omboFix 13-01-22.01 - User 01/22/2013 17:35:38.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3326.1818 [GMT -6:00]
Running from: c:\users\User\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\User\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 23:41 . 2013-01-22 23:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-22 23:41 . 2013-01-22 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 23:33 . 2013-01-22 23:33 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4769F049-4990-468B-9969-C73CA16F463C}\MpKslb49ddea2.sys
2013-01-22 23:26 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4769F049-4990-468B-9969-C73CA16F463C}\mpengine.dll
2013-01-21 23:07 . 2013-01-21 23:07 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2013-01-21 23:07 . 2013-01-21 23:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-21 23:07 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-21 23:05 . 2013-01-21 23:05 -------- d-----w- c:\users\User\AppData\Local\Programs
2013-01-21 22:43 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-21 14:20 . 2013-01-21 14:28 -------- d-----w- c:\users\User\AppData\Roaming\PerformerSoft
2013-01-15 21:49 . 2013-01-15 21:49 -------- d-----w- c:\program files\Common Files\Java
2013-01-15 21:49 . 2013-01-15 21:48 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-12 20:56 . 2013-01-12 20:56 -------- d-----w- c:\users\User\AppData\Roaming\Theta
2013-01-09 14:12 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-09 14:12 . 2012-11-09 04:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 14:12 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 14:11 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 14:11 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-05 22:07 . 2012-12-29 10:26 6263784 ----a-w- c:\windows\system32\nvopencl.dll
2013-01-05 22:07 . 2012-12-29 10:26 8904632 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-01-05 22:07 . 2012-12-29 10:26 20450232 ----a-w- c:\windows\system32\nvoglv32.dll
2013-01-05 22:07 . 2012-12-29 10:26 201728 ----a-w- c:\windows\system32\nvinit.dll
2013-01-05 22:07 . 2012-12-29 10:26 2720696 ----a-w- c:\windows\system32\nvcuvid.dll
2013-01-05 22:07 . 2012-12-29 10:26 15129064 ----a-w- c:\windows\system32\nvd3dum.dll
2013-01-05 22:07 . 2012-12-29 10:26 7931896 ----a-w- c:\windows\system32\nvcuda.dll
2013-01-05 22:07 . 2012-12-29 10:26 1985976 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-01-05 22:07 . 2012-12-29 10:26 17560504 ----a-w- c:\windows\system32\nvcompiler.dll
2013-01-02 16:29 . 2013-01-02 16:29 -------- d-----w- c:\users\User\AppData\Local\SKIDROW
2012-12-29 08:54 . 2012-12-29 08:54 550328 ----a-w- c:\windows\system32\nvStreaming.exe
2012-12-28 16:59 . 2013-01-03 22:59 -------- d-----w- c:\users\User\AppData\Local\GRAW2
2012-12-28 16:59 . 2012-12-28 16:59 -------- d-----w- c:\users\User\AppData\Roaming\NVIDIA
2012-12-28 16:59 . 2012-12-28 16:59 -------- d-----w- c:\programdata\GRAW2
2012-12-27 22:01 . 2012-12-27 22:01 -------- d-----w- c:\users\User\AppData\Roaming\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 21:48 . 2012-08-11 20:52 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-15 21:48 . 2011-03-28 02:35 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-29 10:26 . 2012-12-18 14:30 958272 ----a-w- c:\windows\system32\nvumdshim.dll
2012-12-29 10:26 . 2012-12-18 14:30 889784 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-12-29 10:26 . 2012-12-18 14:30 2504248 ----a-w- c:\windows\system32\nvapi.dll
2012-12-29 10:26 . 2012-12-18 14:30 12641120 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-12-29 10:26 . 2012-12-18 14:30 1017272 ----a-w- c:\windows\system32\nvdispco32.dll
2012-12-29 08:26 . 2011-03-20 23:24 4129720 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:26 . 2011-03-20 23:24 3001272 ----a-w- c:\windows\system32\nvsvc.dll
2012-12-29 08:25 . 2011-08-07 23:00 62904 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:25 . 2011-03-20 23:24 639928 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:25 . 2011-03-20 23:24 108984 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-16 14:13 . 2012-12-21 16:16 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-10 23:01 . 2012-12-02 21:29 321384 ----a-w- c:\windows\system32\Sendori.dll
2012-11-28 21:40 . 2012-11-28 21:40 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F957E2BD-BAEA-4AEE-9C75-3567A677D57D}\gapaengine.dll
2012-11-14 02:09 . 2012-12-13 14:35 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 14:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 14:35 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 14:35 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 14:35 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 14:35 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 20:41 . 2012-03-31 18:41 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-12 20:41 . 2011-06-17 03:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 04:42 . 2012-12-13 14:11 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-13 14:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-24 17:50 . 2011-08-06 01:10 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Sendori Tray"="c:\program files\Sendori\SendoriTray.exe" [2012-12-10 82792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
