ComboFix 12-06-13.01 - Danial 13/06/2012 20:53:22.1.2 - x86 Running from: c:\users\Danial\Desktop\ComboFix.exe * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Danial\AppData\Roaming\IDM\idmmzcc3 c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\chrome.manifest c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\install.js c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\install.rdf c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa c:\users\Danial\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf c:\windows\system32\KBL.LOG c:\windows\system32\service c:\windows\system32\service\01062010_TIS17_SfFniAU.log c:\windows\system32\service\01122010_TIS17_SfFniAU.log c:\windows\system32\service\02112010_TIS17_SfFniAU.log c:\windows\system32\service\03042010_TIS17_SfFniAU.log c:\windows\system32\service\03062010_TIS17_SfFniAU.log c:\windows\system32\service\03122009_TIS17_SfFniAU.log c:\windows\system32\service\04062012_TIS17_SfFniAU.log c:\windows\system32\service\04122009_TIS17_SfFniAU.log c:\windows\system32\service\05022010_TIS17_SfFniAU.log c:\windows\system32\service\05022011_TIS17_SfFniAU.log c:\windows\system32\service\06032010_TIS17_SfFniAU.log c:\windows\system32\service\06042011_TIS17_SfFniAU.log c:\windows\system32\service\06122009_TIS17_SfFniAU.log c:\windows\system32\service\07052010_TIS17_SfFniAU.log c:\windows\system32\service\07122009_TIS17_SfFniAU.log c:\windows\system32\service\08022010_TIS17_SfFniAU.log c:\windows\system32\service\08032009_TIS17_SfFniAU.log c:\windows\system32\service\08112009_TIS17_SfFniAU.log c:\windows\system32\service\08122011_TIS17_SfFniAU.log c:\windows\system32\service\10022011_TIS17_SfFniAU.log c:\windows\system32\service\11022010_TIS17_SfFniAU.log c:\windows\system32\service\12012011_TIS17_SfFniAU.log c:\windows\system32\service\12082010_TIS17_SfFniAU.log c:\windows\system32\service\12122010_TIS17_SfFniAU.log c:\windows\system32\service\13042009_TIS17_SfFniAU.log c:\windows\system32\service\13042011_TIS17_SfFniAU.log c:\windows\system32\service\14012011_TIS17_SfFniAU.log c:\windows\system32\service\14022010_TIS17_SfFniAU.log c:\windows\system32\service\14052009_TIS17_SfFniAU.log c:\windows\system32\service\14062009_TIS17_SfFniAU.log c:\windows\system32\service\15022010_TIS17_SfFniAU.log c:\windows\system32\service\15052011_TIS17_SfFniAU.log c:\windows\system32\service\15082009_TIS17_SfFniAU.log c:\windows\system32\service\15122010_TIS17_SfFniAU.log c:\windows\system32\service\16092009_TIS17_SfFniAU.log c:\windows\system32\service\17052011_TIS17_SfFniAU.log c:\windows\system32\service\17062010_TIS17_SfFniAU.log c:\windows\system32\service\17072010_TIS17_SfFniAU.log c:\windows\system32\service\17102009_TIS17_SfFniAU.log c:\windows\system32\service\18022010_TIS17_SfFniAU.log c:\windows\system32\service\18032012_TIS17_SfFniAU.log c:\windows\system32\service\18052009_TIS17_SfFniAU.log c:\windows\system32\service\18062010_TIS17_SfFniAU.log c:\windows\system32\service\18122010_TIS17_SfFniAU.log c:\windows\system32\service\19022011_TIS17_SfFniAU.log c:\windows\system32\service\19052011_TIS17_SfFniAU.log c:\windows\system32\service\19092010_TIS17_SfFniAU.log c:\windows\system32\service\19122009_TIS17_SfFniAU.log c:\windows\system32\service\20012011_TIS17_SfFniAU.log c:\windows\system32\service\20052009_TIS17_SfFniAU.log c:\windows\system32\service\20062010_TIS17_SfFniAU.log c:\windows\system32\service\21032010_TIS17_SfFniAU.log c:\windows\system32\service\21062010_TIS17_SfFniAU.log c:\windows\system32\service\21102010_TIS17_SfFniAU.log c:\windows\system32\service\22012011_TIS17_SfFniAU.log c:\windows\system32\service\22092011_TIS17_SfFniAU.log c:\windows\system32\service\23062010_TIS17_SfFniAU.log c:\windows\system32\service\23102010_TIS17_SfFniAU.log c:\windows\system32\service\23112010_TIS17_SfFniAU.log c:\windows\system32\service\24012010_TIS17_SfFniAU.log c:\windows\system32\service\24012011_TIS17_SfFniAU.log c:\windows\system32\service\24032010_TIS17_SfFniAU.log c:\windows\system32\service\24052009_TIS17_SfFniAU.log c:\windows\system32\service\24062011_TIS17_SfFniAU.log c:\windows\system32\service\25022012_TIS17_SfFniAU.log c:\windows\system32\service\25032011_TIS17_SfFniAU.log c:\windows\system32\service\26032010_TIS17_SfFniAU.log c:\windows\system32\service\27012012_TIS17_SfFniAU.log c:\windows\system32\service\27062010_TIS17_SfFniAU.log c:\windows\system32\service\27082009_TIS17_SfFniAU.log c:\windows\system32\service\27122009_TIS17_SfFniAU.log c:\windows\system32\service\28122009_TIS17_SfFniAU.log c:\windows\system32\service\30052010_TIS17_SfFniAU.log c:\windows\system32\service\30092010_TIS17_SfFniAU.log c:\windows\system32\service\30122009_TIS17_SfFniAU.log c:\windows\system32\service\31052010_TIS17_SfFniAU.log c:\windows\system32\service\31102010_TIS17_SfFniAU.log . