When Combofix started it stated there was a newer version out i downloaded it.
ComboFix 11-05-18.04 - Moshe 05/19/2011 18:49:42.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2402 [GMT -7:00]
Running from: c:\users\Moshe\Desktop\cfsky.exe
Command switches used :: c:\users\Moshe\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Moshe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winlogin.exe"
"c:\windows\SysWow64\slwc.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Object
c:\program files (x86)\Object\cartoonly\build.sh
c:\program files (x86)\Object\cartoonly\chrome.manifest
c:\program files (x86)\Object\cartoonly\config_build.sh
c:\program files (x86)\Object\cartoonly\content\._sudoku.js
c:\program files (x86)\Object\cartoonly\content\.DS_Store
c:\program files (x86)\Object\cartoonly\content\firefoxOverlay.xul
c:\program files (x86)\Object\cartoonly\content\installid.js
c:\program files (x86)\Object\cartoonly\content\overlay.js
c:\program files (x86)\Object\cartoonly\content\sudoku.js
c:\program files (x86)\Object\cartoonly\defaults\.DS_Store
c:\program files (x86)\Object\cartoonly\defaults\preferences\.DS_Store
c:\program files (x86)\Object\cartoonly\defaults\preferences\sudoku.js
c:\program files (x86)\Object\cartoonly\files
c:\program files (x86)\Object\cartoonly\install.rdf
c:\program files (x86)\Object\cartoonly\locale\.DS_Store
c:\program files (x86)\Object\cartoonly\locale\en-US\.DS_Store
c:\program files (x86)\Object\cartoonly\locale\en-US\sudoku.dtd
c:\program files (x86)\Object\cartoonly\locale\en-US\sudoku.properties
c:\program files (x86)\Object\cartoonly\readme.txt
c:\program files (x86)\Object\cartoonly\skin\overlay.css
c:\program files (x86)\Object\cartoonly_uninstall.exe
c:\program files (x86)\Object\config.ini
c:\program files\Babylon
c:\windows\SysWow64\slwc.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-20 to 2011-05-20 )))))))))))))))))))))))))))))))
.
.
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\GAmes\AppData\Local\temp
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 01:55 . 2011-05-20 01:55 -------- d-----w- c:\users\AppData\AppData\Local\temp
2011-05-19 03:18 . 2011-05-19 03:24 -------- d-----w- c:\users\Moshe\.ranktracker
2011-05-19 03:17 . 2011-05-19 03:18 -------- d-----w- c:\program files (x86)\SEO PowerSuite
2011-05-17 10:48 . 2011-05-17 10:48 -------- d-----w- c:\program files (x86)\Avira
2011-05-17 10:48 . 2011-04-02 00:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-05-17 10:48 . 2011-04-02 00:07 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-17 10:35 . 2011-05-17 10:35 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-05-16 00:24 . 2011-03-21 13:57 173056 ----a-w- c:\windows\system32\xvid.ax
2011-05-16 00:24 . 2011-03-19 15:06 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-16 00:24 . 2011-03-19 15:05 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\programdata\QuestScan
2011-05-16 00:23 . 2011-05-16 00:23 -------- d-----w- c:\program files (x86)\QuestScan
2011-05-15 09:55 . 2011-05-15 09:56 -------- d-----w- c:\users\Moshe\AppData\Local\Nero
2011-05-13 21:02 . 2011-05-13 21:02 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2011-05-13 11:31 . 2011-05-13 11:34 -------- d-----w- c:\users\Moshe\AppData\Roaming\TrueCrypt
2011-05-13 11:31 . 2011-05-13 11:31 230352 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-05-13 11:30 . 2011-05-13 11:31 -------- d-----w- c:\program files\TrueCrypt
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\Yzshadow
2011-05-13 03:27 . 2011-05-13 03:41 -------- d-----w- c:\program files (x86)\RocketDock
2011-05-12 22:33 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup
2011-05-12 22:33 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup
2011-05-12 22:33 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\SysWow64\themeui.dll.backup
2011-05-12 22:33 . 2009-07-14 01:11 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll.backup
2011-05-12 22:33 . 2006-12-04 00:15 111104 ----a-w- c:\windows\SysWow64\Uharc.exe
2011-05-12 22:33 . 2006-12-04 00:14 8636 ----a-w- c:\windows\SysWow64\modifype.exe
2011-05-06 00:44 . 2011-05-06 05:10 -------- dc----w- c:\users\Moshe\AppData\Local\MigWiz
2011-05-04 09:54 . 2011-05-05 01:03 -------- d-----w- c:\users\Moshe\AppData\Roaming\PCF-VLC
2011-05-04 09:48 . 2011-05-04 09:48 -------- d-----w- c:\program files (x86)\GetMiro Toolbar
2011-05-04 09:47 . 2011-05-04 09:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\Participatory Culture Foundation
2011-05-04 09:46 . 2011-05-04 09:46 -------- d-----w- c:\program files (x86)\Participatory Culture Foundation
2011-05-03 10:22 . 2011-05-03 10:22 53248 ----a-r- c:\users\Moshe\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-05-03 10:22 . 2011-05-03 10:22 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-05-03 10:22 . 2011-05-03 10:22 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-05-03 10:19 . 2009-11-11 22:17 729600 ----a-w- c:\windows\system32\cohelper.dll
