Scribd
Upload
295 views14 pages

Combo Fix

This document summarizes the results of a ComboFix scan on a computer. It lists files and folders that were deleted by ComboFix, including temporary and log files. It also lists drivers, services, and files that were created between May 24, 2010 and June 24, 2010, including installation files for various software programs. The Find3M report section lists additional files on the system, including files associated with Microsoft software and Visual Studio project assemblies.

Uploaded by

Charles
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
295 views14 pages

Combo Fix

This document summarizes the results of a ComboFix scan on a computer. It lists files and folders that were deleted by ComboFix, including temporary and log files. It also lists drivers, services, and files that were created between May 24, 2010 and June 24, 2010, including installation files for various software programs. The Find3M report section lists additional files on the system, including files associated with Microsoft software and Visual Studio project assemblies.

Uploaded by

Charles
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 14

ComboFix 10-06-23.05 - JaimeCJ 06/24/2010 12:58:19.1.

2 - x86 MINIMAL
Running from: c:\users\jaimecj.AAM\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB0644
8E-52B8-493A-90F3-E43226D3305C}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-4
0984A4A8493}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\2956918867.dat
c:\windows\system32\390798377.dat
c:\windows\system32\dlumd10.dll
c:\windows\system32\dlumd9.dll
c:\windows\xpsp1hfm.log
----- BITS: Possible infected sites -----
hxxp://suswhq.aam.net
hxxp://wsusgga.aam.net:8530
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))
))))))))))))))))))))))))))))))
.
-------\Service_EventClientMultiplexernsi

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))


