Code:
ComboFix 11-05-07.02 - Enforcer46 05/08/2011 13:00:53.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2592 [GMT -7:00]
Running from: d:\chrome downloads\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
FW: Sunbelt VIPRE *Disabled* {86665057-352D-7810-313F-4F92DEFBC8FA}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Enforcer46\AppData\Roaming\data.dat
D:\install.exe
d:\steam\Steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))))))))))))))))))))))))))
.
.
2011-05-08 19:55 . 2011-05-08 19:59 -------- d-----w- C:\32788R22FWJFW
2011-05-08 16:49 . 2011-05-08 16:49 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-05-08 16:30 . 2011-05-08 16:30 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-05-08 16:30 . 2011-05-08 17:21 -------- d-----w- c:\program files (x86)\Real
2011-05-08 16:18 . 2011-05-08 16:18 -------- d-----w- C:\Hotspot Shield
2011-05-08 10:40 . 2011-05-08 10:40 -------- d-----w- c:\windows\SysWow64\Wat
2011-05-08 10:40 . 2011-05-08 10:40 -------- d-----w- c:\windows\system32\Wat
2011-05-08 10:16 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
2011-05-08 10:16 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2011-05-08 10:07 . 2009-11-25 19:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-08 10:07 . 2009-11-25 19:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-08 10:07 . 2009-11-25 19:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-08 10:07 . 2009-11-25 19:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-08 10:07 . 2009-11-25 19:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-08 10:07 . 2009-11-25 19:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-08 10:07 . 2009-11-25 19:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-08 10:07 . 2009-11-25 19:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-08 10:07 . 2009-11-25 19:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-08 10:07 . 2009-11-25 19:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-08 10:06 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-05-08 03:35 . 2011-05-08 03:35 -------- d-----w- c:\program files (x86)\Gyazo
2011-05-08 02:30 . 2011-05-08 02:30 -------- d-----w- c:\program files\Ventrilo
2011-05-08 02:29 . 2011-05-08 02:29 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-05-08 00:14 . 2011-05-08 00:14 -------- d-----w- c:\programdata\Sunbelt
2011-05-08 00:12 . 2010-07-27 11:48 60504 ----a-w- c:\windows\system32\drivers\sbhips.sys
2011-05-08 00:12 . 2010-07-27 11:48 94296 ----a-w- c:\windows\system32\drivers\sbtis.sys
2011-05-08 00:11 . 2010-07-27 11:48 253528 ----a-w- c:\windows\system32\drivers\SbFw.sys
2011-05-08 00:11 . 2010-04-16 01:35 84056 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2011-05-08 00:11 . 2010-08-20 16:18 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-05-08 00:11 . 2010-03-22 19:11 49752 ----a-w- c:\windows\system32\drivers\sbredrv.sys
2011-05-08 00:11 . 2011-05-08 00:11 -------- d-----w- c:\program files (x86)\Sunbelt Software
2011-05-08 00:10 . 2011-05-08 00:10 -------- d-----w- c:\program files (x86)\Webteh
2011-05-07 20:58 . 2011-05-07 20:58 -------- d-----w- c:\programdata\Yahoo! Companion
2011-05-07 20:58 . 2011-05-07 20:58 -------- d-----w- c:\programdata\Yahoo!
2011-05-07 20:57 . 2011-05-07 20:58 -------- d-----w- c:\program files (x86)\Yahoo!
2011-05-07 18:30 . 2011-05-08 19:48 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-07 17:47 . 2011-05-08 19:48 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-07 17:47 . 2011-05-08 19:46 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-05-07 17:47 . 2011-05-07 18:36 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-05-07 17:47 . 2011-05-07 17:47 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2011-05-07 10:12 . 2010-10-27 05:06 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-07 10:12 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-05-07 10:12 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2011-05-07 10:12 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2011-05-07 10:12 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
2011-05-07 10:12 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll
2011-05-07 10:10 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-05-07 10:09 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-05-07 10:04 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-07 10:04 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2011-05-07 06:10 . 2011-05-07 06:10 -------- d-----w- c:\program files (x86)\Elaborate Bytes
2011-05-07 01:23 . 2011-05-07 01:23 -------- d-----w- c:\program files (x86)\TeamViewer
2011-05-07 00:47 . 2011-05-07 04:14 -------- d-----w- c:\program files (x86)\Common Files\Steam
2011-05-07 00:25 . 2011-05-07 00:25 -------- d-----w- C:\totalcmd
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\UC.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\RAR.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\LHA.PIF
2011-05-07 00:25 . 2010-12-17 14:56 545 ----a-w- c:\windows\ARJ.PIF
2011-05-07 00:11 . 2011-05-07 00:11 -------- d-----w- c:\program files (x86)\Conduit
2011-05-07 00:10 . 2011-05-07 00:10 -------- d-----w- C:\extensions
2011-05-07 00:10 . 2011-05-07 00:10 -------- d-----w- c:\program files (x86)\uTorrent
2011-05-06 23:56 . 2011-05-07 15:14 -------- d-----w- c:\users\UpdatusUser
