Вы находитесь на странице: 1из 8

ComboFix 11-05-04.04 - dtb 05/08/2011 18:25:06.1.

2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3836.2205 [GMT 2:00]
Running from: c:\users\dtb\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCDADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\users\dtb\AppData\Roaming\chrtmp
c:\windows\SysWow64\.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-08 to 2011-05-08 )))))))
))))))))))))))))))))))))
.
.
2011-05-08 16:29 . 2011-05-08 16:29
-------d-----wc:\users
\Default\AppData\Local\temp
2011-05-08 16:08 . 2011-04-10 23:21
8802128 ----a-wc:\programdata\M
icrosoft\Microsoft Antimalware\Definition Updates\{0417D3FB-C581-4E87-A1B7-EA72E
7281F8F}\mpengine.dll
2011-05-08 16:08 . 2011-05-08 16:08
-------d-----wc:\progr
am files (x86)\Microsoft Security Client
2011-05-08 16:07 . 2011-05-08 16:08
-------d-----wc:\progr
am files\Microsoft Security Client
2011-05-07 20:12 . 2011-05-08 01:03
-------d-----wC:\WinSe
tupFromUSB
2011-05-07 13:41 . 2011-02-12 11:34
267776 ----a-wc:\windows\syste
m32\FXSCOVER.exe
2011-05-07 13:41 . 2011-02-23 04:56
158208 ----a-wc:\windows\syste
m32\drivers\mrxsmb.sys
2011-05-07 13:41 . 2011-02-23 04:55
287744 ----a-wc:\windows\syste
m32\drivers\mrxsmb10.sys
2011-05-07 13:41 . 2011-02-23 04:55
128000 ----a-wc:\windows\syste
m32\drivers\mrxsmb20.sys
2011-05-07 13:41 . 2011-02-23 04:55
90624 ----a-wc:\windows\syste
m32\drivers\bowser.sys
2011-05-07 13:28 . 2011-05-07 13:28
-------d-----wc:\progr
am files\FlashBoot
2011-05-05 11:21 . 2011-05-05 11:22
-------d-----wc:\progr
amdata\WorldWindData
2011-04-30 20:05 . 2011-04-30 20:15
-------d-----wc:\users
\dtb\AppData\Local\Microsoft Games
2011-04-28 13:44 . 2011-04-28 13:44
-------d-----wc:\users
\dtb\AppData\Roaming\GARMIN
2011-04-28 13:44 . 2011-04-28 13:44
-------d-----wc:\progr
amdata\GARMIN
2011-04-28 13:43 . 2011-05-05 14:32
-------d-----wC:\Garmi
n
2011-04-26 17:16 . 2011-04-26 17:16
20
----a-wc:\windows\syste
m32\BPMCPSQHDHQCICZBM.DLL
2011-04-20 09:28 . 2011-05-07 10:09
521351 ----a-wc:\program files
(x86)\Drivers_pack_v4.55.63_fix.exe
2011-04-17 13:43 . 2011-04-17 13:43
-------d-----wc:\progr

