Sign In
Create Account
0
This topic is locked
I have a nasty little virus from somehow downloading whitesmoke translator, and I'm wondering how I can remove this virus. I saw in another thread about downloading ComboFix.exe, which I ran and then created a log in a text file. Below is the text from C:ComboFix.txt. Can anyone provide me with some help to remove this virus? Thanks!
ComboFix 11-01-08.05 - Jason 01/09/2011 22:11:13.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2045 [GMT -5:00]
Running from: c:usersJasonDesktopComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 50
The system cannot find the file LockedB.
The system cannot find the file lockedB.
The system cannot find the path specified.
The system cannot find the file LockedB.
The system cannot find the file LockedB.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:program files (x86)whitesmoketoolbarwhITesmoketoolbarx.dll
c:usersJasonAppDataRoaminginst.exe
c:usersJasonGoToAssistDownloadHelper.exe
c:windowsSysWow64decmprs.dll
.
((((((((((((((((((((((((( Files Created from 2010-12-10 to 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 03:13 . 2011-01-10 03:13 -------- d-----w- c:usersDefaultAppDataLocaltemp
2011-01-10 03:13 . 2011-01-10 03:13 -------- d-----w- c:usersClassic .NET AppPoolAppDataLocaltemp
2011-01-09 23:18 . 2010-11-10 02:35 8199504 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{84503753-493F-490C-939C-2785BB32ED66}mpengine.dll
2011-01-03 17:01 . 2011-01-10 02:58 -------- d-----w- c:program files (x86)whitesmoketoolbar
2010-12-25 12:49 . 2010-11-10 02:35 8199504 ----a-w- c:programdataMicrosoftMicrosoft AntimalwareDefinition UpdatesBackupmpengine.dll
2010-12-24 14:49 . 2010-12-24 14:49 601424 ------w- c:programdataMicrosoftMicrosoft AntimalwareDefinition Updates{D26D8FA8-4A2D-439E-A61B-E982B7CC35B4}gapaengine.dll
2010-12-24 07:30 . 2010-11-16 17:01 8199504 ------w- c:programdataMicrosoftWindows DefenderDefinition Updates{10005DB8-1211-41FE-BB51-5D2FD810123A}mpengine.dll
2010-12-24 04:58 . 2010-12-24 04:58 -------- d-----w- c:program files (x86)Microsoft Security Client
2010-12-24 04:57 . 2010-12-24 04:58 -------- d-----w- c:program filesMicrosoft Security Client
2010-12-15 19:30 . 2010-10-27 04:32 2048 ----a-w- c:windowsSysWow64tzres.dll
2010-12-15 19:30 . 2010-11-02 04:40 496128 ----a-w- c:windowsSysWow64taskschd.dll
2010-12-15 19:30 . 2010-11-02 04:40 305152 ----a-w- c:windowsSysWow64taskcomp.dll
2010-12-15 19:30 . 2010-11-02 04:34 192000 ----a-w- c:windowsSysWow64taskeng.exe
2010-12-15 19:30 . 2010-11-02 04:34 179712 ----a-w- c:windowsSysWow64schtasks.exe
2010-12-15 19:30 . 2010-10-20 04:54 34304 ----a-w- c:windowsSysWow64atmlib.dll
2010-12-15 19:30 . 2010-10-20 02:58 294400 ----a-w- c:windowsSysWow64atmfd.dll
2010-12-13 04:14 . 2010-12-13 04:14 94040 ----a-w- c:program files (x86)Common FilesWindows Live.cache3971a4d11cb9a7c1aDSETUP.dll
2010-12-13 04:14 . 2010-12-13 04:14 525656 ----a-w- c:program files (x86)Common FilesWindows Live.cache3971a4d11cb9a7c1aDXSETUP.exe
2010-12-13 04:14 . 2010-12-13 04:14 1691480 ----a-w- c:program files (x86)Common FilesWindows Live.cache3971a4d11cb9a7c1adsetup32.dll
2010-12-13 04:14 . 2010-12-13 04:14 94040 ----a-w- c:program files (x86)Common FilesWindows Live.cache37ecd3e01cb9a7c19DSETUP.dll
2010-12-13 04:14 . 2010-12-13 04:14 525656 ----a-w- c:program files (x86)Common FilesWindows Live.cache37ecd3e01cb9a7c19DXSETUP.exe
2010-12-13 04:14 . 2010-12-13 04:14 1691480 ----a-w- c:program files (x86)Common FilesWindows Live.cache37ecd3e01cb9a7c19dsetup32.dll
2010-12-13 04:12 . 2010-05-23 10:15 1619456 ----a-w- c:windowsSysWow64WMVDECOD.DLL
2010-12-13 04:12 . 2010-05-23 10:11 196608 ----a-w- c:windowsSysWow64mfreadwrite.dll
2010-12-13 04:12 . 2010-05-23 10:11 3181568 ----a-w- c:windowsSysWow64mf.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-10 02:13 . 2009-12-12 01:43 57752 ----a-w- c:windowsSysWow64rpcnet.dll
2010-12-27 21:05 . 2010-02-18 13:52 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCoreMicrosoft.Me
diaCenter.Sports.UI.dll
2010-12-27 21:01 . 2010-03-30 21:46 4277016 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkup-2markup.dll