))))))))))))))))))))))))
.
2010-06-24 18:08 . 2010-06-24 18:08 -------- d-----w- c:\temp\
MDTAgent
2010-06-24 18:07 . 2010-06-24 18:11 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Local\temp
2010-06-24 18:07 . 2010-06-24 18:07 -------- d-----w- c:\users
\jaimecj~AAM\AppData\Local\temp
2010-06-24 18:07 . 2010-06-24 18:07 -------- d-----w- c:\users
\jaimecj\AppData\Local\temp
2010-06-24 18:07 . 2010-06-24 18:07 -------- d-----w- c:\users
\Default\AppData\Local\temp
2010-06-24 18:07 . 2010-06-24 18:07 -------- d-----w- c:\users
\Classic .NET AppPool\AppData\Local\temp
2010-06-24 12:17 . 2010-06-24 12:17 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\Malwarebytes
2010-06-24 12:17 . 2010-04-29 20:39 38224 ----a-w- c:\windows\syste
m32\drivers\mbamswissarmy.sys
2010-06-24 12:17 . 2010-06-24 12:17 -------- d-----w- c:\progr
amdata\Malwarebytes
2010-06-24 12:17 . 2010-04-29 20:39 20952 ----a-w- c:\windows\syste
m32\drivers\mbam.sys
2010-06-24 12:17 . 2010-06-24 12:17 -------- d-----w- c:\progr
am files\Malwarebytes' Anti-Malware
2010-06-23 20:18 . 2010-05-21 19:14 221568 ------w- c:\windows\syste
m32\MpSigStub.exe
2010-06-22 12:14 . 2010-04-23 07:13 2048 ----a-w- c:\windows\syste
m32\tzres.dll
2010-06-22 11:53 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\syste
m32\win32k.sys
2010-06-22 11:53 . 2010-03-05 07:42 67584 ----a-w- c:\windows\syste
m32\asycfilt.dll
2010-06-22 11:53 . 2010-05-21 05:18 977920 ----a-w- c:\windows\syste
m32\wininet.dll
2010-06-22 11:53 . 2010-05-27 03:49 293888 ----a-w- c:\windows\syste
m32\atmfd.dll
2010-06-22 11:53 . 2010-05-27 07:24 34304 ----a-w- c:\windows\syste
m32\atmlib.dll
2010-06-19 13:35 . 2010-06-19 13:36 1227048 ----a-w- C:\wic_x86_enu.e
xe
2010-06-19 13:26 . 2010-06-19 13:26 50449456 ----a-w- C:\dotNe
tFx40_Full_x86_x64.exe
2010-06-19 13:23 . 2010-06-19 13:23 889416 ----a-w- C:\dotNetFx40_Fu
ll_setup.exe
2010-06-17 17:40 . 2010-06-24 12:08 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Local\TVersity
2010-06-16 00:42 . 2010-06-16 16:24 -------- d-----w- c:\users
\jaimecj.AAM\dwhelper
2010-06-11 14:28 . 2010-06-11 14:28 -------- d-----w- c:\progr
amdata\FLEXnet
2010-06-11 14:26 . 2009-05-29 16:24 401408 ----a-w- c:\windows\syste
m32\vdonglew.dll
2010-06-11 14:25 . 2009-05-29 16:24 1228800 ----a-w- c:\windows\syste
m32\vdongle.dll
2010-06-11 14:25 . 2010-06-11 14:25 -------- d-----w- c:\progr
amdata\Vector
2010-06-11 14:25 . 2010-06-11 14:26 -------- d-----w- c:\progr
am files\CANalyzer 7.1
2010-06-11 14:25 . 2010-06-11 14:25 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\Vector
2010-06-11 14:01 . 2008-07-22 14:23 27072 ------w- c:\windows\syste
m32\drivers\VPCASp50.sys
2010-06-11 02:09 . 2009-05-18 18:17 26600 ----a-w- c:\windows\syste
m32\drivers\GEARAspiWDM.sys
2010-06-11 02:09 . 2008-04-17 17:12 107368 ----a-w- c:\windows\syste
m32\GEARAspi.dll
2010-06-11 02:08 . 2010-06-11 02:08 -------- d-----w- c:\progr
am files\iPod
2010-06-11 02:08 . 2010-06-11 02:09 -------- d-----w- c:\progr
amdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-11 02:08 . 2010-06-11 02:09 -------- d-----w- c:\progr
am files\iTunes
2010-06-11 02:07 . 2010-06-11 02:07 -------- d-----w- c:\progr
am files\QuickTime
2010-06-11 02:06 . 2010-06-11 02:06 -------- d-----w- c:\progr
am files\Apple Software Update
2010-06-11 02:04 . 2010-06-11 02:04 -------- d-----w- c:\progr
am files\Bonjour
2010-06-05 22:06 . 2010-06-05 22:06 -------- d-----w- C:\dyBOT
2010-06-05 22:05 . 2010-06-05 22:05 58368 ----a-w- c:\windows\syste
m32\CGDRUN20.DLL
2010-06-04 12:23 . 2010-06-04 12:23 -------- d-----w- c:\progr
am files\www.freewordexcelpassword.com
2010-06-04 12:06 . 2010-06-04 12:06 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Local\xlpre
2010-06-02 18:55 . 2010-06-02 18:56 -------- d-----w- c:\windo
ws\WindowsMobile
2010-06-02 13:43 . 2010-01-27 16:15 165488 ----a-w- c:\windows\syste
m32\drivers\dlkmd.sys
2010-06-02 13:43 . 2010-01-27 16:15 13936 ----a-w- c:\windows\syste
m32\drivers\dlkmdldr.sys
2010-06-02 13:36 . 2010-06-02 13:36 -------- d-----w- c:\progr
am files\DisplayLink Graphics
2010-06-02 13:35 . 2010-06-02 13:43 -------- d-----w- c:\progr
am files\DisplayLink Core Software
2010-06-02 13:34 . 2010-06-02 13:35 -------- d-----w- c:\progr
am files\Wireless USB Manager
2010-05-27 19:05 . 2010-03-01 16:12 882152 ----a-w- c:\windows\syste
m32\dgrpui45.dll
2010-05-27 19:05 . 2010-03-01 16:12 152960 ----a-w- c:\windows\syste
m32\drivers\digirlpt.sys
2010-05-27 19:05 . 2010-03-01 16:12 1025520 ----a-w- c:\windows\syste
m32\dgrpencx.exe
2010-05-26 19:07 . 2010-05-26 19:07 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\Move Networks
