ComboFix 11-07-12.09 - Administrator 07/12/2011 17:22:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.758 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix2.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\17948452.exe
c:\documents and settings\All Users\Application Data\kxPxmfaHJvu.exe
c:\program files\Internet Explorer\SET136.tmp
c:\program files\Internet Explorer\SET137.tmp
c:\program files\Internet Explorer\SET138.tmp
c:\program files\Internet Explorer\SET164.tmp
c:\program files\Internet Explorer\SET165.tmp
c:\program files\Internet Explorer\SET166.tmp
c:\program files\Internet Explorer\SET21E.tmp
c:\program files\Internet Explorer\SET21F.tmp
c:\program files\Internet Explorer\SET220.tmp
c:\windows\system32\kill.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- C:\rei
2011-07-12 15:04 . 2011-07-12 15:04 -------- d-----w- c:\program files\Reimage
2011-07-12 14:43 . 2011-07-12 14:44 -------- d-----w- c:\documents and settings\Administrator
2011-07-10 13:27 . 2011-07-10 13:29 -------- d--h--w- c:\program files\Timeless - The Forgotten Town Collector's Edition
2011-07-10 00:10 . 2011-06-07 15:55 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FD38686B-E0E1-45B1-9207-465F4FFF1B0F}\mpengine.dll
2011-07-04 19:04 . 2011-07-04 19:05 -------- d--h--w- c:\program files\Escape Whisper Valley
2011-07-04 15:40 . 2011-07-04 18:00 -------- d--h--w- c:\program files\Tales of Lagoona - Orphans of the Ocean
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\windows\system32\wbem\Repository
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Tales From The Dragon Mountain - The Strix
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Grim Facade - Mystery of Venice Collectors Edition
2011-07-04 15:09 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Yard Sale Hidden Treasures - Lucky Junction
2011-07-03 11:47 . 2011-07-04 15:09 -------- d--h--w- c:\program files\Golden Trails 2 - The Lost Legacy
2011-07-01 12:01 . 2011-07-01 12:03 -------- d--h--w- c:\program files\Intrigue Inc - Raven's Flight
2011-06-26 12:39 . 2011-06-26 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Deep Shadows
2011-06-24 21:02 . 2011-06-24 21:03 83249512 ---ha-w- c:\program files\Common Files\Windows Live\.cache\wlc57.tmp
2011-06-23 11:21 . 2011-06-23 11:21 -------- d--h--w- c:\program files\Escape the Emerald Star
2011-06-18 20:21 . 2011-06-18 20:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\TheRace_dev
2011-06-18 20:11 . 2011-06-18 20:13 -------- d--h--w- c:\program files\The Lost Cases of 221B Baker St
2011-06-17 14:30 . 2011-06-17 14:30 -------- d--h--w- c:\documents and settings\Default User\Application Data\Juniper Networks
2011-06-16 11:28 . 2011-04-21 13:37 105472 -c-h--w- c:\windows\system32\dllcache\mup.sys
2011-06-14 17:41 . 2011-06-14 17:41 -------- d--h--w- c:\documents and settings\All Users\Application Data\blg
2011-06-14 17:33 . 2011-06-14 17:34 -------- d--h--w- c:\program files\Spa Mania 2
2011-06-14 13:40 . 2011-06-14 13:42 -------- d--h--w- c:\program files\The Timebuilders - Caveman's Prophecy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-17 00:12 . 2010-11-16 20:31 83360 ---ha-w- c:\windows\system32\LMIRfsClientNP.dll
2011-06-17 00:12 . 2010-11-16 20:31 53632 ---ha-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-06-17 00:12 . 2010-11-16 20:31 29568 ---ha-w- c:\windows\system32\LMIport.dll
2011-06-17 00:12 . 2010-11-16 20:31 87424 ---ha-w- c:\windows\system32\LMIinit.dll
2011-06-07 15:55 . 2011-03-05 02:44 7074640 ---ha-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2009-06-10 23:48 692736 ---ha-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 04:56 151552 ---ha-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 03:15 456320 ---ha-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2004-08-04 04:56 916480 ---ha-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-04 04:56 1469440 ---h--w- c:\windows\system32\inetcpl.cpl
2011-04-25 16:11 . 2004-08-04 04:56 43520 ---h--w- c:\windows\system32\licmgr10.dll
2011-04-25 12:01 . 2004-08-04 02:59 385024 ---ha-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-04 03:15 105472 ---ha-w- c:\windows\system32\drivers\mup.sys
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---ha-r- c:\windows\cpnprt2.cid
2011-04-14 22:50 . 2011-04-14 22:50 398760 ---h--w- c:\windows\system32\cpnprt2.cid
