API tools faq
paste
Advertisement
Ressy

zuiichi

Ressy
Feb 10th, 2011
115
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.09 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-09.05 - V 02/10/2011 14:00:50.1.4 - x64
  2. Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8191.6524 [GMT -5:00]
  3. Running from: c:\users\V\Desktop\lolkitties.exe
  4. AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  5. SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
  6. SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  7. SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9.  
  10. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  11. .
  12.  
  13. c:\users\V\AppData\Roaming\Local
  14.  
  15. .
  16. ((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
  17. .
  18.  
  19. 2011-02-10 19:04 . 2011-02-10 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
  20. 2011-02-09 17:34 . 2011-01-13 07:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A54B7CC7-6C2B-4C1A-917F-ACBDAA5E4856}\mpengine.dll
  21. 2011-02-06 00:50 . 2011-02-06 00:50 -------- d-----w- c:\program files (x86)\Taksi
  22. 2011-02-05 23:47 . 2011-02-10 19:06 -------- d-----w- c:\users\V\AppData\Roaming\Dropbox
  23. 2011-02-05 23:45 . 2011-02-05 23:45 -------- d-----w- c:\program files\Taksi
  24. 2011-02-05 23:42 . 2011-02-09 20:58 -------- d-----w- C:\Tmp
  25. 2011-02-05 23:31 . 2011-02-08 17:41 -------- d-----w- c:\users\V\AppData\Roaming\DivX
  26. 2011-02-05 23:31 . 2011-02-05 23:31 -------- d-----w- c:\program files\DivX
  27. 2011-02-05 23:30 . 2011-02-05 23:31 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
  28. 2011-02-05 23:18 . 2011-02-05 23:31 -------- d-----w- c:\program files (x86)\DivX
  29. 2011-02-05 23:15 . 2011-02-05 23:31 -------- d-----w- c:\programdata\DivX
  30. 2011-02-05 02:51 . 2011-02-05 02:51 -------- d-----w- C:\WoWExperiment
  31. 2011-01-25 18:23 . 2011-01-25 18:23 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55A788AA-18A2-44A0-BFCD-4A6F709C9002}\gapaengine.dll
  32. 2011-01-25 18:09 . 2011-01-25 18:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
  33. 2011-01-25 18:09 . 2011-01-25 18:09 -------- d-----w- c:\windows\Temp4D648810-78BF-1CE2-CCC5-ED67D860D83F-Signatures
  34. 2011-01-25 18:08 . 2011-01-25 18:09 -------- d-----w- c:\program files\Microsoft Security Client
  35. 2011-01-25 18:08 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
  36.  
  37. .
  38. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  39. .
  40. 2011-01-13 07:20 . 2009-11-22 19:45 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  41. 2011-01-08 03:27 . 2010-11-17 00:14 12859496 ----a-w- c:\windows\system32\nvd3dumx.dll
  42. 2011-01-08 03:27 . 2010-11-17 00:14 10078312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
  43. 2011-01-08 03:27 . 2010-11-17 00:14 2200680 ----a-w- c:\windows\system32\nvapi64.dll
  44. 2011-01-08 03:27 . 2010-11-17 00:14 1965672 ----a-w- c:\windows\SysWow64\nvapi.dll
  45. 2011-01-08 01:49 . 2011-01-08 01:49 795752 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
  46. 2011-01-08 01:49 . 2011-01-08 01:49 6143080 ----a-w- c:\windows\system32\nvcpl.dll
  47. 2011-01-08 01:49 . 2011-01-08 01:49 3156072 ----a-w- c:\windows\system32\nvsvc64.dll
  48. 2011-01-08 01:48 . 2011-01-08 01:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
  49. 2011-01-08 01:48 . 2011-01-08 01:48 1005160 ----a-w- c:\windows\system32\nvvsvc.exe
  50. 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
  51. 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
  52. .
  53.  
  54. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  55. .
  56. .
  57. *Note* empty entries & legit default entries are not shown
  58. REGEDIT4
  59.  
  60. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  61. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  62. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  63. 2009-12-09 01:19 94208 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  64.  
  65. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  66. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  67. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  68. 2009-12-09 01:19 94208 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  69.  
  70. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  71. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  72. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  73. 2009-12-09 01:19 94208 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  74.  
  75. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  76. "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
  77.  
  78. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  79. "WinampAgent"="d:\winamp\winampa.exe" [2009-07-01 37888]
  80. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
  81. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
  82. "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-01-23 64048]
  83. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  84. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-12-25 421888]
  85. "iTunesHelper"="d:\itunes\iTunesHelper.exe" [2010-12-13 421160]
  86. "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
  87. "DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
  88.  
  89. c:\users\V\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  90. Dropbox.lnk - c:\users\V\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
  91.  
  92. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  93. Taksi.lnk - c:\program files\Taksi\Taksi.exe [2010-7-11 73728]
  94.  
  95. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  96. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  97. "ConsentPromptBehaviorUser"= 3 (0x3)
  98. "EnableLUA"= 0 (0x0)
  99. "EnableUIADesktopToggle"= 0 (0x0)
  100. "PromptOnSecureDesktop"= 0 (0x0)
  101.  
  102. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
  103. @="Service"
  104.  
  105. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  106. @="Service"
  107.  