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2010-06-24 18:09 . 2009-10-03 13:12 -------- d-----w- c:\progr
amdata\VMware
2010-06-23 12:49 . 2009-10-13 17:18 737072 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports
.UI.dll
2010-06-23 12:49 . 2009-10-20 11:47 4277016 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-23 12:49 . 2010-05-19 12:46 42776 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-23 12:49 . 2009-10-17 01:33 588096 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-06-23 12:42 . 2009-10-02 16:39 -------- d-----w- c:\progr
am files\Microsoft Silverlight
2010-06-22 18:53 . 2010-06-22 18:53 86016 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\ejtisibl01\Met
adynamics.OPC.ClientX.dll
2010-06-22 13:49 . 2010-06-22 13:49 11264 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\w9gr-vg901\Int
erop.CommUtilities.dll
2010-06-22 13:49 . 2010-06-22 13:49 9216 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\cjph8f8m01\AxI
nterop.CommUtilities.dll
2010-06-22 12:45 . 2009-10-22 12:55 737072 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Spor
ts.UI.dll
2010-06-22 12:45 . 2009-10-13 17:18 4277016 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2010-06-22 12:44 . 2010-05-20 12:45 42776 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2010-06-21 15:28 . 2009-10-02 17:57 -------- d-----w- c:\progr
amdata\Roxio
2010-06-21 14:02 . 2010-06-21 14:02 15360 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\ygi9fgah01\AxI
nterop.ASABTCPLib.dll
2010-06-21 14:02 . 2010-06-21 14:02 15360 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\jccmub3v01\Int
erop.ASABTCPLib.dll
2010-06-21 14:02 . 2010-06-21 14:02 61440 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\anulolho01\Int
erop.MSFlexGridLib.dll
2010-06-21 14:02 . 2010-06-21 14:02 53248 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\VisualStudio\7.1\ProjectAssemblies\7r07gnyu01\AxI
nterop.MSFlexGridLib.dll
2010-06-21 12:47 . 2009-10-13 17:17 588096 ----a-w- c:\programdata\M
icrosoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-06-18 13:32 . 2009-11-24 08:09 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\vlc
2010-06-16 12:48 . 2009-10-07 16:45 -------- d-----w- c:\progr
am files\BarTender
2010-06-14 12:23 . 2009-10-02 17:42 -------- d-----w- c:\progr
am files\Common Files\Adobe
2010-06-11 14:46 . 2010-06-11 14:46 4 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\dhxiuw.dat
2010-06-11 14:26 . 2010-03-27 18:35 -------- d-----w- c:\progr
am files\Common Files\Vector
2010-06-11 14:25 . 2009-10-02 15:54 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
2010-06-11 13:56 . 2010-03-27 18:35 -------- d-----w- c:\progr
am files\CANalyzer 6.1
2010-06-11 02:08 . 2009-10-02 19:50 -------- d-----w- c:\progr
am files\Common Files\Apple
2010-06-11 02:07 . 2009-10-02 19:50 -------- d-----w- c:\progr
amdata\Apple Computer
2010-06-08 20:41 . 2009-10-02 14:50 -------- d-----w- c:\progr
amdata\Microsoft Help
2010-06-04 12:23 . 2010-06-04 12:23 2238 ----a-r- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\Installer\{2EB44B16-05EF-42FD-9300-A85CDEF60864}\
_294823.exe
2010-06-04 12:23 . 2010-06-04 12:23 2238 ----a-r- c:\users\jaimecj
.AAM\AppData\Roaming\Microsoft\Installer\{2EB44B16-05EF-42FD-9300-A85CDEF60864}\
_18be6784.exe
2010-05-28 13:41 . 2009-10-02 16:43 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\VMware
2010-05-26 19:07 . 2010-05-26 19:07 144195 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Move Networks\uninstall.exe
2010-05-26 19:07 . 2010-03-25 20:06 5605824 ----a-w- c:\users\jaimecj
.AAM\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
2010-05-25 19:27 . 2010-03-30 16:38 3280 --sh--r- C:\EVRSI.SYS
2010-05-25 11:55 . 2009-07-14 02:37 -------- d-----w- c:\progr
am files\Windows Mail
2010-05-24 18:58 . 2010-05-24 18:57 -------- d-----w- c:\progr
am files\Veetle
2010-05-21 02:57 . 2010-01-13 23:19 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\dvdcss
2010-05-18 21:53 . 2010-05-18 21:53 242824 ---ha-w- c:\windows\syste
m32\mlfcache.dat
2010-05-15 16:58 . 2009-10-02 15:06 149840 ----a-w- c:\users\jaimecj
.AAM\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-15 11:43 . 2009-10-06 15:17 -------- d-----w- c:\progr
am files\Google
2010-05-14 20:18 . 2010-05-14 20:18 -------- d-----w- c:\users
\jaimecj.AAM\AppData\Roaming\.ZMatrix
2010-05-14 20:18 . 2010-05-14 20:18 -------- d-----w- c:\progr
am files\ZMatrix
2010-05-13 14:08 . 2010-01-28 19:55 -------- d-----w- c:\progr
am files\FreeIPTools
2010-05-10 19:40 . 2010-05-10 19:40 -------- d-----w- c:\progr
am files\IGSViewer