am files\7-Zip
2011-04-15 01:34 . 2011-05-08 01:00
-------d-----wc:\users
\dtb\AppData\Local\GamePlayLabs Plugin
2011-04-14 00:23 . 2011-04-30 20:02
-------d-----wc:\users
\dtb\AppData\Local\ElevatedDiagnostics
2011-04-13 16:55 . 2002-10-06 18:42
237568 ----a-wc:\windows\syste
m32\OggDS.dll
2011-04-13 16:55 . 2002-10-04 23:04
921600 ----a-wc:\windows\syste
m32\vorbisenc.dll
2011-04-13 16:55 . 2002-10-04 23:04
188416 ----a-wc:\windows\syste
m32\vorbis.dll
2011-04-13 16:55 . 2002-10-04 23:04
45056 ----a-wc:\windows\syste
m32\ogg.dll
2011-04-13 16:55 . 2011-04-16 10:47
-------d-----wc:\progr
am files (x86)\Tennis Elbow 2011
2011-04-13 16:14 . 2011-04-13 16:14
-------d-----wc:\users
\dtb\AppData\Local\Aspyr
2011-04-13 16:14 . 2011-04-13 16:14
-------d-----wc:\progr
amdata\Aspyr
2011-04-13 16:01 . 2011-05-05 14:32
-------d-----wc:\windo
ws\system32\appmgmt
2011-04-13 15:26 . 2011-04-13 16:08
-------d-----wc:\progr
am files (x86)\Aspyr
2011-04-13 00:23 . 2011-04-13 00:23
-------d-----wc:\users
\dtb\AppData\Local\assembly
2011-04-13 00:23 . 2011-04-13 00:23
-------d-----wc:\users
\dtb\AppData\Local\Deployment
2011-04-13 00:23 . 2011-04-13 00:23
-------d-----wc:\users
\dtb\AppData\Local\Apps
2011-04-12 12:11 . 2011-05-03 18:17
-------d-----wc:\users
\dtb\AppData\Roaming\vlc
2011-04-09 17:06 . 2011-04-09 17:06
-------d-----wc:\progr
am files (x86)\DevExpress 2010.2
2011-04-09 16:54 . 2011-04-09 16:54
-------d-----wc:\users
\dtb\AppData\Roaming\Microsoft Corporation
2011-04-09 16:33 . 2009-07-22 08:17
78872 ----a-wc:\windows\syste
m32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-04-09 16:33 . 2009-07-22 08:17
50200 ----a-wc:\windows\SysWo
w64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2011-04-09 16:33 . 2009-07-22 08:17
79896 ----a-wc:\windows\SysWo
w64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-04-09 16:33 . 2009-07-22 08:17
111640 ----a-wc:\windows\syste
m32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2011-04-09 16:32 . 2011-04-09 16:32
-------d-----wc:\windo
ws\system32\RsFx
2011-04-09 16:31 . 2011-04-09 16:31
-------d-----wc:\progr
am files\Microsoft Visual Studio 9.0
2011-04-09 16:30 . 2011-04-09 16:30
-------d-----wc:\progr
am files\Microsoft.NET
2011-04-09 16:24 . 2011-04-09 16:32
-------d-----wc:\progr
am files\Microsoft SQL Server
2011-04-09 16:24 . 2011-04-09 16:31
-------d-----wc:\progr
am files (x86)\Microsoft SQL Server
2011-04-09 16:23 . 2011-04-09 16:23
-------d-----wc:\progr
am files\Microsoft Sync Framework
2011-04-09 16:23 . 2011-04-09 16:23
-------d-----wc:\progr
am files\Microsoft Synchronization Services
2011-04-09 16:23 . 2011-04-09 16:23
-------d-----wc:\progr
am files\Microsoft SQL Server Compact Edition
2011-04-09 16:18 . 2011-04-09 16:18
-------d-----wc:\progr

am files (x86)\Microsoft ASP.NET


2011-04-09 16:18 . 2011-04-09 16:18
-------d-----wc:\progr
am files\IIS
2011-04-09 16:18 . 2011-04-09 16:18
-------d-----wc:\progr
am files (x86)\IIS
2011-04-09 16:17 . 2011-04-09 17:13
2471072 ----a-wc:\programdata\M
icrosoft\VisualStudio\10.0\1033\ResourceCache.dll
2011-04-09 16:10 . 2011-04-09 16:30
-------d-----wc:\windo
ws\SysWow64\1033
2011-04-09 16:10 . 2011-04-09 16:13
-------d-----wc:\progr
am files (x86)\Microsoft F#
2011-04-09 16:10 . 2011-04-09 16:11
-------d-----wc:\progr
am files (x86)\HTML Help Workshop
2011-04-09 16:10 . 2011-04-09 16:13
-------d-----wc:\progr
am files (x86)\Common Files\Merge Modules
2011-04-09 16:06 . 2011-04-09 16:06
-------d-----wc:\progr
am files (x86)\Microsoft Visual Studio 9.0
2011-04-09 16:06 . 2011-04-09 16:30
-------d-----wc:\windo
ws\system32\1033
2011-04-09 16:06 . 2011-04-09 16:24
-------d-----wc:\progr
am files\Microsoft Visual Studio 10.0
2011-04-09 16:06 . 2011-04-09 16:24
-------d-----wc:\progr
am files (x86)\Microsoft SDKs
2011-04-09 16:06 . 2011-04-09 16:06
-------d-----wc:\windo
ws\symbols
2011-04-09 16:06 . 2011-04-09 16:06
-------d-----wc:\progr
am files\Microsoft Help Viewer
2011-04-09 14:05 . 2002-01-06 23:32
162816 ----a-wc:\windows\SysWo
w64\TKorektor.dll
2011-04-09 14:05 . 2011-04-09 14:05
-------d-----wc:\progr
am files (x86)\Korektor M
2011-04-09 14:05 . 2001-07-02 00:03
183296 ----a-wc:\windows\SysWo
w64\lektor.dll
2011-04-09 12:14 . 1997-11-19 13:49
303616 ----a-wc:\windows\IsUni
nst.exe
2011-04-08 22:29 . 2011-04-08 22:30
-------d-----wc:\users
\dtb\AppData\Roaming\.emacs.d
2011-04-08 22:14 . 2011-04-08 23:55
-------d-----wc:\progr
am files (x86)\FreeSpell
2011-04-08 22:06 . 2011-04-08 22:06
-------d-----wc:\progr
am files (x86)\Aspell
2011-04-08 22:04 . 2002-12-21 23:37
352020 ----a-wc:\program files
(x86)\Mozilla Firefox\TmpInstall\setup-Aspell-en-0.50-2.exe
2011-04-08 21:48 . 2011-04-08 21:59
-------d-----wc:\progr
am files (x86)\Common Files\ISpell
2011-04-08 16:39 . 2011-04-08 16:39
-------d-----wc:\progr
am files (x86)\Common Files\Java
2011-04-08 16:35 . 2011-04-08 16:35
-------d-----wc:\progr
am files\Core Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-04-07 12:27 . 2011-04-07 12:27
86528 ----a-wc:\windows\SysWo
w64\iesysprep.dll
2011-04-07 12:27 . 2011-04-07 12:27
76800 ----a-wc:\windows\SysWo
w64\SetIEInstalledDate.exe
2011-04-07 12:27 . 2011-04-07 12:27
74752 ----a-wc:\windows\SysWo

