ComboFix 11-02-24.01 - Kasey Jernberg 02/24/2011 13:14:00.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2712 [GMT -5:00]
Running from: c:\users\Kasey Jernberg\Desktop\commy.exe
Command switches used :: c:\users\Kasey Jernberg\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_KMService
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.
2011-02-24 18:17 . 2011-02-24 18:17 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-02-24 18:17 . 2011-02-24 18:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-23 18:52 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{330163EC-9A3F-4206-AD54-955AAC6322B5}\mpengine.dll
2011-02-22 17:53 . 2011-02-22 17:53 -------- d-----w- c:\program files (x86)\ESET
2011-02-20 01:59 . 2011-02-20 01:59 -------- d-----w- c:\programdata\Ulead Systems
2011-02-20 01:47 . 2011-02-20 01:47 -------- d-----w- c:\program files\CCleaner
2011-02-19 05:56 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-19 05:56 . 2011-02-19 05:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-02-18 18:16 . 2011-02-18 18:16 -------- d-----w- c:\windows\Sun
2011-02-18 18:06 . 2010-11-30 15:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A507D19-5B10-43E0-9D3C-526C2380D82B}\gapaengine.dll
2011-02-18 04:47 . 2011-02-18 04:47 -------- d-----w- C:\_OTL
2011-02-17 05:23 . 2011-02-17 05:58 -------- d-----w- c:\programdata\PC Tools
2011-02-11 17:34 . 2011-02-24 05:31 -------- d-----w- c:\users\Kasey Jernberg\2010
2011-02-10 08:00 . 2010-12-18 03:35 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-10 08:00 . 2010-12-18 03:15 2381824 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-02-10 08:00 . 2010-12-18 03:39 1502208 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-10 08:00 . 2010-12-18 03:19 1448448 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-02-09 19:46 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-02-09 19:46 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-02-09 19:46 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 19:46 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-09 19:46 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll
2011-02-09 19:46 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-02-09 19:46 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-02-09 19:46 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-02-09 19:46 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 19:46 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-02-09 19:46 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-02-09 19:46 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-02-01 01:46 . 2011-02-17 04:29 -------- d-----w- c:\users\Kasey Jernberg\AppData\Local\ElevatedDiagnostics
2011-01-31 20:18 . 2011-01-31 20:19 -------- d-----w- c:\users\Kasey Jernberg\AppData\Roaming\vlc
2011-01-31 20:17 . 2011-01-31 20:17 -------- d-----w- c:\program files (x86)\VideoLAN
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-01-26 21:00 . 2008-12-31 03:21 -------- d-----w- c:\users\Kasey Jernberg\Alchemist
2011-01-26 19:55 . 2011-01-26 19:55 -------- d-----w- c:\users\Kasey Jernberg\AppData\Roaming\Amazon
2011-01-26 19:55 . 2011-01-26 19:55 -------- d-----w- c:\users\Kasey Jernberg\AppData\Local\Amazon
2011-01-26 14:52 . 2011-01-26 14:52 -------- d-----w- c:\program files (x86)\CourseSmart
2011-01-25 21:06 . 2011-01-25 21:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-01-25 21:06 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-01-25 21:06 . 2011-01-25 21:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-25 21:05 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 10:20 . 2010-09-15 22:28 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-05 17:23 . 2011-01-05 17:23 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-01-05 17:23 . 2011-01-05 17:23 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-12-28 13:20 . 2010-09-30 00:58 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2010-12-28 13:20 . 2010-09-30 00:58 88 --sh--r- c:\programdata\7CF3F01283.sys
2010-12-20 23:08 . 2010-10-20 22:20 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:55 . 2010-11-29 23:56 8192 --sha-w- c:\windows\SysWow64\srvany.exe
.
(((((((((((((((((((((((((((((
SnapShot@2011-02-20_06.11.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 02:37 . 2011-02-24 17:37 51366 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-24 17:37 42862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-31 19:15 . 2011-02-24 17:37 14608 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4046595867-4138423202-167340240-1001_UserData.bin
+ 2010-08-31 19:16 . 2011-02-21 04:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-31 19:16 . 2011-02-20 01:47 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-20 01:47 . 2011-02-21 04:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-20 01:47 . 2011-02-20 01:47 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-21 04:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-20 01:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-23 09:47 . 2010-09-23 09:47 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\reader_sl.exe
+ 2010-09-23 08:03 . 2010-09-23 08:03 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\eula.exe
+ 2010-09-23 07:52 . 2010-09-23 07:52 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrotextextractor.exe
+ 2010-09-22 23:12 . 2010-09-22 23:12 15800 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32Info.exe
+ 2010-10-02 04:29 . 2011-02-20 07:54 3026 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-02-20 06:10 . 2011-02-20 06:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-24 18:18 . 2011-02-24 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-20 06:10 . 2011-02-20 06:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 18:18 . 2011-02-24 18:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2011-02-24 18:18 492464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-20 06:09 492464 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-10 23:17 . 2010-09-10 23:17 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\JP2KLib.dll
+ 2010-09-23 01:41 . 2010-09-23 01:41 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AdobeCollabSync.exe
+ 2010-09-23 09:47 . 2010-09-23 09:47 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.exe
+ 2010-09-22 23:04 . 2010-09-22 23:04 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroPDF.dll
+ 2010-09-23 00:39 . 2010-09-23 00:39 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobroker.exe
+ 2010-09-22 23:50 . 2010-09-22 23:50 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\a3dutility.exe
+ 2010-09-21 15:47 . 2011-02-24 18:18 3106448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4046595867-4138423202-167340240-1001-8192.dat
+ 2010-09-22 23:05 . 2010-09-22 23:05 2405784 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\rt3d.dll
+ 2010-06-19 22:51 . 2010-06-19 22:51 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AGM.dll
+ 2009-07-14 02:34 . 2011-02-23 19:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-02-19 23:56 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-01-31 10:45 . 2011-01-31 10:45 11135488 c:\windows\Installer\cf306.msp
+ 2010-09-23 08:03 . 2010-09-23 08:03 20460984 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-01-05 274608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-01 222720]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1255736]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-11-12 317296]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 23:01]
2011-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-31 23:01]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\commy\CF14636.cfxxe" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-14 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-14 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-14 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
hxxp://bing.com/mStart Page =
hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNAmLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: {F1936004-3D10-42AB-9A40-9414230BED21} - hxxp://97.87.25.163/nwcv3setup.exe
FF - ProfilePath - c:\users\Kasey Jernberg\AppData\Roaming\Mozilla\Firefox\Profiles\rpvmm15g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2011-02-24 13:22:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 18:22
ComboFix2.txt 2011-02-20 06:14
Pre-Run: 248,612,085,760 bytes free
Post-Run: 248,128,126,976 bytes free
- - End Of File - - 16D6F7D3B76A78D3721382F3314F884D