2010-12-27 20:54 . 2010-06-15 02:07 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSM-2StartResources.dll
2010-12-10 21:41 . 2010-02-18 13:52 539968 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlightSpotlightResou
rces.dll
2010-11-25 00:42 . 2010-03-30 21:46 737072 ----a-w- c:programdataMicrosofteHomePackagesSportsV2SportsTemplateCore-2Microsoft.MediaCenter.Sports.UI.dll
2010-11-25 00:41 . 2010-02-18 13:52 4277016 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXUpdateableMarkupmarkup.dll
2010-11-25 00:41 . 2010-05-20 07:04 42776 ----a-w- c:programdataMicrosofteHomePackagesMCEClientUXdSMStartResources.dll
2010-11-25 00:41 . 2010-02-28 21:01 588096 ----a-w- c:programdataMicrosofteHomePackagesMCESpotlightMCESpotlight-2SpotlightResources.dll
2010-10-17 23:12 . 2010-10-17 23:12 29184 ----a-w- c:windowsSysWow64CtLoJack.dll
.
<pre> c:program files (x86)Absolute SoftwareAbsolute NotifierAbsoluteNotifier .exe c:program files (x86)AdobeReader 10.0ReaderReader_sl .exe c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart .exe c:program files (x86)Common FilesAdobeARM1.0AdobeARM .exe c:program files (x86)Common FilesAppleMobile Device SupportAppleSyncNotifier .exe c:program files (x86)Common FilesJavaJava Updatejusched .exe c:program files (x86)CyberLinkPowerDVD DXPDVDDXSrv .exe c:program files (x86)Dell Support Centerbinsprtcmd .exe c:program files (x86)Dell WebcamDell Webcam CentralWebcamDell2 .exe c:program files (x86)GoogleGoogleToolbarNotifierGoogleToolbarNotifier .exe c:program files (x86)iTunesiTunesHelper .exe c:program files (x86)Microsoft OfficeOffice12GrooveMonitor .exe c:program files (x86)QuickTimeQTTask .exe c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher .exe </pre>
((((((((((((((((((((((((((((( SnapShot@2011-01-10_02.59.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-12-12 00:56 . 2011-01-10 02:14 32768 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCooki
esindex.dat
+ 2009-12-12 00:56 . 2011-01-10 03:04 32768 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCooki
esindex.dat
+ 2009-12-12 00:56 . 2011-01-10 03:04 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTempora
ry Internet FilesContent.IE5index.dat
- 2009-12-12 00:56 . 2011-01-10 02:14 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTempora
ry Internet FilesContent.IE5index.dat
+ 2009-07-14 04:54 . 2011-01-10 03:04 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory
History.IE5index.dat
- 2009-07-14 04:54 . 2011-01-10 02:14 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistory
History.IE5index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 21:28 1233288 ----a-w- c:program files (x86)Ask.comGenericAskToolbar.dll
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program files (x86)Ask.comGenericAskToolbar.dll" [2010-06-10 1233288]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072]
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"Desktop Disc Tool"="c:program files (x86)RoxioRoxio BurnRoxioBurnLauncher.exe" [N/A]
c:programdataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth.lnk - c:program filesWIDCOMMBluetooth SoftwareBTTray.exe [2009-7-1 1079584]
vpngui.exe.lnk - c:windowsInstaller{467D5E81-8349-4892-9E81-C3674ED8E451}Icon09DB8A851.exe [2010-6-15 5120]
WinZip Quick Pick.lnk - c:program files (x86)WinZipWZQKPICK.EXE [2009-12-22 106560]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversiondrivers32]
"mixer3"=wdmaud.drv
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMCODS]
@=""
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-06-28 135664]
R2 OracleXETNSListener;OracleXETNSListener;c:oraclexeapporacleproduct10.2.0se
rverBINtnslsnr.exe [2006-02-02 204800]
R2 SessionLauncher;SessionLauncher;c:usersADMINI~1AppDataLocalTempDX9Session
Launcher.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [2010-04-20 22528]
R3 NisDrv;Microsoft Network Inspection System;c:windowssystem32DRIVERSNisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:program filesMicrosoft Security ClientAntimalwareNisSrv.exe [2010-11-11 282616]
