ComboFix 11-05-04.04 - Administrator 05/09/2011 18:43:04.10.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1285 [GMT -5:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\system32\arp.exe . . ((((((((((((((((((((((((( Files Created from 2011-04-09 to 2011-05-09 ))))))))))))))))))))))))))))))) . . 2011-05-09 23:57 . 2011-05-09 23:57 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-09 23:01 . 2011-05-09 23:30 -------- d-----w- c:\programdata\AVG10 2011-05-09 22:28 . 2011-05-09 23:22 -------- d-----w- c:\programdata\MFAData 2011-05-09 22:15 . 2011-05-09 22:15 11264 ----a-w- c:\windows\system32\drivers\uze4odq4.sys 2011-05-08 16:36 . 2011-05-09 22:20 -------- d-----w- c:\programdata\Kaspersky Lab 2011-05-07 23:30 . 2011-05-07 23:30 -------- d-----w- C:\_OTL 2011-05-06 23:48 . 2011-05-06 23:48 192512 --sha-w- c:\windows\system32\2mipd.dll 2011-04-27 03:53 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-27 03:53 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-27 03:52 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-04-18 11:01 . 2011-04-18 11:03 -------- d-----w- C:\4893a89d0c16b88045 2011-04-15 00:22 . 2011-05-07 04:31 -------- d-----w- c:\program files\World of Warcraft 2011-04-11 02:37 . 2011-04-12 03:46 -------- d-----w- C:\Fallout 3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-07 00:49 . 2010-05-30 20:05 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-03 15:40 . 2011-04-27 03:53 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40 . 2011-04-27 03:53 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40 . 2011-04-27 03:53 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40 . 2011-04-27 03:53 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-02-22 14:13 . 2011-03-23 00:33 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-02-22 13:33 . 2011-03-23 00:33 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-02-22 13:33 . 2011-03-23 00:33 797696 ----a-w- c:\windows\system32\FntCache.dll 2011-04-14 16:26 . 2011-05-07 01:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RayV"="c:\program files\RayV\RayV\RayV.exe" [2010-10-21 2839848] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] "Octoshape Streaming Services"="c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"="start http:" [X] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2010-11-30 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip] path=c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip backup=c:\windows\pss\CurseClientStartup.ccip.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-06-05 18:39 292136 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services] 2009-01-08 13:44 70936 ----a-w- c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] 2010-11-15 01:54 2975640 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 18:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\DRIVERS\dualshock3.sys [2008-11-22 11392] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408] R3 ute4odq4;AVZ Kernel Driver;c:\windows\system32\Drivers\ute4odq4.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-03 1029456] R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-12-09 365280] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-07-03 64160] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-09-23 207280] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-07-07 691696] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024] S1 uze4odq4;AVZ-RK Kernel Driver;c:\windows\system32\Drivers\uze4odq4.sys [2011-05-09 11264] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504] S3 rt61x86;RT61 Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr61.sys [2008-11-26 333824] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2011-05-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 06:22] . 2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500Core.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 23:57] . 2011-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500UA.job - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-27 23:57] . 2011-05-09 c:\windows\Tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job - c:\windows\system32\msfeedssync.exe [2011-04-14 04:43] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) SafeBoot-klmdb.sys MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Administrator\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-09 18:58 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi] "ImagePath"="system32\Drivers\atapi.tsk" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,dd,76,98,05,d5,c3,48,b4,54,a0,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,64,dd,76,98,05,d5,c3,48,b4,54,a0,\ . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aif" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aifc" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.aiff" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cda" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.cdda" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dds\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\PaintDotNet.exe" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\Winword.exe" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipa" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipg" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.ipsw" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itb" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itdb" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itl" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itms" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.itpc" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (Administrator) "Progid"="jpegfile" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m3u8" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4a" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4b" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4p" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.m4r" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp2" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.mp3" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nif\UserChoice] @Denied: (2) (Administrator) "Progid"="NetImmerseFile" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pcast" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdn\UserChoice] @Denied: (2) (Administrator) "Progid"="Paint.NET.1" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.pls" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SC2Replay\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\wmplayer.exe" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wav" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice] @Denied: (2) (Administrator) "Progid"="iTunes.wave" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv_e_1233158593_h_1d47b86e8c89d78c2aba9216bd2a5e7a\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\vlc.exe" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3460322775-3498566274-224670622-500\Software\SecuROM\License information*] "datasecu"=hex:1b,bd,fd,63,87,e2,e4,97,ad,4b,e6,2c,8a,7e,af,3b,cc,49,4b,d8,71, 71,5a,dc,d8,5f,34,7a,7a,fd,d3,52,e6,c5,fe,4a,7d,ad,22,71,43,50,59,e2,33,18,\ "rkeysecu"=hex:82,c3,15,4f,bb,1d,3b,7f,84,f5,53,93,76,d6,d1,ff . Completion time: 2011-05-09 19:01:38 ComboFix-quarantined-files.txt 2011-05-10 00:01 . Pre-Run: 81,925,148,672 bytes free Post-Run: 80,809,111,552 bytes free . Current=1 Default=1 Failed=0 LastKnownGood=40 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40 - - End Of File - - 17ABBF8FD053A2A1D971991B19F490F3