ComboFix 10-08-31.01 - Lee 01/09/2010 19:56:10.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.931 [GMT 1:00] Running from: c:\users\Lee\Desktop\ComboFix.exe Command switches used :: c:\users\Lee\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point file zipped: c:\users\Lee\AppData\Roaming\6545.tmp file zipped: c:\windows\system32\ddraw32.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\1418855363 c:\users\Lee\AppData\Roaming\6545.tmp c:\windows\system32\ddraw32.dll . ((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 ))))))))))))))))))))))))))))))) . 2010-09-01 19:05 . 2010-09-01 19:05 -------- d-----w- c:\users\Lee\AppData\Local\temp 2010-09-01 19:05 . 2010-09-01 19:05 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-09-01 19:05 . 2010-09-01 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-30 14:08 . 2010-08-30 14:08 388096 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-30 14:08 . 2010-08-30 14:08 -------- d-----w- c:\program files\Trend Micro 2010-08-29 18:14 . 2010-08-29 18:14 266240 ----a-w- c:\windows\system32\CSHelper.exe 2010-08-29 18:14 . 2010-08-29 18:14 225280 ----a-w- c:\windows\system32\CSInstru.DLL 2010-08-29 17:18 . 2010-08-29 17:18 320512 ----a-w- c:\programdata\d3dx10_3732.dll 2010-08-27 19:24 . 2010-08-27 19:24 320512 ----a-w- c:\programdata\dmutil32.dll 2010-08-23 17:11 . 2010-08-23 17:11 -------- d-----w- c:\users\Lee\AppData\Local\AskToolbar 2010-08-23 17:10 . 2010-08-23 17:10 -------- d-----w- c:\users\Lee\Boris 2010-08-19 21:19 . 2010-08-19 21:19 -------- d-----w- c:\program files\Hornby Hobbies 2010-08-19 21:16 . 2010-08-19 21:18 -------- d-----w- c:\users\Lee\Hornby Virtual Railway Folder 2010-08-12 22:17 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 22:17 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 22:17 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 22:17 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 22:17 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 22:17 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 22:17 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 22:17 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 18:38 . 2010-08-05 18:38 -------- d-----w- c:\program files\MSECache 2010-08-03 19:26 . 2010-08-03 19:48 -------- d-----w- c:\users\Lee\Scanned Photos 2010-08-03 19:23 . 2010-08-03 19:23 -------- d-----w- c:\programdata\Ezprint 2010-08-03 19:22 . 2010-08-03 19:48 -------- d-----w- c:\program files\Lx_cats 2010-08-03 19:21 . 2007-01-30 06:32 118272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-01 18:52 . 2010-03-28 09:00 0 ----a-w- c:\users\Lee\AppData\Local\prvlcl.dat 2010-08-31 20:11 . 2009-10-08 17:07 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-31 20:05 . 2010-06-15 18:48 -------- d-----w- c:\program files\Ask.com 2010-08-28 20:52 . 2009-11-08 11:58 -------- d-----w- c:\programdata\avg9 2010-08-27 19:33 . 2009-05-26 09:35 -------- d-----w- c:\users\Lee\AppData\Roaming\FrostWire 2010-08-23 18:45 . 2010-04-04 10:44 -------- d-----w- c:\users\Lee\AppData\Roaming\PrimoPDF 2010-08-23 17:11 . 2010-05-10 20:07 -------- d-----w- c:\program files\Mozilla Firefox 3.5 2010-08-22 21:19 . 2006-12-08 07:52 -------- d-----w- c:\program files\Common Files\Java 2010-08-22 21:19 . 2006-12-08 07:52 -------- d-----w- c:\program files\Java 2010-08-22 12:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-21 17:27 . 2006-12-08 07:16 -------- d-----w- c:\programdata\Roxio 2010-08-03 19:23 . 2009-11-21 12:40 -------- d-----w- c:\program files\Lexmark 2300 Series 2010-07-26 21:29 . 2010-07-26 20:28 -------- d-----w- c:\program files\JDownloader 2010-07-17 04:00 . 2010-06-03 18:35 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-15 17:22 . 2009-05-17 00:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 17:22 . 2010-07-15 17:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 17:21 . 2009-05-17 00:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-07 20:48 . 2010-07-07 20:30 -------- d-----w- c:\users\Lee\AppData\Roaming\Sony 2010-07-07 20:44 . 2010-07-07 20:44 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-07-07 20:43 . 2010-07-07 20:38 -------- d-----w- c:\program files\Sony 2010-07-07 20:42 . 2010-07-07 20:42 10134 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe 2010-07-07 20:38 . 2010-07-07 20:38 -------- d-----w- c:\programdata\Sony Corporation 2010-07-07 20:30 . 2010-07-07 20:30 -------- d-----w- c:\users\Lee\AppData\Roaming\Sony Setup 2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll 2010-06-26 06:05 . 2010-08-12 22:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:18 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-12 18:02 . 2010-06-12 18:02 655360 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-12 18:02 . 2010-06-12 18:02 282624 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-12 18:02 . 2010-06-12 18:02 208896 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-06-11 16:16 . 2010-08-12 22:18 274944 ----a-w- c:\windows\system32\schannel.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-27 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744] "EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):71,fe,8b,42,62,27,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-08-29 266240] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-19 721904] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133330365-3398836651-270941216-1000Core.job - c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 20:46] 2010-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133330365-3398836651-270941216-1000UA.job - c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 20:46] 2010-09-01 c:\windows\Tasks\User_Feed_Synchronization-{B2F50987-206C-4FB5-A5AF-86099DE9C626}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.ask.com?o=14196&l=dis mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\users\Lee\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-01 20:05 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3133330365-3398836651-270941216-1000\Software\SecuROM\License information*] "datasecu"=hex:30,39,65,bc,cc,5d,93,9d,7f,3e,59,20,77,ea,8a,c0,8f,42,e5,0f,e0, d1,d8,2e,f7,54,57,ce,06,e8,e5,27,bf,a6,69,97,52,ba,83,c9,a2,ce,88,aa,00,a2,\ "rkeysecu"=hex:97,39,43,ff,2d,b0,71,fc,e5,c0,df,1c,82,2a,17,56 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2010-09-01 20:08:59 ComboFix-quarantined-files.txt 2010-09-01 19:08 ComboFix2.txt 2010-08-31 20:22 Pre-Run: 10,361,737,216 bytes free Post-Run: 9,553,588,224 bytes free - - End Of File - - DD2B772E2DDAF3DB6B259FF4BD31973A Upload was successful