R3 RoxMediaDB10;RoxMediaDB10;c:program files (x86)Common FilesRoxio Shared10.0SharedCOMRoxMediaDB10.exe [2009-06-26 1124848]
R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [2010-04-18 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:program filesMicrosoft SQL Server100SharedSQLADHLP.EXE [2008-07-10 61976]
R4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:oraclexeapporacleproduct10.2.0
serverBinextjob.exe XE [x]
S0 PxHlpa64;PxHlpa64;c:windowsSystem32DriversPxHlpa64.sys [2010-08-12 55856]
S1 RsFx0103;RsFx0103 Driver;c:windowssystem32DRIVERSRsFx0103.sys [2009-03-30 311656]
S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:windowssystem32atiesrxx.exe [2009-06-25 203264]
S2 MsDtsServer100;SQL Server Integration Services 10.0;c:program filesMicrosoft SQL Server100DTSBinnMsDtsSrvr.exe [2008-07-10 214040]
S2 OracleServiceXE;OracleServiceXE;c:oraclexeapporacleproduct10.2.0serverbin
ORACLE.EXE XE [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:program filesMicrosoft SQL ServerMSRS10.MSSQLSERVERReporting ServicesReportServerbinReportingServicesService.exe [2009-03-30 2075480]
S3 btwl2cap;Bluetooth L2CAP Service;c:windowssystem32DRIVERSbtwl2cap.sys [2009-07-02 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:windowssystem32DRIVERSCtClsFlt.sys [2009-06-15 172704]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:windowssystem32DRIVERSk57nd60a.sys [2009-06-10 270848]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:windowssystem32DRIVERSMpNWMon.sys [2010-10-25 40832]
S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:program filesMicrosoft SQL ServerMSSQL10.MSSQLSERVERMSSQLBinnfdlauncher.exe [2008-07-10 34840]
S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:windowssystem32DRIVERSNETw5v64.sys [2009-05-14 5435904]
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
2011-01-10 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-06-28 14:09]
2011-01-10 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2010-06-28 14:09]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiers9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOTCLSID{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 12:55 99080 ----a-w- c:program filesCommon FilesTortoiseOverlaysTortoiseOverlays.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SynTPEnh"="%ProgramFiles%SynapticsSynTPSynTPEnh.exe" [N/A]
"SysTrayApp"="c:program filesIDTWDMsttray64.exe" [2009-06-29 444416]
"QuickSet"="c:program filesDellQuickSetQuickSet.exe" [2009-07-02 3180624]
"Broadcom Wireless Manager UI"="c:program filesDellDell Wireless WLAN CardWLTRAY.exe" [2009-07-17 4968960]
"MSC"="c:program filesMicrosoft Security Clientmsseces.exe" [2010-11-30 1436224]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:windowsSysWOW64blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
IE: E&xport to Microsoft Excel - c:progra~2MIF5BA~1Office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:program filesWIDCOMMBluetooth Softwarebtsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]
@="0"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash10h.ocx, 1"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash10h.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash10h.ocx, 1"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]
@="1.0"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINESOFTWAREMcAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftOfficeCommonSmart TagActions{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftOfficeCommonSmart TagActions{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane\0]
"Key"="ActionsPane"
"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTO8.0ActionsPane.xsd"
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftSchema LibraryActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:Program Files (x86)Common FilesMicrosoft SharedVSTOActionsPane3.xsd"
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-09 22:20:50
ComboFix-quarantined-files.txt 2011-01-10 03:20
Pre-Run: 304,492,695,552 bytes free
Post-Run: 304,201,928,704 bytes free
- - End Of File - - 2E45DA68D4774F089F0F402FF6C79AAB
bump
Back to top
