.
------- Supplementary Scan -------
.
uStart Page = hxxp://p5i/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
Trusted Zone: cdc.root\*.swg
Trusted Zone: cdcsoftware.com
Trusted Zone: cdcsoftware.com\cdcnet
Trusted Zone: pivotal.local\*.corporate
Trusted Zone: rossinc.com
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {1B0375B5-1A57-4684-BDF5-4D2E68A7EF4A} - hxxp://p5i/epower/cab/RDACLNT.CAB
DPF: {28E4BE08-1C25-4CE4-A9AA-3495A9D08C8E} - hxxp://p5i/epower/cab/RSHORTCUT.CAB
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn100.cdcsoftware.com/+CSCOL+/relayp.cab
DPF: {2AEC967B-BE2B-4D88-BB4E-C25F26B96CB0} - hxxp://p5i/epower/cab/RDAPRTL.CAB
DPF: {3D7C60CF-3CA3-4EEF-8FDE-F3903709834B} - hxxp://p5i/epower/cab/RDARPRT.CAB
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://67.220.116.100/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6B231775-289F-4869-9120-FD6BEF3FEE7F} - hxxp://p5i/epower/cab/RDACHART.CAB
DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} - hxxp://p5i/ePower/reporting/viewer/activeXViewer/activeXViewer.cab
DPF: {855F294B-12F9-48A5-866C-24DD77569C9E} - hxxp://p5i/epower/cab/RDAPREFS.CAB
DPF: {876DEC9E-28E9-4FE0-8ACD-CE107F9ACD1E} - hxxp://p5i/epower/cab/RDARES.CAB
DPF: {8B777F7B-E3F0-496F-AEAC-EF9169C0A341} - hxxp://p5i/epower/cab/RDAEMAIL.CAB
DPF: {A4BD9732-328D-11D4-BB89-00A0C9843488} - hxxp://p5i/epower/cab/RN1SENDX.CAB
DPF: {A7977C3E-1450-4990-977D-9C5522B1E6DD} - hxxp://p5i/epower/cab/RdaObjCreate.cab
DPF: {AA8C5893-5EFD-4C62-BBFF-8D93DAF98989} - hxxp://p5i/epower/cab/RDALETEX.CAB
DPF: {AE4F48D0-6A0A-11D3-9FB0-005004A79108} - hxxp://p5i/epower/cab/DFOUTILS.CAB
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.90/WebSlingPlayer.cab
DPF: {BB89F812-072A-45E9-BEB2-2781D468F4E0} - hxxp://p5i/epower/cab/RDASHARE.CAB
DPF: {D2A79F4E-98D9-4B65-9858-A7A1A3DCF872} - hxxp://p5i/epower/cab/RdaUI.cab
DPF: {F04A1320-72C4-11D3-9FB7-005004A79108} - hxxp://updates.pivotal.com/cab/DFOGENRL.CAB
DPF: {FE89A9AA-862D-4D48-81BB-2A1A5590955C} - hxxp://p5i/epower/cab/RDAUISTATICLISTS.CAB
.
.
------- File Associations -------
.
.txt=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f7,98,7e,98,83,97,27,4b,a3,db,8a,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
"MtuAdjustment"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(952)
c:\program files\Namescape\myPassword GINA\myPassword_GINA.DLL
.
Completion time: 2010-10-05 08:54:47
ComboFix-quarantined-files.txt 2010-10-05 13:54
ComboFix2.txt 2010-10-05 12:49
Pre-Run: 9,822,998,528 bytes free
Post-Run: 9,806,729,216 bytes free
- - End Of File - - B0D92A0C8E5E0AD722D9E611467F24EB