2011-05-06 23:56 . 2011-05-06 23:57 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-05-06 23:56 . 2011-05-08 20:10 -------- d-----w- c:\programdata\NVIDIA
2011-05-06 23:55 . 2011-05-06 23:55 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-05-06 23:53 . 2011-05-06 23:58 -------- d-----w- c:\program files\NVIDIA Corporation
2011-05-06 23:52 . 2011-05-06 23:52 -------- d-----w- C:\NVIDIA
2011-05-06 22:57 . 2007-09-27 20:47 56320 ----a-w- c:\windows\SysWow64\SFFXComm.dll
2011-05-06 22:57 . 2011-05-06 22:57 -------- d-----w- c:\programdata\SonicFocus
2011-05-06 22:57 . 2011-05-06 22:57 -------- d-----w- c:\program files (x86)\Analog Devices
2011-05-06 22:23 . 2011-05-06 21:31 -------- d-----w- c:\windows\Panther
2011-05-06 22:22 . 2011-05-06 22:22 419840 ----a-w- c:\windows\system32\wrap_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 133632 ----a-w- c:\windows\system32\OpenAL32.dll
2011-05-06 22:22 . 2011-05-06 22:22 -------- d-----w- c:\program files (x86)\Creative
2011-05-06 22:22 . 2011-05-06 22:22 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-05-06 22:22 . 2008-09-17 22:11 1828352 ------w- c:\windows\system32\adi_oal.dll
2011-05-06 22:22 . 2008-09-17 22:07 1503232 ------w- c:\windows\SysWow64\adi_oal.dll
2011-05-06 22:22 . 2011-05-06 22:22 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-05-06 22:21 . 2011-05-06 23:58 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2011-05-06 22:07 . 2011-05-06 22:07 -------- d-----w- c:\program files\7-Zip
2011-05-06 22:06 . 2011-05-08 17:21 -------- d-sh--w- c:\windows\Installer
2011-05-06 21:57 . 2011-05-06 21:59 -------- d-----w- c:\programdata\Xfire
2011-05-06 21:57 . 2011-05-06 21:57 -------- d-----w- c:\program files (x86)\Xfire
2011-05-06 21:51 . 2011-04-18 16:15 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EF55E9E-14F6-4D32-AACD-08606D965BF6}\mpengine.dll
2011-05-06 21:51 . 2011-02-03 01:11 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-06 21:40 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2011-05-06 21:40 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2011-05-06 21:40 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2011-05-06 21:40 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2011-05-06 21:39 . 2011-05-06 21:39 -------- d-----w- c:\windows\SysWow64\Macromed
2011-05-06 21:33 . 2011-05-07 00:47 -------- d-----w- c:\users\Enforcer46
2011-05-06 21:30 . 2011-05-06 21:30 -------- d-----w- C:\Recovery
2011-04-17 19:57 . 2011-04-17 19:57 41872 ----a-w- c:\windows\SysWow64\xfcodec.dll
2011-04-17 19:57 . 2011-04-17 19:57 27536 ----a-w- c:\windows\system32\xfcodec64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 22:20 . 2009-06-06 00:42 56320 ----a-w- c:\windows\system32\AEADIAPR.dll
2011-04-08 06:19 . 2011-04-08 06:19 61032 ----a-w- c:\windows\system32\nvshext.dll
2011-04-08 06:19 . 2011-04-08 06:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll
2011-04-08 06:19 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-08 06:19 . 2011-04-08 06:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-08 06:19 . 2011-04-08 06:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-04-08 06:19 . 2011-04-08 06:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-08 06:18 . 2011-04-08 06:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll
2011-04-08 05:14 . 2009-07-13 21:59 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-03-07 02:08 . 2011-03-07 02:08 93552 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2011-03-07 00:52 . 2011-03-07 00:52 134512 ----a-w- c:\windows\SysWow64\ElbyVCD.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-05-07 399736]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-10-25 1302528]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
.
c:\users\Enforcer46\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files (x86)\Xfire\Xfire.exe [2011-4-17 3510160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
R2 SBAMSvc;VIPRE Antivirus Premium;c:\program files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-08-20 2763080]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-03-22 49752]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-08-20 181584]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-08 378472]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001Core.job
- c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2211465620-2245048784-1094711837-1001UA.job
- c:\users\Enforcer46\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-06 21:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Steam - d:\steam\Steam.exe
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-Steam App 56400 - d:\steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2211465620-2245048784-1094711837-1001\Software\SecuROM\License information*]
"datasecu"=hex:d2,1b,7b,c7,30,f9,7f,4d,6e,be,8c,03,a1,da,5f,99,a9,08,a8,46,85,
35,63,2c,ac,50,83,76,5c,02,b9,d0,65,6e,09,5e,ef,6a,6e,fb,47,22,82,29,b6,9a,\
"rkeysecu"=hex:3f,50,74,30,f7,61,d3,9c,51,b2,02,e7,2a,3b,6b,e0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10p.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\totalcmd\TOTALCMD.EXE
.
**************************************************************************
.
Completion time: 2011-05-08 13:13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-08 20:13
.
Pre-Run: 9,842,225,152 bytes free
Post-Run: 9,921,277,952 bytes free
.
- - End Of File - - 26B39A63261C36CE2CDE992E577C7268