w64\RegisterIEPKEYs.exe
2011-04-07 12:27 . 2011-04-07
w64\tdc.ocx
2011-04-07 12:27 . 2011-04-07
w64\mshtmler.dll
2011-04-07 12:27 . 2011-04-07
w64\html.iec
2011-04-07 12:27 . 2011-04-07
w64\jscript9.dll
2011-04-07 12:27 . 2011-04-07
w64\msls31.dll
2011-04-07 12:27 . 2011-04-07
w64\wininet.dll
2011-04-07 12:27 . 2011-04-07
w64\IEAdvpack.dll
2011-04-07 12:27 . 2011-04-07
w64\iesetup.dll
2011-04-07 12:27 . 2011-04-07
w64\vbscript.dll
2011-04-07 12:27 . 2011-04-07
w64\licmgr10.dll
2011-04-07 12:27 . 2011-04-07
w64\wextract.exe
2011-04-07 12:27 . 2011-04-07
w64\iexpress.exe
2011-04-07 12:27 . 2011-04-07
w64\inetcpl.cpl
2011-04-07 12:27 . 2011-04-07
m32\RegisterIEPKEYs.exe
2011-04-07 12:27 . 2011-04-07
w64\imgutil.dll
2011-04-07 12:27 . 2011-04-07
w64\mshtml.tlb
2011-04-07 12:27 . 2011-04-07
m32\mshtml.tlb
2011-04-07 12:27 . 2011-04-07
m32\msls31.dll
2011-04-07 12:27 . 2011-04-07
m32\ieUnatt.exe
2011-04-07 12:27 . 2011-04-07
w64\ieUnatt.exe
2011-04-07 12:27 . 2011-04-07
m32\wininet.dll
2011-04-07 12:27 . 2011-04-07
m32\mshta.exe
2011-04-07 12:27 . 2011-04-07
w64\mshta.exe
2011-04-07 12:27 . 2011-04-07
m32\admparse.dll
2011-04-07 12:27 . 2011-04-07
w64\admparse.dll
2011-04-07 12:27 . 2011-04-07
m32\SetIEInstalledDate.exe
2011-04-07 12:27 . 2011-04-07
m32\iesetup.dll
2011-04-07 12:27 . 2011-04-07
m32\tdc.ocx
2011-04-07 12:27 . 2011-04-07
m32\imgutil.dll
2011-04-07 12:27 . 2011-04-07