2007-06-21 23:38 . 2007-06-21 23:38 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 23:38 . 2007-06-21 23:38 79432 -c-ha-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 23:38 . 2007-06-21 23:38 71240 -c-ha-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 23:38 . 2007-06-21 23:38 140872 -c-ha-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 23:39 . 2007-06-21 23:39 38472 -c-ha-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 23:39 . 2007-06-21 23:39 46664 -c-ha-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 23:39 . 2007-06-21 23:39 34376 -c-ha-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 23:39 . 2007-06-21 23:39 685640 -c-ha-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 23:40 . 2007-06-21 23:40 30280 -c-ha-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-03-15 868352]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-10 29984]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"pwreset"="c:\program files\Avaya\Avaya IP Agent\Service Provider\pwreset.exe" [2005-03-02 45056]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-06-17 00:12 87424 ---ha-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Cheryl Borbely^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Cheryl Borbely\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 14:26 114688 ---h--w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 -c-ha-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2008-07-10 03:05 46368 ---ha-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08 421160 -c-ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-05-31 16:31 63048 ---ha-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ---ha-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CiSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Avaya\\Avaya IP Agent\\IpAgent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Avaya\\IC70\\java\\bin\\java.exe"=
"c:\\Program Files\\Avaya\\SingleSignOn\\SingleSignOn.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\qui.exe"=
"c:\\Program Files\\Avaya\\IC70\\bin\\vtel.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\LogMeIn Rescue Calling Card\\CallingCard.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP
xpsp2res.dll,-22009
"2808:TCP"= 2808:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [12/12/2009 5:25 PM 64288]
R1 NEOFLTR_550_12129;Juniper Networks TDI Filter Driver (NEOFLTR_550_12129);c:\windows\system32\drivers\NEOFLTR_550_12129.sys [10/3/2007 4:20 PM 63008]
S1 MpKsl002360c6;MpKsl002360c6;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B46A177B-A3FF-4465-BB8C-ED68655EACD0}\MpKsl002360c6.sys [?]
S1 MpKsl0b20c03c;MpKsl0b20c03c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9D2FEEA0-BF73-4A70-9E9A-7028330EEE51}\MpKsl0b20c03c.sys [?]
S1 MpKsl3377748e;MpKsl3377748e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FD484AB-0B57-4943-920E-9D3E4ED84C39}\MpKsl3377748e.sys [?]
S1 MpKsl4289e372;MpKsl4289e372;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{564EB251-BFFC-44A0-9D83-D5A11A51B17A}\MpKsl4289e372.sys [?]
S1 MpKsl506483ff;MpKsl506483ff;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4F55608D-72AA-4CB0-A4D9-B367F828FBA3}\MpKsl506483ff.sys [?]
S1 MpKsl534f710a;MpKsl534f710a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E1182E59-5C49-4A5B-B2B4-125C6702B792}\MpKsl534f710a.sys [?]
S1 MpKslc31ef6ed;MpKslc31ef6ed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F54FA2D5-835C-4141-A540-296068D73F87}\MpKslc31ef6ed.sys [?]
S1 MpKsld936919e;MpKsld936919e;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0FB0FCF6-2E56-47BE-A958-F4E9E8094793}\MpKsld936919e.sys [?]
S1 MpKslffa48e52;MpKslffa48e52;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{314A2F38-AF6F-4E3C-8F0E-A9B3E7B6AA14}\MpKslffa48e52.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/27/2010 3:47 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2010 12:31 PM 12856]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [8/20/2008 8:42 PM 370872]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [11/3/2010 4:37 PM 245760]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2011 10:25 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 02:25]
.
2011-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
.
2011-07-12 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2011-07-10 08:51]
.
2011-07-12 c:\windows\Tasks\User_Feed_Synchronization-{3EA5B4BF-5CAC-4CF4-9058-289FEE2CA0BA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1 68.238.112.12
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-GoToMeeting - c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
AddRemove-BFG-Elizabeth Find M.D. - Diagnosis Mystery, Season 2 - c:\program files\Elizabeth Find M.D. - Diagnosis Mystery
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2011-07-12 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-117609710-1972579041-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b0,f9,8c,c4,44,db,27,4f,90,7b,02,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\NoExplorer]
@DACL=(02 0000)
@=dword:00000001
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-12 17:41:36
ComboFix-quarantined-files.txt 2011-07-12 21:41
.
Pre-Run: 85,261,393,920 bytes free
Post-Run: 85,371,707,392 bytes free
.
- - End Of File - - E7A51E7A798B69C3810DB235EC36BF37