backup=c:\windows\pss\Ralink Wireless Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Sanguine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Sanguine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Sanguine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Sanguine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-24 02:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-08-11 17:32 1690224 ----a-r- c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2008-07-21 18:30 12288 ----a-w- c:\program files\Hewlett-Packard\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2012-12-14 22:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 17:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-01-13 01:52 215360 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 18:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-07-08 04:38 336384 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-11 22:29 1354736 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-01-18 15:03 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [x]
R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [x]
R3 netr73;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr73.sys [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 usbcamcl;Driver for usbcamcl Device;c:\windows\system32\DRIVERS\usbcamcl.sys [x]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2v.sys [x]
R4 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 MpKslb49ddea2;MpKslb49ddea2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4769F049-4990-468B-9969-C73CA16F463C}\MpKslb49ddea2.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Application Sendori;Application Sendori;c:\program files\Sendori\SendoriSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187 Wireless LAN Utility\RtlService.exe [x]
S2 Service Sendori;Service Sendori;c:\program files\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files\Sendori\sndappv2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLB49DDEA2
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-07 c:\windows\Tasks\ReclaimerUpdateFiles_User.job
- c:\users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-24 18:54]
.
2013-01-20 c:\windows\Tasks\ReclaimerUpdateXML_User.job
- c:\users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-24 18:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?mtmhp=hyplogusaolp00000023
uInternet Settings,ProxyOverride =
LSP: c:\windows\system32\Sendori.dll
Trusted Zone: aol.com\www
Trusted Zone: yahoo.com
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{7BF3A389-75E3-4726-B989-05EF95F5289B}: NameServer = 216.146.35.240,216.146.36.240,192.168.254.254,192.168.254.254
TCP: Interfaces\{CF6A12B2-9650-457D-A0AD-6BDE9DE52BC8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\6u073y2h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=customfirefoxright-ff&s_qt=sb&tb_uuid=20120205005707728&tb_oid=05-02-2012&tb_mrud=12-12-2012
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?mtmhp=txtlnkusaolp00000051
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&s_qt=ab&s_it=customfirefoxright-ff&tb_uuid=20120205005707728&tb_oid=05-02-2012&tb_mrud=12-12-2012&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=190712_ctrl_2912_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - fcf97144000000000000485b3935737d
FF - user.js: extensions.BabylonToolbar_i.hardId - fcf97144000000000000485b3935737d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15541
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
MSConfigStartUp-Aim - c:\program files\AIM\aim.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
AddRemove-RadialpointServicepointDashboardExtensions_is1 - c:\users\User\AppData\Local\Temp\is-0FTUD.tmp\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,70,ba,e9,63,2c,5b,46,94,85,a8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,70,ba,e9,63,2c,5b,46,94,85,a8,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1079358472-3236965423-2660643196-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,a8,6d,f4,06,39,02,5f,3d,d5,af,da,50,63,66,ab,e3,f1,e7,06,c8,e0,33,
a9,2f,0e,39,ea,98,7b,d8,62,c2,f4,00,3f,ca,84,db,4d,2a,eb,82,9c,e7,1f,94,66,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_USERS\S-1-5-21-1079358472-3236965423-2660643196-1004\Software\SecuROM\License information*]
"datasecu"=hex:4e,e2,33,2a,f6,23,ce,8e,c2,a7,1d,b1,74,4d,62,66,f3,6f,f5,57,c7,
66,f8,2d,fe,41,ac,f6,ec,69,e3,18,a2,eb,d9,e4,af,2c,e9,12,7a,7a,11,64,74,9b,\
"rkeysecu"=hex:ac,ef,22,ca,7c,15,28,86,1a,08,2b,2b,64,bb,9f,68
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-22 17:44:00
ComboFix-quarantined-files.txt 2013-01-22 23:44
ComboFix2.txt 2010-01-15 19:21
ComboFix3.txt 2009-12-25 22:18
ComboFix4.txt 2009-12-10 15:06
ComboFix5.txt 2010-05-15 22:40
.
Pre-Run: 1,279,675,408,384 bytes free
Post-Run: 1,279,417,581,568 bytes free
.
- - End Of File - - BC025F8581F642FC2729E5FC678DF0A4