-03-25 03:22 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-06-11 19:29 . 2011-03-25 03:22 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-06-11 19:29 . 2011-03-25 03:22 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2012-06-11 19:25 . 2011-03-11 06:23 1657216 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-06-11 19:25 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2012-06-11 19:25 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2012-06-11 19:25 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2012-06-11 19:25 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2012-06-11 19:25 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2012-06-11 19:25 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2012-06-11 19:25 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2012-06-11 19:25 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2012-06-11 19:25 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-11 18:55 . 2012-06-11 18:55 -------- d-----w- c:\windows\system32\Wat
2012-06-10 20:36 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-06-10 20:36 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-06-10 20:12 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2012-06-10 20:12 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2012-06-10 19:52 . 2009-11-25 16:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-06-10 19:52 . 2009-11-25 16:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-06-10 19:52 . 2009-11-25 16:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-06-10 19:52 . 2009-11-25 16:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-06-10 19:52 . 2009-11-25 16:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-06-10 19:52 . 2009-11-25 16:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-06-10 19:36 . 2012-06-10 19:36 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-10 19:27 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-10 19:27 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-10 19:27 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-10 19:27 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-10 19:27 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-10 19:27 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-10 18:55 . 2012-06-19 21:47 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-06-10 18:55 . 2012-06-11 19:12 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-10 18:55 . 2012-06-10 18:55 -------- d-----w- c:\windows\PCHEALTH
2012-06-10 18:51 . 2012-06-20 00:07 -------- d-----w- c:\programdata\Microsoft Help
2012-06-10 17:48 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-10 17:46 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-06-10 17:46 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-06-10 17:46 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-10 17:46 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-10 17:46 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-06-10 17:46 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-06-10 17:46 . 2010-06-29 05:35 4582912 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:39 2085376 ----a-w- c:\windows\system32\ole32.dll
2012-06-10 17:46 . 2010-06-29 04:57 4247040 ----a-w- c:\program files (x86)\Windows NT\Accessories\wordpad.exe
2012-06-10 17:46 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\SysWow64\ole32.dll
2012-06-10 17:46 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2012-06-10 17:44 . 2010-01-19 09:05 422912 ----a-w- c:\windows\system32\secproc_isv.dll
2012-06-10 17:43 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-10 17:42 . 2010-06-19 06:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2012-06-10 17:41 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-06-10 17:40 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2012-06-10 17:40 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-10 17:40 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-06-10 17:40 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-06-10 17:40 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-06-10 17:40 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-06-10 17:40 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-06-10 17:40 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-06-10 17:40 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
2012-06-10 17:40 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-06-10 17:40 . 2011-08-17 04:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-06-10 17:38 . 2011-07-16 05:04 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-06-10 17:37 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-06-10 17:37 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-06-10 17:37 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-06-10 17:37 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-06-10 17:37 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-06-10 17:37 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-06-10 17:25 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-06-10 17:25 . 2011-05-03 04:50 740864 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-06-10 17:25 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-06-10 17:25 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-06-10 17:25 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2012-06-10 17:25 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-06-10 17:25 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-10 17:25 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-10 17:25 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-10 17:25 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-10 17:25 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-10 17:24 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-10 17:24 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-06-10 17:24 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-21_20.37.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-26 11:34 33178 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-10 06:46 . 2012-06-26 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-10 06:46 . 2012-06-21 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-10 06:46 . 2012-06-21 20:36 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-10 06:46 . 2012-06-26 17:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-26 17:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-21 20:36 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-06-26 17:45 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-10 00:11 . 2012-06-26 11:34 8566 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-272985379-3414866733-3463117093-1001_UserData.bin
+ 2012-06-26 17:37 . 2012-06-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 20:36 . 2012-06-21 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-21 20:36 . 2012-06-21 20:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 17:37 . 2012-06-26 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-10 03:15 . 2012-06-26 18:56 221782 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-06-26 17:36 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-21 20:35 275584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-26 12:37 . 2005-10-20 16:02 163328 c:\windows\ERDNT\6-26-2012\ERDNT.EXE
- 2009-07-14 04:45 . 2012-06-21 19:31 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-26 11:34 3802445 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-11 23:29 . 2012-06-26 17:36 8058312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-272985379-3414866733-3463117093-1001-8192.dat
- 2009-07-14 02:34 . 2012-06-21 20:01 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-06-26 17:51 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
c:\users\Shelby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 257224]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-10 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-10 02:33]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}"=hex:51,66,7a,6c,4c,1d,38,12,26,bd,a8,
0a,e6,f4,22,0e,f1,4c,12,2a,bb,94,a4,70
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,38,12,ce,d6,a1,
79,73,3c,17,0b,c9,9b,20,49,f5,42,16,25
"{B164E929-A1B6-4A06-B104-2CD0E90A88FF}"=hex:51,66,7a,6c,4c,1d,38,12,47,ea,77,
b5,84,ef,68,0f,ce,12,6f,90,ec,54,cc,eb
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:35,db,6f,37,cf,4f,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2012-06-26 15:12:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 19:12
ComboFix2.txt 2012-06-21 20:51
.
Pre-Run: 148,971,827,200 bytes free
Post-Run: 148,771,131,392 bytes free
.
- - End Of File - - C7A0F39C16B08FE9A2102A0EF9FC8145
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