2011-05-03 10:19 . 2009-11-11 16:22 9548 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\AMD APP
2011-05-03 08:30 . 2011-05-03 08:30 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-27 23:44 . 2011-04-27 23:44 -------- d-----w- c:\users\Moshe\AppData\Roaming\.servetome-fontconfig
2011-04-27 23:43 . 2011-05-03 09:11 -------- d-----w- c:\program files (x86)\ServeToMe
2011-04-24 05:50 . 2011-05-03 09:11 -------- d-----w- c:\programdata\Media Get LLC
2011-04-24 05:36 . 2011-04-24 05:50 -------- d-----w- c:\users\Moshe\AppData\Local\MediaGet2
2011-04-23 01:47 . 2011-04-23 01:47 -------- d-----w- c:\users\Moshe\AppData\Roaming\.minecraft
2011-04-22 06:32 . 2011-05-13 16:23 -------- d-----w- c:\users\Moshe\AppData\Roaming\Dropbox
2011-04-22 03:39 . 2011-05-03 08:57 -------- d-----w- c:\program files\iPod
2011-04-22 03:39 . 2011-05-03 09:11 -------- d-----w- c:\program files\iTunes
2011-04-22 03:37 . 2011-05-03 09:11 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-12 22:33 . 2009-07-13 23:54 2851328 ----a-w- c:\windows\system32\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2011-05-12 22:33 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-12 22:33 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2011-05-12 22:33 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2011-04-11 09:58 . 2009-08-18 20:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-04-11 09:58 . 2009-08-18 19:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-11 09:19 . 2011-04-11 09:19 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-04-10 01:55 . 2011-04-10 01:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-10 01:55 . 2011-04-10 01:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-21 13:58 . 2011-01-26 08:14 152064 ----a-w- c:\windows\SysWow64\xvid.ax
2011-03-19 15:06 . 2011-01-26 08:14 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-03-19 15:04 . 2011-01-26 08:14 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-03-16 00:40 . 2011-03-16 00:40 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-16 00:40 . 2011-03-16 00:40 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 13086208 ----a-w- c:\windows\system32\ieframe.dll.stp
2011-03-16 00:40 . 2011-03-16 00:40 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-16 00:40 . 2011-03-16 00:40 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-16 00:40 . 2011-03-16 00:40 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-16 00:40 . 2011-03-16 00:40 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-16 00:40 . 2011-03-16 00:40 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-16 00:40 . 2011-03-16 00:40 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-16 00:40 . 2011-03-16 00:40 448512 ----a-w- c:\windows\system32\html.iec
2011-03-16 00:40 . 2011-03-16 00:40 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-16 00:40 . 2011-03-16 00:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-16 00:40 . 2011-03-16 00:40 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-16 00:40 . 2011-03-16 00:40 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-16 00:40 . 2011-03-16 00:40 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-16 00:40 . 2011-03-16 00:40 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-16 00:40 . 2011-03-16 00:40 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-16 00:40 . 2011-03-16 00:40 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-16 00:40 . 2011-03-16 00:40 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-16 00:40 . 2011-03-16 00:40 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-16 00:40 . 2011-03-16 00:40 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-16 00:40 . 2011-03-16 00:40 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-16 00:40 . 2011-03-16 00:40 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-16 00:39 . 2011-03-16 00:39 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-16 00:39 . 2011-03-16 00:39 662528 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 470016 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-16 00:39 . 2011-03-16 00:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-03-16 00:39 . 2011-03-16 00:39 144384 ----a-w- c:\windows\system32\cdd.dll
2011-03-16 00:39 . 2011-03-16 00:39 1133568 ----a-w- c:\windows\system32\FntCache.dll
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll.stp
2011-03-16 00:39 . 2011-03-16 00:39 1863680 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-03-16 00:39 . 2011-03-16 00:39 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-16 00:39 . 2011-03-16 00:39 4068864 ----a-w- c:\windows\system32\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-03-16 00:39 . 2011-03-16 00:39 283648 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-16 00:39 . 2011-03-16 00:39 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 229888 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2011-03-16 00:39 . 2011-03-16 00:39 206848 ----a-w- c:\windows\system32\mfps.dll