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 13:02 . 2012-06-13 13:02 -------- d-----w- c:\users\Guest\AppData\Local\temp 2012-06-13 13:02 . 2012-06-13 13:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-13 05:06 . 2012-06-13 05:06 -------- d-----w- C:\_OTL 2012-06-07 21:28 . 2012-06-07 21:28 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-07 21:27 . 2012-06-07 21:28 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-04 15:08 . 2012-06-04 15:08 476960 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-06-04 13:04 . 2012-06-13 13:04 -------- d-----w- c:\windows\system32\wbem\repository 2012-06-04 09:18 . 2012-06-04 09:18 -------- d-----w- C:\found.001 2012-06-03 09:51 . 2012-06-03 17:06 102400 ----a-w- c:\windows\RegBootClean.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-04 15:08 . 2010-04-25 16:59 472864 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-03 22:05 . 2008-11-14 18:11 22032 ----a-w- c:\windows\DCEBoot.exe 2012-05-31 02:20 . 2012-05-02 20:21 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-31 02:20 . 2011-05-15 18:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-04 07:56 . 2008-09-26 15:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-07 21:27 . 2011-11-09 17:39 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-09-29 842816] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] . c:\users\Danial\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-8-2 3450608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-6 727592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli DPPWDFLT . [HKLM\~\startupfolder\C:^Users^Danial^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MediaRing Talk.lnk] backup=c:\windows\pss\MediaRing Talk.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress] NA [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-12-11 07:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-21 17:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] 2010-06-28 14:50 75048 ------w- c:\program files\CyberLink\Shared Files\brs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2008-12-19 12:30 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer] 2010-06-25 05:49 107816 ----a-w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2007-03-29 23:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-04-04 07:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2011-01-07 13:06 3597416 ----a-w- c:\windows\System32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2011-01-07 13:06 111208 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay] 2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] 2007-09-19 22:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] 2007-10-01 03:34 181544 ----a-w- c:\program files\HP\QuickPlay\QPService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-03-28 15:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] 2010-02-02 16:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-01-18 06:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu] 2007-08-17 07:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2006-06-29 23:42 707376 ----a-w- c:\windows\vVX1000.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management] 2006-11-02 09:45 215552 ----a-w- c:\windows\WindowsMobile\wmdSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] 2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-424710027-3257723918-3237088834-1008] "EnableNotificationsRef"=dword:00000007 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 04:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] 2008-04-11 09:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe . Contents of the 'Scheduled Tasks' folder . 2012-04-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 12:39] . 2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 19:29] . 