2010-05-04 03:14 . 2009-10-06 13:32 -------- d-----w- c:\progr
am files\Notepad++
2010-04-29 19:56 . 2010-04-29 19:56 -------- d-----w- c:\progr
am files\Common Files\Macrovision Shared
2010-04-28 20:45 . 2010-04-28 20:45 73000 ----a-w- c:\programdata\A
pple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-20 12:56 . 2010-04-20 12:56 909320 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\uninstall.exe
2010-04-20 12:56 . 2010-04-20 12:56 625200 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\instUtils.dll
2010-04-20 12:50 . 2010-04-20 12:56 360448 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\module_license.dll
2010-04-20 12:50 . 2010-04-20 12:56 331776 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\module_ws.dll
2010-04-20 12:50 . 2010-04-20 12:56 569344 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\module_core.dll
2010-04-20 12:50 . 2010-04-20 12:56 760368 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\vnetlib.dll
2010-04-20 12:50 . 2010-04-20 12:56 703024 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\vnetlib.exe
2010-04-20 12:50 . 2010-04-20 12:56 958000 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-04-20 12:50 . 2010-04-20 12:56 922672 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-04-20 12:50 . 2010-04-20 12:56 731696 ----a-w- c:\programdata\V
Mware\VMware Workstation\Uninstaller\vminstutil.dll
2010-04-19 20:10 . 2010-04-20 12:32 539643560 ----a-w- C:\VMwar
e-workstation-full-7.0.1-227600.exe
2010-04-16 13:33 . 2010-04-16 13:33 41472 ----a-w- c:\windows\syste
m32\drivers\usbaapl.sys
2010-04-16 13:33 . 2010-04-16 13:33 3003680 ----a-w- c:\windows\syste
m32\usbaaplrc.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\syste
m32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\syste
m32\dns-sd.exe
2010-02-13 15:54 . 2010-02-13 15:54 119808 ----a-w- c:\program files
\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts
\StaticCache.dat
2006-05-03 09:06 . 2010-05-15 19:22 163328 --sh--r- c:\windows\Syste
m32\flvDX.dll
2007-02-21 10:47 . 2010-05-15 19:22 31232 --sh--r- c:\windows\Syste
m32\msfDX.dll
2008-03-16 12:30 . 2010-05-15 19:22 216064 --sh--r- c:\windows\Syste
m32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsx
s\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb1
08c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-08-18 11
5560]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe"
[2008-12-17 5730144]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemo
n.exe" [2009-05-26 85160]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDes
ktop.exe" [2010-02-13 30192]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-11-19 1657448]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-11-21 87144]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 124518
4]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010
-01-23 129584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRunasInstallPrompt"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Lo
gishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state
\S-1-5-21-2132214097-1894661125-1726288727-54023\Scripts\Logon\0\0]
"Script"=PwrcfgEN.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec A
ntivirus]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s
ys]
@="Driver"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^AutoSave Cleanup.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoSave Clean
up.lnk
backup=c:\windows\pss\AutoSave Cleanup.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^Clean AutoSave Temp Folders.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean AutoSave
Temp Folders.lnk
backup=c:\windows\pss\Clean AutoSave Temp Folders.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Start
up^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPo
int.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^jaimecj.AAM^AppData^Roaming^Microsoft^Windows^Sta
rt Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\jaimecj.AAM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Qui
ckSet]
2008-02-22 18:43 1245184 ----a-w- c:\program files\Dell\QuickSet\q
uickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWPersis
tentQueuedReporting]
2008-11-04 06:44 435096 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW
\DWTRIG20.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON T2
1 Series]
2008-09-12 07:00 199680 ----a-w- c:\windows\System32\spool\driver
s\w32x86\3\E_FATIFAL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPhone P
C Suite]
2010-04-19 17:45 1179648 ----a-w- c:\program files\NetDragon\91 Mo
bile\iPhone\iPhone PC Suite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM S
