ComboFix 12-08-13.01 - sanja 13/08/2012  18:34:24.3.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.3963.2258 [GMT -4:00]
Running from: c:\users\sanja\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-13 to 2012-08-13  )))))))))))))))))))))))))))))))
.
.
2012-08-13 23:55 . 2012-08-13 23:55	--------	d-----w-	c:\users\sanja\AppData\Local\temp
2012-08-13 23:55 . 2012-08-13 23:55	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-08-13 23:55 . 2012-08-13 23:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-13 18:43 . 2012-08-13 18:43	--------	d-----w-	C:\_OTL
2012-08-13 17:57 . 2012-08-13 17:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-13 17:57 . 2012-07-03 17:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-13 03:10 . 2012-08-13 03:10	--------	d-----w-	c:\users\sanja\AppData\Roaming\SUPERAntiSpyware.com
2012-08-13 03:10 . 2012-08-13 03:10	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-08-13 03:10 . 2012-08-13 03:10	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-08-13 02:12 . 2012-08-13 02:12	476976	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-05 21:54 . 2012-07-23 19:59	24960	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2012-08-02 23:30 . 2012-08-02 23:30	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2012-08-02 23:27 . 2012-08-02 23:27	--------	d-----w-	c:\programdata\IObit
2012-08-02 23:27 . 2012-08-02 23:27	--------	d-----w-	c:\users\sanja\AppData\Roaming\IObit
2012-08-02 23:27 . 2012-08-02 23:27	--------	d-----w-	c:\program files (x86)\IObit
2012-07-27 00:12 . 2012-07-27 00:12	--------	d-----w-	c:\users\sanja\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
2012-07-27 00:02 . 2012-07-27 00:02	--------	d-----w-	c:\users\sanja\AppData\Local\Macromedia
2012-07-26 23:50 . 2012-08-03 01:09	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-26 23:50 . 2012-07-26 23:50	--------	d-----w-	c:\windows\system32\Macromed
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-13 02:12 . 2010-07-14 19:48	472880	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-03 01:09 . 2011-09-04 16:05	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 02:04 . 2006-11-02 12:35	59701280	----a-w-	c:\windows\system32\mrt.exe
2012-06-25 20:04 . 2012-06-25 20:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-13 13:58 . 2012-07-12 02:03	2769408	----a-w-	c:\windows\system32\win32k.sys
2012-06-08 17:59 . 2012-07-11 20:28	12899840	----a-w-	c:\windows\system32\shell32.dll
2012-06-05 16:47 . 2012-07-11 20:28	1401856	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-05 16:47 . 2012-07-11 20:28	1248768	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-05 16:22 . 2012-07-11 20:28	1797120	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:22 . 2012-07-11 20:28	1869824	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:29 . 2012-07-11 20:28	516480	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 20:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 20:20	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 20:20	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 20:20	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 20:19	35864	----a-w-	c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 20:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 20:19	577048	----a-w-	c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 20:20	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 20:19	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 20:19	88576	----a-w-	c:\windows\SysWow64\wudriver.dll
2012-06-02 19:19 . 2012-06-22 20:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:19 . 2012-06-22 20:19	171904	----a-w-	c:\windows\SysWow64\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 20:19	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 19:12 . 2012-06-22 20:19	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2012-06-02 00:22 . 2012-07-11 20:28	347136	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:22 . 2012-07-11 20:28	254464	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 00:05 . 2012-07-11 20:28	77312	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 00:04 . 2012-07-11 20:28	278528	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 00:03 . 2012-07-11 20:28	204288	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-05-31 16:25 . 2010-03-22 01:28	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-31 04:04 . 2012-07-06 13:27	9013136	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{412849A8-A463-4935-ADAA-868D51D6F98B}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\ERDNT\cache64\services.exe
[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe
[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe
.
(((((((((((((((((((((((((((((   SnapShot_2012-08-13_21.05.24   )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 12:46 . 2012-08-13 19:22	603282              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-13 21:12	603282              c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-08-13 21:12	106696              c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-08-13 19:22	106696              c:\windows\system32\perfc009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"BitTorrent DNA"="c:\users\sanja\Program Files (x86)\DNA\btdna.exe" [2009-11-07 323392]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-21 68856]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-01-02 198160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\sanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 01:09]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 13:34]
.
2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b89ea438-9161-45ca-8632-bcf2363f0534.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c9c71027-d5d9-4ca5-8a6a-d7735a8d2203.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1216808]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 64.71.255.198
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\sanja\AppData\Roaming\Mozilla\Firefox\Profiles\q2dgay51.default\
FF - prefs.js: browser.search.selectedEngine - WiseConvert Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3196716&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3196716&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-08-13  19:58:54
ComboFix-quarantined-files.txt  2012-08-13 23:58
ComboFix2.txt  2012-08-13 21:16
ComboFix3.txt  2011-12-29 22:04
ComboFix4.txt  2011-06-06 00:00
.
Pre-Run: 178,176,921,600 bytes free
Post-Run: 177,393,860,608 bytes free
.
- - End Of File - - C183E9D47B8CAD8AAE239AA0029A0CE4