2012-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-02 19:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_my&c=81&bd=Pavilion&pf=laptop uInternet Settings,ProxyServer = 10.10.10.1:808 uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{F263FA81-AEBC-4449-B849-3915DE43E213}: NameServer = 8.8.8.8,8.8.4.4 DPF: {286A75C3-11FB-4FB4-AC4A-4DD1B0750050} - hxxps://accesscontrol.citibank.co.kr/acsapp/initech/plugin/down_ie8/INIS60.cab DPF: {288CED07-83F7-4077-A3A6-FED1A1707B97} - hxxp://gorealradown.sbs.co.kr/streamer/AFCSbsStarter.cab DPF: {2DCB00FB-3485-486B-BD41-C49AD605264D} - hxxp://www.epost.go.kr/comm/easykeytec/easykeytec.cab DPF: {36E5F486-B4EF-4D21-85E0-C58EBAA81A30} - hxxp://app.gomtv.com/ce/gomtvax/bin/GOMTVAXCSETUP.EXE.CAB DPF: {4E60FDC9-25C0-425F-B72B-04347474CFC4} - hxxp://conting.sbs.co.kr/service/Conting.CAB DPF: {61FDA6C5-3F5D-44D9-9CED-1D7AC727ACE0} - hxxp://touch.imbc.com/ActiveX/Pointory/CueControl2.ocx DPF: {99C709C7-4F58-46C1-855B-90213C760395} - hxxps://secure.kcp.co.kr/webpay/v3d/file/kcp_ansimclick.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab DPF: {F6E7ECCE-6E60-4681-8D9B-4BBC12A07110} - hxxp://www.gmarket.co.kr/challenge/neo_goods/dlls/GWall_1800_Vista/GWall.cab DPF: {F80BB403-10B0-4EA3-885D-308B56B66C39} - hxxp://touch.imbc.com/ActiveX/iMBCOnlineService.cab DPF: {FE9CE737-7BA6-451D-A4E0-EB4599D46FD6} - hxxp://www.melon.com/cab/MelonActiveXInstaller.cab FF - ProfilePath - c:\users\Danial\AppData\Roaming\Mozilla\Firefox\Profiles\enphe0jz.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-hpqSRMon - (no file) HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-424710027-3257723918-3237088834-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{64E4CEA5-EAF2-CC1F-EA42-8E20C87DDD63}*] "nahpbfapfphmfnjofgaikacmpadp"=hex:69,61,6a,64,6f,6e,64,6d,62,61,6f,70,6f,64, 63,61,62,6a,00,00 "oajapgipghcoijhekkghappaomdnhj"=hex:6a,61,66,64,6d,6c,68,6d,70,66,62,64,6f,6f, 6b,63,6a,6f,67,6c,00,00 "abfbbfgoipcnaadoelijipnphpondlbohb"=hex:67,61,6a,6f,63,6d,62,6b,70,6a,70,6d, 70,66,00,02 "magbaecnfbjfilkkpagelefnpe"=hex:66,61,6a,6f,64,6d,64,62,68,61,65,63,00,00 . [HKEY_USERS\S-1-5-21-424710027-3257723918-3237088834-1008\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) "datasecu"=hex:bd,8d,d8,ce,6c,84,f2,bf,58,9e,fc,77,bd,1b,06,93,40,d6,bc,92,bb, 69,d9,94,dc,d8,7a,b0,5d,73,f4,24,02,54,7d,ab,6b,3a,81,11,43,83,df,f5,44,18,\ "rkeysecu"=hex:58,65,b2,22,b9,6e,56,35,c5,c0,3a,3d,d1,72,e7,30 . [HKEY_USERS\S-1-5-21-424710027-3257723918-3237088834-1008_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):3c,4b,d6,ce,c2,d1,c2,59,92,58,ad,11,08,c7,ef,a9,e0,92,33,e6,17, 76,bc,f8,f3,ec,27,7d,d3,c3,f1,4c,ec,7a,e6,f4,c1,c7,5e,9e,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-424710027-3257723918-3237088834-1008_Classes\CLSID\{ca8c604d-0a57-4480-83e7-1a2f494066eb}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000002e "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:0000006c . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(672) c:\windows\system32\DPPWDFLT.dll . - - - - - - - > 'Explorer.exe'(4808) c:\program files\Stardock\ObjectDock\DockShellHook.dll c:\program files\DigitalPersona\Bin\DpoFeedb.dll c:\windows\system32\btmmhook.dll c:\program files\DigitalPersona\Bin\DpoSet.dll c:\windows\system32\btncopy.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Fingerprint Sensor\AtService.exe c:\windows\system32\nvvsvc.exe c:\program files\DigitalPersona\Bin\DpHostW.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Raxco\PerfectDisk\PDAgent.exe c:\windows\system32\PnkBstrA.exe c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\program files\NVIDIA Corporation\Display\NvXDSync.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe c:\windows\system32\conime.exe c:\windows\ehome\ehmsas.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\Shared\HpqToaster.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Trend Micro\Internet Security\TmPfw.exe c:\program files\Trend Micro\Internet Security\TmProxy.exe c:\program files\Raxco\PerfectDisk\PDAgentS1.exe c:\program files\Google\Update\1.3.21.111\GoogleCrashHandler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\Trend Micro\BM\TMBMSRV.exe . ************************************************************************** . Completion time: 2012-06-13 21:11:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-13 13:11 . Pre-Run: 2,401,411,072 bytes free Post-Run: 2,700,591,104 bytes free . - - End Of File - - 4A1EDFAF6B36CB21E1B054D0BE5D3D1B