2011-03-16 00:39 . 2011-03-16 00:39 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-03-16 00:39 . 2011-03-16 00:39 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-03-16 00:39 . 2011-03-16 00:39 1495040 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2011-03-16 00:39 . 2011-03-16 00:39 135168 ----a-w- c:\windows\SysWow64\XpsRasterService.dll
2011-03-16 00:39 . 2011-03-16 00:39 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2011-03-16 00:39 . 2011-03-16 00:39 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-18_10.50.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-17 10:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-17 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-17 10:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-19 11:05 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-08 12:00 . 2011-05-18 11:07 98524 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-18 11:07 56170 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-08 11:41 . 2011-05-18 11:07 22786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3266427099-1654195687-2890988620-1001_UserData.bin
+ 2009-11-08 11:36 . 2011-05-18 11:05 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-08 11:36 . 2011-05-18 10:49 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 23:18 . 2011-05-18 11:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-12 23:18 . 2011-05-18 10:49 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-18 11:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-18 10:49 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-18 11:05 . 2011-05-18 11:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-17 22:35 . 2011-05-17 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-18 11:05 . 2011-05-18 11:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-17 22:35 . 2011-05-17 22:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-05-17 22:33 544972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-05-18 11:03 544972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-05-17 12:35 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-05-18 13:08 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-04-30 09:17 . 2011-05-18 11:03 16039034 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3266427099-1654195687-2890988620-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2011-01-27 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCABattery"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2011-01-27 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2009-09-10 269648]
R3 A_USBETHMP;USB PowerPacket Network Adapter;c:\windows\system32\Drivers\usbethmp.sys [x]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\MAGIX\Common\Database\bin\fbserver.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WLRAWMp50x64;WLRAWMp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWMp50x64.sys [x]
R3 WLRAWSp50x64;WLRAWSp50x64 NDIS Protocol Driver;c:\windows\system32\Drivers\WLRAWSp50x64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-12-16 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001Core.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3266427099-1654195687-2890988620-1001UA.job
- c:\users\Moshe\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-23 10:45]
.
2011-05-19 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Moshe.job
- c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe [2010-01-10 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Moshe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-07-01 291872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-12 172032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-11-12 2345848]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Moshe\AppData\Roaming\Mozilla\Firefox\Profiles\bmls2zrs.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-cartoonly - c:\program files (x86)\Object\cartoonly_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3a,8d,38,65,cd,ba,ed,60,49,2a,2c,96,f3,f0,a1,c9,87,5f,a5,06,ac,68,2b,
d4,b5,9a,4c,2d,fc,61,b5,6c,51,6d,e6,fd,c2,51,24,4f,cc,49,1f,7b,68,8a,77,6b,\
"??"=hex:55,49,5f,38,8c,63,1b,2b,7c,7a,62,ef,a5,dd,dd,db
.
[HKEY_USERS\S-1-5-21-3266427099-1654195687-2890988620-1001\Software\SecuROM\License information*]
"datasecu"=hex:df,ae,52,57,96,ce,23,12,b8,68,76,f9,9c,d5,e8,c9,3e,05,45,98,e5,
d2,a0,c4,f2,9c,c0,0d,e2,80,f9,68,4a,24,6e,40,2c,28,aa,cf,cc,b7,ab,03,3a,ca,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-19 18:57:51
ComboFix-quarantined-files.txt 2011-05-20 01:57
ComboFix2.txt 2011-05-18 10:52
.
Pre-Run: 31,399,403,520 bytes free
Post-Run: 31,240,773,632 bytes free
.
- - End Of File - - 546275E6DA74A201B8E7B112E7B0A6F3