c:\favoritevideo\InvisibleFolder\20110406175558_fanke110406zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110407134910_zhengtu110408qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407135114_zhengtu110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110407154107_maiwang110408bkqipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407154302_maiwang110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110407154517_maiwang110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110407154823_maiwang110408cha15s.swf
c:\favoritevideo\InvisibleFolder\20110407171717_91wan110408qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110407213719_tiandiyingxiong110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408132526_jjshijie110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408133619_jjshijie110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408133827_guangben110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408134107_guangben110408zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408134253_guangben110411cha15s.swf
c:\favoritevideo\InvisibleFolder\20110408143626_zhengtu2110409qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408143721_zhengtu2110410qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408143834_zhengtu2110409zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408160141_menggongchangxiayishijie110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408160235_menggongchangxiayishijie110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408170526_maibaobao110409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408174809_souhuweibo110409qipao15s.swf
c:\favoritevideo\InvisibleFolder\20110408183110_4inlook110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408183250_4inlook110415zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408183429_4inlook110413cha15s.swf
c:\favoritevideo\InvisibleFolder\20110408183601_fanke110408zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408214743_dell110411zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408230627_pangu110409zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408230814_jiangxin110410zhu15s.swf
c:\favoritevideo\InvisibleFolder\20110408231004_pangu110409zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110408231144_jiangxin110410zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110409090633_zhengtu110409qipao2.swf
c:\favoritevideo\InvisibleFolder\20110409090943_zhengtu110409zanting2.swf
c:\favoritevideo\InvisibleFolder\20110409160542_zhengtu110410zanting15s.swf
c:\favoritevideo\InvisibleFolder\20110409160658_zhengtu110411zanting15s.swf
c:\favoritevideo\InvisibleFolder\condisp.dll
c:\favoritevideo\InvisibleFolder\peer(0).dll.tpp
c:\favoritevideo\InvisibleFolder\peer(1).dll
c:\favoritevideo\InvisibleFolder\peer(2).dll
c:\favoritevideo\InvisibleFolder\peer.dll
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0031_s.exe
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0032_s.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0036_s.exe.tpp
c:\favoritevideo\InvisibleFolder\pptvsetup_2.7.0.0038_s.exe
c:\favoritevideo\InvisibleFolder\TipsClient.dll
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011011020110110225500.zip
c:\favoritevideo\InvisibleFolder\vip_db_allinonetoday2011011020110110230246.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110109.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110114.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110120.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110125.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110130.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110204.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110207.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110212.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110217.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110218.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110223.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110228.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110305.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110315.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110320.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110321.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110324.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110329.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110403.zip
c:\favoritevideo\InvisibleFolder\vip_db_big20110406.zip
c:\favoritevideo\InvisibleFolder\vip_db_small2011010920110110.zip
c:\program files\I Want This
c:\program files\I Want This\I Want This.ico
c:\program files\I Want This\I Want This.ini
c:\program files\I Want This\I Want ThisInstaller.log
c:\program files\I Want This\Uninstall.exe
c:\users\elyaziedm\AppData\Local\I Want This
c:\users\elyaziedm\AppData\Local\I Want This\Chrome\I Want This.crx
c:\users\elyaziedm\Documents\~WRL0001.tmp
c:\users\elyaziedm\Documents\~WRL1224.tmp
c:\windows\inf\gsiata.inf
c:\windows\inf\gsiata.sys
c:\windows\system32\Config.ini
c:\windows\wininit.ini
.
c:\windows\system32\mswsock.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-01-28 to 2013-02-28 )))))))))))))))))))))))))))))))
.
.
2013-02-28 14:23 . 2011-03-10 10:0446280----a-w-c:\windows\system32\drivers\PSKMAD.sys
2013-02-28 14:21 . 2013-02-28 14:32--------d-----w-c:\users\elyaziedm\AppData\Local\temp
2013-02-28 14:21 . 2013-02-28 14:21--------d-----w-c:\users\Default\AppData\Local\temp
2013-02-28 14:12 . 2013-02-28 14:1260872----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{5824B8D8-7D3E-4E2A-B18D-E46BD8CBAC80}\offreg.dll
2013-02-27 09:42 . 2013-02-28 13:5430616----a-w-c:\windows\system32\drivers\hitmanpro37.sys
2013-02-27 06:29 . 2013-02-27 06:29--------d-----w-C:\FRST
2013-02-14 09:09 . 2013-02-14 09:09--------d-----w-c:\program files\HitmanPro
2013-02-14 09:08 . 2013-02-18 00:12--------d-----w-c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-07-04 17:06319617--sh--w-c:\windows\System32\SalaatTime.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-19 20:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\System32\mswsock.dll
[-] 2010-11-19 20:19 . D41D8CD98F00B204E9800998ECF8427E . 0 . . [------] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
[7] 2009-07-14 . 11A41F17527ED75D6B758FDD7F4FD00D . 232448 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7600.16385_none_b829ad298e9f53ff\mswsock.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-05-04 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2012-03-15 21:0286696----a-w-c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2012-03-15 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-26 39408]
"SRS WOW HD for ViewSonic"="c:\program files\SRS Labs\WOW HD for ViewSonic\SRSViewSonic_Win32.exe" [2008-11-12 1908736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-15 217256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-05-04 1561768]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-12 37152]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-10-21 296096]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
.
c:\users\elyaziedm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [x]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [x]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [x]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [x]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [x]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [x]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [x]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NST\0200000.011\ccSetx86.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [x]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [x]
S2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 SRS_ViewSonic;SRS Labs WOW HD ViewSonic;c:\windows\system32\drivers\srs_ViewSonic_i386.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - PSKMAD
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-04 15:09]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-26 09:56]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000Core.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2051932773-3675164257-2742990508-1000UA.job
- c:\users\elyaziedm\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-02 17:45]
.
2012-11-23 c:\windows\Tasks\Norton Security Scan for elyaziedm.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-09-12 19:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://
www.google.com.sg/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
AddRemove-EasyRecovery - c:\program files\Ontrack\EasyRecovery\uninstal.exe
AddRemove-I Want This - c:\program files\I Want This\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\2.0.0.17\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\System32\WUDFHost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\HitmanPro\HitmanPro.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2013-02-28 22:38:10 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-28 14:38
.
Pre-Run: 1,095,061,504 bytes free
Post-Run: 2,871,537,664 bytes free
.
- - End Of File - - AAEC18F5005ADDFB45D532E165307795