tartup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UP
DATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSSche
duler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\In
stallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHe
lper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHe
lper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel a
nd Hardware Abstraction Layer]
2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTim
e Task]
2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTas
k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 19:11 25623336 ----a-r- c:\program files\Skype\P
hone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2010-01-11 21:21 246504 ----a-w- c:\program files\Common Files\Ja
va\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UsbCipHe
lper]
2008-05-27 21:17 434176 ----a-w- c:\program files\Rockwell Automa
tion\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows
Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.ex
e
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVi
rus]
"DisableMonitoring"=dword:00000001
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBac
kplane.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [2009-11-23 135664]
R2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft
SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\A
SPI32.sys [2002-07-17 84832]
R3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\DRIVER
S\ax88172.sys [2002-05-14 18224]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\Display
LinkUsbPort_5.2.23219.0.sys [2010-01-27 21888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\pro
gram files\Google\Google Desktop Search\GoogleDesktop.exe [2010-02-13 30192]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu
.sys [2009-10-06 136704]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sy
s [2009-10-06 8320]
R3 pcidnt;A-B 1784-PCIDS;c:\windows\System32\Drivers\pcidnt.sys [x]
R3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\System32\drivers\RSI-PKTX-A.SYS [2002-11-13
16447]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\System32\drivers\RSIKTNG.SYS [
2002-04-24 38999]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-
07-05 155440]
R3 RTHWA;Realtek Wireless USB Host Wire Adapter;c:\windows\system32\DRIVERS\RTHW
A.SYS [2009-09-04 157568]
R3 RTUSBURC;Realtek Radio Controller Interface;c:\windows\system32\DRIVERS\RTUSB
URC.SYS [2009-09-04 79744]
R3 vcanxl;vcanxl;c:\windows\system32\drivers\vcanxl.sys [2007-04-12 373312]
R3 vmh;Virtual Machine Helper;c:\program files\Microsoft Virtual Server\vmh.exe
[2007-05-24 166808]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-1
4 9728]
R4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\
cdrom_mon.exe [2007-11-02 81920]
R4 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\
LogReceiver.exe [2007-07-09 94208]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\M
icrosoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [1999-10-04
101136]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30
239336]
R4 WiCenterService;WiCenterService;c:\program files\Wireless USB Manager\WiCente
rService.exe [2009-10-27 24576]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-01-27 13936]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2
009-04-14 33624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys
[2009-07-13 48128]
S2 AgentMDT;AutoSave Program Transfer Service;c:\program files\MDT Software\Auto
Save\Agent\AgentMdt.exe [2006-12-22 188416]
S2 DgRpEncx;Digi RealPort Network Service;c:\windows\system32\dgrpencx.exe [2010
-03-01 1025520]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Softw
are\DisplayLinkManager.exe [2010-01-27 4752744]
S2 FortiSslvpnDaemon;FortiClient SSL VPN;c:\windows\system32\FortiSSLVPNdaemon.e
xe [2009-03-09 518688]
S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Sof
tware\FactoryTalk Activation\Tools\FTActivationBoost.exe [2008-05-22 58664]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 2099
2]
S2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\N
mspHost.exe [2007-09-18 212992]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-1
0-20 50704]
S2 NSHE;Guardant Emulator Driver;c:\windows\system32\Drivers\NSHE.SYS [2008-11-2
3 97792]
S2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\
RdcyHost.exe [2007-09-18 212992]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2010-01-23 70704]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\
VMware\USB\vmware-usbarbitrator.exe [2010-01-23 563760]
S3 DIGIRPS;Digi RealPort Driver;c:\windows\system32\DRIVERS\digirlpt.sys [2010-0