12:27

63488

----a-w-

c:\windows\SysWo

12:27

48640

----a-w-

c:\windows\SysWo

12:27

367104 ----a-w-

c:\windows\SysWo

12:27

1797632 ----a-w-

c:\windows\SysWo

12:27

161792 ----a-w-

c:\windows\SysWo

12:27

1126912 ----a-w-

c:\windows\SysWo

12:27

110592 ----a-w-

c:\windows\SysWo

12:27

74752

----a-w-

c:\windows\SysWo

12:27

420864 ----a-w-

c:\windows\SysWo

12:27

23552

----a-w-

c:\windows\SysWo

12:27

152064 ----a-w-

c:\windows\SysWo

12:27

150528 ----a-w-

c:\windows\SysWo

12:27

1427456 ----a-w-

c:\windows\SysWo

12:27

89088

----a-w-

c:\windows\syste

12:27

35840

----a-w-

c:\windows\SysWo

12:27

2382848 ----a-w-

c:\windows\SysWo

12:27

2382848 ----a-w-

c:\windows\syste

12:27

222208 ----a-w-

c:\windows\syste

12:27

173056 ----a-w-

c:\windows\syste

12:27

142848 ----a-w-

c:\windows\SysWo

12:27

1389056 ----a-w-

c:\windows\syste

12:27

12288

----a-w-

c:\windows\syste

12:27

11776

----a-w-

c:\windows\SysWo

12:27

114176 ----a-w-

c:\windows\syste

12:27

101888 ----a-w-

c:\windows\SysWo

12:27

91648

----a-w-

c:\windows\syste

12:27

85504

----a-w-

c:\windows\syste

12:27

76800

----a-w-

c:\windows\syste

12:27

49664

----a-w-

c:\windows\syste

12:27

48640

----a-w-

c:\windows\syste

m32\mshtmler.dll
2011-04-07 12:27 . 2011-04-07 12:27
448512 ----a-wc:\windows\syste
m32\html.iec
2011-04-07 12:27 . 2011-04-07 12:27
2303488 ----a-wc:\windows\syste
m32\jscript9.dll
2011-04-07 12:27 . 2011-04-07 12:27
135168 ----a-wc:\windows\syste
m32\IEAdvpack.dll
2011-04-07 12:27 . 2011-04-07 12:27
111616 ----a-wc:\windows\syste
m32\iesysprep.dll
2011-04-07 12:27 . 2011-04-07 12:27
603648 ----a-wc:\windows\syste
m32\vbscript.dll
2011-04-07 12:27 . 2011-04-07 12:27
30720 ----a-wc:\windows\syste
m32\licmgr10.dll
2011-04-07 12:27 . 2011-04-07 12:27
165888 ----a-wc:\windows\syste
m32\iexpress.exe
2011-04-07 12:27 . 2011-04-07 12:27
160256 ----a-wc:\windows\syste
m32\wextract.exe
2011-04-07 12:27 . 2011-04-07 12:27
1492992 ----a-wc:\windows\syste
m32\inetcpl.cpl
2011-04-05 13:49 . 2011-04-05 13:49
8192
----a-wc:\windows\SysWo
w64\srvany.exe
2011-04-05 13:49 . 2011-04-05 13:49
151552 ----a-wc:\windows\KMSer
vice.exe
2011-03-26 15:35 . 2009-07-14 02:36
152576 ----a-wc:\windows\SysWo
w64\msclmd.dll
2011-03-26 15:35 . 2009-07-14 02:36
175616 ----a-wc:\windows\syste
m32\msclmd.dll
2011-03-23 09:11 . 2011-03-25 19:58
8424784 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{B826CE11-2EC7-48C0-A942-EA598C2782
74}\mpengine.dll
2011-03-04 06:19 . 2011-05-08 15:45
135168 ----a-wc:\windows\apppa
tch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-05-08 15:45
350208 ----a-wc:\windows\apppa
tch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-25 21:02
1139200 ----a-wc:\windows\syste
m32\FntCache.dll
2011-02-19 12:04 . 2011-03-25 21:02
1544192 ----a-wc:\windows\syste
m32\DWrite.dll
2011-02-19 12:04 . 2011-03-25 21:02
902656 ----a-wc:\windows\syste
m32\d2d1.dll
2011-02-19 06:30 . 2011-03-25 21:02
1076736 ----a-wc:\windows\SysWo
w64\DWrite.dll
2011-02-19 06:30 . 2011-03-25 21:02
739840 ----a-wc:\windows\SysWo
w64\d2d1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2009-03-13 1118720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart
.exe" [2011-01-26 336384]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe

" [2010-04-07 600688]


"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotr
ay.exe" [2007-05-10 624248]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-0
3-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\dri
vers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
--- Other Services/Drivers In Memory --.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPNWMON
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-22 c:\windows\Tasks\At1.job
- c:\windows\fveupddate.exe [2009-07-13 01:39]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-26 02:06]
.
2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-26 02:06]
.
.
--------- x86-64 ----------.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePow
erTray.exe" [2010-04-23 861216]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [200909-22 323584]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-02-26 206208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 14362
24]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan ------.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Ac
roIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\
Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8
.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8
.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acroba
t 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Ac
robat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0
\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acro
IEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\dtb\AppData\Roaming\Mozilla\Firefox\Profiles\zcuzguu
3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.
aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT27
90392&q=
FF - user.js: general.useragent.extra.brc .
- - - - ORPHANS REMOVED - - - .
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
BHO-{6FCA6EBA-3997-176B-2CE2-5E0805E77B09} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninst
aller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4
BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld
.amd64"
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-08 18:32:43
ComboFix-quarantined-files.txt 2011-05-08 16:32
.
Pre-Run: 14,763,458,560 bytes free
Post-Run: 14,789,300,224 bytes free
.
- - End Of File - - 028E16EE93E4F22CEF4DE9D91CEE3D1E