ComboFix 12-04-01.01 - Prathamesh 02-04-2012 0:18.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.1013.417 [GMT 5.5:30] Running from: c:\users\Prathamesh\Downloads\Programs\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\bifrost c:\program files\bifrost\logg.dat . . ((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 ))))))))))))))))))))))))))))))) . . 2012-04-01 18:56 . 2012-04-01 18:56 -------- d-----w- c:\users\Prathamesh\AppData\Local\temp 2012-04-01 18:56 . 2012-04-01 18:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-01 15:52 . 2012-04-01 17:14 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C982091-729B-42FE-957C-7828A0BF67FD}\offreg.dll 2012-03-31 18:53 . 2012-03-31 18:53 -------- d-----w- c:\program files\GUM5995.tmp 2012-03-31 18:53 . 2012-03-31 18:53 3993600 ----a-w- c:\program files\GUT5996.tmp 2012-03-30 20:18 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8C982091-729B-42FE-957C-7828A0BF67FD}\mpengine.dll 2012-03-30 20:16 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-30 20:16 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 20:13 . 2012-02-17 05:34 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-03-30 20:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-30 20:13 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-30 20:13 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-30 18:52 . 2012-03-07 00:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-30 18:52 . 2012-03-07 00:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-30 18:52 . 2012-03-07 00:04 112984 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-03-30 18:51 . 2012-03-07 00:03 196440 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-03-30 18:51 . 2012-03-07 00:02 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-30 18:51 . 2012-03-07 00:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-30 18:51 . 2012-03-07 00:02 24408 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-03-30 18:51 . 2012-03-07 00:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-30 18:51 . 2012-03-07 00:01 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-30 18:50 . 2012-03-06 23:44 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys 2012-03-30 18:50 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-30 18:50 . 2012-03-07 00:15 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-30 18:47 . 2012-03-30 18:47 -------- d-----w- c:\users\Prathamesh\AppData\Roaming\SkyMonk 2012-03-30 18:46 . 2012-03-30 19:13 -------- d-----w- c:\program files\Mail.Ru 2012-03-29 06:00 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-29 06:00 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-29 06:00 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr 2012-03-21 19:53 . 2012-03-21 19:53 -------- d-----w- c:\users\Prathamesh\AppData\Local\Xenocode 2012-03-21 18:26 . 2012-03-29 18:41 -------- d-----w- c:\programdata\Avira 2012-03-19 09:13 . 2012-03-19 09:13 -------- d-----w- c:\users\Prathamesh\AppData\Roaming\GRETECH 2012-03-16 17:41 . 2012-03-16 17:41 -------- d-----w- c:\program files\Microsoft Works 2012-03-16 17:37 . 2012-03-16 17:37 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-03-16 17:32 . 2012-03-16 17:32 -------- d-----r- C:\MSOCache 2012-03-10 08:01 . 2012-03-10 08:02 -------- d-----w- c:\program files\Recuva 2012-03-10 07:39 . 2012-03-10 07:39 -------- d-----w- C:\BigFishGamesCache 2012-03-09 19:31 . 2012-03-09 19:31 -------- d-----w- C:\Intel 2012-03-09 19:31 . 2012-03-09 19:31 -------- d-----w- C:\dell 2012-03-09 19:18 . 2012-03-09 19:18 -------- d-----w- c:\windows\Java 2012-03-09 19:18 . 2007-09-15 09:41 27136 ----a-w- c:\windows\system32\PCWizard.cpl 2012-03-09 19:18 . 2012-03-09 19:18 -------- d-----w- c:\program files\PC Wizard 2008 2012-03-09 18:57 . 2012-03-09 18:57 -------- d-----w- c:\programdata\PC Drivers HeadQuarters 2012-03-09 18:47 . 2012-03-09 18:47 -------- d-----w- c:\programdata\Driver Tool 2012-03-08 08:50 . 2008-08-26 03:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-03-08 08:49 . 2012-03-08 08:50 -------- d-----w- c:\program files\PC Connectivity Solution 2012-03-08 07:54 . 2012-03-08 07:54 -------- d-----w- c:\users\Prathamesh\AppData\Roaming\pdfforge 2012-03-08 07:53 . 1998-06-23 19:30 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX 2012-03-08 07:53 . 2004-03-08 19:30 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX 2012-03-08 07:53 . 2001-10-28 12:12 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll 2012-03-08 07:53 . 1998-07-05 19:30 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL 2012-03-08 07:53 . 2012-03-08 07:55 -------- d-----w- c:\program files\PDFCreator 2012-03-03 18:20 . 2012-03-03 18:20 -------- d-----w- c:\program files\Common Files\Skype 2012-03-03 18:20 . 2012-03-30 19:14 -------- d-----r- c:\program files\Skype . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-01 17:11 . 2010-09-01 13:08 17488 ----a-w- c:\windows\gdrv.sys 2012-02-23 03:48 . 2010-12-07 14:14 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-14 03:35 . 2012-02-25 14:09 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-01-09 11:58 . 2012-01-09 11:58 8576 ----a-w- c:\windows\system32\drivers\nmwcdnsuc.sys 2012-01-09 11:58 . 