3-01 152960]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-01-27 165488]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symante
c Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-28 102448]
S3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\Even
tServer.exe [2007-09-18 217088]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows V
ista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-29 4233728]
S3 pppop;PPPoP WAN Adapter;c:\windows\system32\DRIVERS\pppop.sys [2009-02-03 363
84]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 20736
0]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 98099
2]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13
661504]
S3 vhdbus;Microsoft Virtual Server Storage Bus;c:\windows\system32\DRIVERS\vhdbu
s.sys [2007-05-05 25480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 13:55]
2010-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-23 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = https://online.aam.com
uInternet Settings,ProxyOverride = *.aam.net;*.aam.com;*Imercer.com;*.gmsupplypo
wer.com;*.anx.com;*symantecliveupdate.com;10.*;<local>
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {1BF340DE-5001-11D3-A605-00A0249E352D} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/AWXview32U.cab
DPF: {3F890726-6F02-46F5-9B16-4C170B855B32} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/DBMiningU.cab
DPF: {57802C16-9A15-11D4-B2A8-0090272E599B} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/IcoSetServer.cab
DPF: {5B1A6E1E-5002-11D3-A605-00A0249E352D} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/TWXViewerU.cab
DPF: {7EB54CDE-0B8E-4DEA-B2B1-D4B835E30FF9} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/AWXInd32U.cab
DPF: {98A5DDE3-563B-11CF-A343-487C03C10000} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/GWXview32U.cab
DPF: {C5B79000-1E46-4800-B82E-DFA8F68B0886} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/AWXRep32U.cab
DPF: {D25FCAFC-F795-4609-89BB-5F78B4ACAF2C} - hxxp://fiswebgga.aam.net/WebHMI/ca
bs/GenVersion.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpn.aam.com/dana-cached/sc
/JuniperSetupClient.cab
FF - ProfilePath - c:\users\jaimecj.AAM\AppData\Roaming\Mozilla\Firefox\Profiles
\r8clogl8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/cse?cx=partner-p
ub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
FF - prefs.js: network.proxy.http - 10.64.26.114
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla
.dll
FF - component: c:\users\jaimecj.AAM\AppData\Roaming\Mozilla\Firefox\Profiles\r8
clogl8.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBit
CometExtension.dll
FF - component: c:\users\jaimecj.AAM\AppData\Roaming\Mozilla\Firefox\Profiles\r8
clogl8.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\Fortinet\SslvpnClient\npccplugin.dll
FF - plugin: c:\program files\Fortinet\SslvpnClient\nptcplugin.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\users\jaimecj.AAM\AppData\Local\Yahoo!\BrowserPlus\2.6.0\Plugins
\npybrowserplus_2.6.0.dll
FF - plugin: c:\users\jaimecj.AAM\AppData\Roaming\Move Networks\plugins\07180300
0001\npqmp071803000001.dll
FF - plugin: c:\users\jaimecj.AAM\AppData\Roaming\Mozilla\Firefox\Profiles\r8clo
gl8.default\extensions\[email protected]\plugins\npcoolirisplugin.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl
.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl
.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl
.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl
.require_safe_negotiation", false);
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM
.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\
Reader\Reader_sl.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.
exe
AddRemove-NSS - c:\program files\NSS\uninstall.exe
AddRemove-nView Desktop Manager - c:\windows\system32\nViewSetup.exe
AddRemove-XLPRE.exe - c:\program files\Password Recovery Engine for Excel\uninst
all.exe

**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x83044000]<< >>UNKNOWN [0x83E11000]<< >>UNKNOWN [0x8
3E00000]<< >>UNKNOWN [0x86F73EC5]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xe5726854
SecurityProcedure -> 0x1
QueryNameProcedure -> 0x8d605c66
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi
ce.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\program files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\Common Files\Rockwell\RnaDirServer.exe
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2010-06-24 13:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 18:21
Pre-Run: 1,987,637,248 bytes free
Post-Run: 1,790,005,248 bytes free
- - End Of File - - D485DAB553A302D7C079B7F604209E9A

You might also like