  108. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  109. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  110. R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
  111. R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
  112. R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
  113. R3 SysInfo;SysInfo;c:\windows\system32\drivers\SysInfo.sys [x]
  114. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
  115. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
  116. S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-10 69152]
  117. S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 28192]
  118. S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-05 834544]
  119. S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
  120. S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-06-30 1352832]
  121. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
  122. S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-01-23 80944]
  123. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
  124. S3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD64.sys [2009-06-25 508672]
  125. S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
  126. S3 nvoclk64;NVIDIA Enthusiasts Platform KDM;c:\windows\system32\DRIVERS\nvoclk64.sys [2009-09-15 42088]
  127.  
  128. .
  129.  
  130. --------- x86-64 -----------
  131.  
  132.  
  133. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  134. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  135. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  136. 2009-12-09 01:19 97792 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
  137.  
  138. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  139. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  140. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  141. 2009-12-09 01:19 97792 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
  142.  
  143. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  144. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  145. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  146. 2009-12-09 01:19 97792 ----a-w- c:\users\V\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
  147.  
  148. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  149. "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 2184520]
  150. "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
  151. "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2009-06-30 291872]
  152. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
  153.  
  154. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  155. "LoadAppInit_DLLs"=0x1
  156. .
  157. ------- Supplementary Scan -------
  158. .
  159. uLocal Page = c:\windows\system32\blank.htm
  160. uStart Page = about:blank
  161. mLocal Page = c:\windows\SysWOW64\blank.htm
  162. uInternet Settings,ProxyOverride = *.local
  163. IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
  164. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
  165. IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
  166. LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
  167. FF - ProfilePath - c:\users\V\AppData\Roaming\Mozilla\Firefox\Profiles\v1foasc7.default\
  168. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  169. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  170. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
  171. FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
  172. FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
  173. FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
  174. FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
  175. FF - Ext: RAMBack: ramback@pavlov.net - %profile%\extensions\ramback@pavlov.net
  176. FF - Ext: Photobucket Uploader em:version=1.3>: pbupload@photobucket.com - %profile%\extensions\pbupload@photobucket.com
  177. FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
  178. FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
  179. FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
  180. .
  181. .
  182. --------------------- LOCKED REGISTRY KEYS ---------------------
  183.  
  184. [HKEY_USERS\S-1-5-21-784655873-2852724448-1511412404-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  185. "??"=hex:d2,81,a9,f8,45,54,5c,81,6f,e3,dc,c4,1a,1a,d7,eb,a5,46,4d,bd,9e,e9,c8,
  186. ad,3b,52,dc,87,6d,80,03,f2,8e,84,95,93,d0,6b,c1,89,8a,b4,92,ae,9c,ef,7b,87,\
  187. "??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
  188.  
  189. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
  190. @Denied: (A 2) (Everyone)
  191. @="FlashBroker"
  192. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
  193.  
  194. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
  195. "Enabled"=dword:00000001
  196.  
  197. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
  198. @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
  199.  
  200. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
  201. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  202.  
  203. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  204. @Denied: (A 2) (Everyone)
  205. @="Shockwave Flash Object"
  206.  
  207. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  208. @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
  209. "ThreadingModel"="Apartment"
  210.  
  211. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  212. @="0"
  213.  
  214. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  215. @="ShockwaveFlash.ShockwaveFlash.10"
  216.  
  217. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  218. @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
  219.  
  220. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  221. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  222.  
  223. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  224. @="1.0"
  225.  
  226. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  227. @="ShockwaveFlash.ShockwaveFlash"
  228.  
  229. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  230. @Denied: (A 2) (Everyone)
  231. @="Macromedia Flash Factory Object"
  232.  
  233. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  234. @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
  235. "ThreadingModel"="Apartment"
  236.  
  237. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  238. @="FlashFactory.FlashFactory.1"
  239.  
  240. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  241. @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
  242.  
  243. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  244. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  245.  
  246. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  247. @="1.0"
  248.  
  249. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  250. @="FlashFactory.FlashFactory"
  251.  
  252. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
  253. @Denied: (A 2) (Everyone)
  254. @="IFlashBroker3"
  255.  
  256. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
  257. @="{00020424-0000-0000-C000-000000000046}"
  258.  
  259. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
  260. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  261. "Version"="1.0"
  262.  
  263. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  264. @Denied: (A) (Users)
  265. @Denied: (A) (Everyone)
  266. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  267. "BlindDial"=dword:00000000
  268. "MSCurrentCountry"=dword:000000b5
  269.  
  270. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  271. @Denied: (Full) (Everyone)
  272. .
  273. ------------------------ Other Running Processes ------------------------
  274. .
  275. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  276. c:\program files (x86)\Bonjour\mDNSResponder.exe
  277. c:\program files (x86)\TVersity\Media Server\MediaServer.exe
  278. c:\windows\SysWOW64\vmnat.exe
  279. c:\windows\SysWOW64\vmnetdhcp.exe
  280. c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
  281. .
  282. **************************************************************************
  283. .
  284. Completion time: 2011-02-10 14:11:03 - machine was rebooted
  285. ComboFix-quarantined-files.txt 2011-02-10 19:11
  286.  
  287. Pre-Run: 38,805,721,088 bytes free
  288. Post-Run: 38,705,721,344 bytes free
  289.  
  290. - - End Of File - - 66FA38F4439D3641B34395AEF2AF6D06
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!