2012-01-09 11:58 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2012-01-09 11:58 . 2012-01-09 11:58 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2012-01-09 11:58 . 2012-01-09 11:58 605696 ----a-w- c:\windows\system32\nmwcdcocls.dll 2012-01-09 11:58 . 2012-01-09 11:58 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2012-01-09 11:58 . 2012-01-09 11:58 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys 2012-01-09 11:58 . 2012-01-09 11:58 137600 ----a-w- c:\windows\system32\drivers\nmwcdnsu.sys 2012-01-09 11:58 . 2012-01-09 11:58 123904 ----a-w- c:\windows\system32\ccdcmbwu.dll 2012-01-09 11:58 . 2010-09-04 06:40 75264 ----a-w- c:\windows\system32\nmwcdcls.dll 2012-01-04 08:58 . 2012-02-25 14:09 442880 ----a-w- c:\windows\system32\ntshrui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-08-01 3417496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{b5cc4a6f-b5c7-11df-a3fa-806e6f6e6963}\bootwiz\asrm.bin . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-09-23 14:00 173592 ----a-w- c:\windows\System32\hkcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2011-08-01 01:55 3417496 ----a-w- c:\program files\Internet Download Manager\IDMan.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-09-23 14:00 141848 ----a-w- c:\windows\System32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-02-17 01:45 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 09:23 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-09-23 14:00 150552 ----a-w- c:\windows\System32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-02-15 08:05 17146504 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 07:36 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] 2010-03-27 10:36 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-15 158856] R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 136176] R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-01-09 137600] R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-01-09 8576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872] R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208] R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112] R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680] R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488] R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-01 1343400] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-03-06 12112] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-09-01 911680] S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-22 19496] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-09-01 2480048] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-03-07 134920] S2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\ESSVR.EXE [2009-03-02 68136] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-09-01 160704] S3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 32896] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464] . . Contents of the 'Scheduled Tasks' folder . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 07:57] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-30 07:57] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888005095-3702456125-497021380-1001Core.job - c:\users\Prathamesh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 17:27] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2888005095-3702456125-497021380-1001UA.job - c:\users\Prathamesh\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 17:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.mail.ru/cnt/9514 uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://in.yahoo.com/?fr=fp-spt_gen uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Prathamesh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk TCP: DhcpNameServer = 113.193.1.60 113.193.0.148 FF - ProfilePath - c:\users\Prathamesh\AppData\Roaming\Mozilla\Firefox\Profiles\bazaoyj8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb FF - prefs.js: browser.search.selectedEngine - mail.ru: Поиск в Интернете FF - prefs.js: browser.startup.homepage - hxxp://www.mail.ru/cnt/9514 FF - prefs.js: keyword.URL - hxxp://in.search.yahoo.com/search?ei=UTF-8&fr=ytff-ytbm&p= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file) MSConfigStartUp-LGODDFU - c:\program files\lg_fwupdate\fwupdate.exe MSConfigStartUp-MSIDLL - msieui32.dll MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE MSConfigStartUp-Startw3i - c:\program files\PC Speed Maximizer\Startw3i.exe AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="" "Device"="xrnJucq8yLy6z8fMzszNusjHvM8=" . [HKEY_USERS\S-1-5-21-2888005095-3702456125-497021380-1001_Classes\CLSID\{30f67bea-65b8-4291-b400-07ddac32e262}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:000000e2 "Therad"=dword:00000021 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-2888005095-3702456125-497021380-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):6e,2b,c4,78,a3,c9,55,7f,37,0f,15,b4,1c,cf,e4,29,83,08,b6,7d,b6, 40,67,63,8b,4b,b6,bc,15,57,13,ca,5a,ea,f9,5b,af,f9,29,95,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-02 00:29:11 ComboFix-quarantined-files.txt 2012-04-01 18:59 . Pre-Run: 7,008,198,656 bytes free Post-Run: 6,920,904,704 bytes free . - - End Of File - - A7F23D83EF7E224DD4D1CC6D9E6DBBD1