Please see the combofix log below:
ComboFix 12-02-24.02 - Mark 26/02/2012 3:03.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3326.2934 [GMT 0:00]
Running from: c:\users\Mark\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\cmdline.cfg
c:\program files\3
c:\program files\3\3Connect\3ConnectHelp.chm
c:\program files\3\3Connect\AceDb.encrypt
c:\program files\3\3Connect\AutoRun.dat
c:\program files\3\3Connect\AutoUpdateSrv.exe
c:\program files\3\3Connect\birdstepping.cmd
c:\program files\3\3Connect\BlackListedDev.cfg
c:\program files\3\3Connect\BlacklistedProcesses.xml
c:\program files\3\3Connect\browsing1.html
c:\program files\3\3Connect\capicom.dll
c:\program files\3\3Connect\checkdata_online.html
c:\program files\3\3Connect\CiscoApiWrapper.dll
c:\program files\3\3Connect\Config.encrypt
c:\program files\3\3Connect\Config.xml
c:\program files\3\3Connect\Config_23420.encrypt
c:\program files\3\3Connect\Config_23420.xml
c:\program files\3\3Connect\Config_27205.encrypt
c:\program files\3\3Connect\Config_27205.xml
c:\program files\3\3Connect\Config_Default.encrypt
c:\program files\3\3Connect\Config_Default.xml
c:\program files\3\3Connect\ConfigAup.encrypt
c:\program files\3\3Connect\ConfigAup.xml
c:\program files\3\3Connect\connecting1.html
c:\program files\3\3Connect\Content.css2
c:\program files\3\3Connect\Convert.xsl
c:\program files\3\3Connect\datausageguide1.html
c:\program files\3\3Connect\DeviceInstaller.exe
c:\program files\3\3Connect\Devices.xml
c:\program files\3\3Connect\Dialog.cfg
c:\program files\3\3Connect\ejectdisk.exe
c:\program files\3\3Connect\endpoint.css
c:\program files\3\3Connect\endpoint2.css
c:\program files\3\3Connect\Flash.ocx
c:\program files\3\3Connect\homepage1.html
c:\program files\3\3Connect\HuaweiE220.dll
c:\program files\3\3Connect\HuaweiE620.dll
c:\program files\3\3Connect\ImportConfiguration.exe
c:\program files\3\3Connect\incompatiblesoft.htm
c:\program files\3\3Connect\Instalhelper.log
c:\program files\3\3Connect\InstallHelpers.dll
c:\program files\3\3Connect\LanDevice.dll
c:\program files\3\3Connect\live.css
c:\program files\3\3Connect\Logger.dll
c:\program files\3\3Connect\mbbhelp.chm
c:\program files\3\3Connect\mfc80u.dll
c:\program files\3\3Connect\Microsoft.VC80.CRT.manifest
c:\program files\3\3Connect\Microsoft.VC80.MFC.manifest
c:\program files\3\3Connect\modemcust.cfg
c:\program files\3\3Connect\modeminfo.cfg
c:\program files\3\3Connect\Modems\ZTE_MF6X6_USB_MODEM_1.2050.0.6.exe
c:\program files\3\3Connect\msvcp80.dll
c:\program files\3\3Connect\msvcr80.dll
c:\program files\3\3Connect\NetworkCodes.cfg
c:\program files\3\3Connect\OperatorList.xml
c:\program files\3\3Connect\OptGlobetrotterGTMax72.dll
c:\program files\3\3Connect\PatchInfo.ini
c:\program files\3\3Connect\ping1.html
c:\program files\3\3Connect\pingtest.JPG
c:\program files\3\3Connect\proxy.JPG
c:\program files\3\3Connect\Res.dll
c:\program files\3\3Connect\Roaming\RoamingPrice_23420.ini
c:\program files\3\3Connect\Skins\FlashSkin\gui.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\account.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_main.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\exit.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\globe.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\graph.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\minimize.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\roaming.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\signal.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\sms.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml
c:\program files\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\banner.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\config.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\signal.swf
c:\program files\3\3Connect\Skins\FlexSkin\assets\strings.xml
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png
c:\program files\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png
c:\program files\3\3Connect\Skins\FlexSkin\gui.swf
c:\program files\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf
c:\program files\3\3Connect\Sms.xml
c:\program files\3\3Connect\SmsApp2.dll
c:\program files\3\3Connect\SoftOpt.encrypt
c:\program files\3\3Connect\startup.exe
c:\program files\3\3Connect\Strings.txt
c:\program files\3\3Connect\SwiApiInterface.dll
c:\program files\3\3Connect\SwiApiMux.exe
c:\program files\3\3Connect\SwiCardDetect.dll
c:\program files\3\3Connect\SysConfig.dat
c:\program files\3\3Connect\SystemInfo.txt
c:\program files\3\3Connect\topup.html
c:\program files\3\3Connect\Update\ConfigAup.encrypt
c:\program files\3\3Connect\Update\ConfigAup.xml
c:\program files\3\3Connect\Wilog.exe
c:\program files\3\3Connect\WilogApp.exe
c:\program files\3\3Connect\WWanDevice.dll
c:\program files\3\3Connect\ZTE_MF636_startup.exe
c:\program files\3\3Connect\ZTE620.dll
c:\program files\INSTALL.LOG
c:\users\Mark\Documents\~WRL0002.tmp
c:\users\Mark\Documents\~WRL0004.tmp
c:\users\Mark\Documents\~WRL3743.tmp
c:\users\Mark\Documents\~WRL3991.tmp
c:\windows\$NtUninstallKB32240$\1873154646\cfg.ini
c:\windows\system32\AutoRun.inf
F:\install.exe
c:\windows\$NtUninstallKB32240$ . . . . Failed to delete
.
c:\windows\system32\drivers\netbt.sys was missing
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy8_!Windows!System32!drivers!netbt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-01-26 to 2012-02-26 )))))))))))))))))))))))))))))))
.
.
2012-02-26 03:15 . 2012-02-26 03:20 -------- d-----w- c:\users\Mark\AppData\Local\temp
2012-02-26 03:15 . 2012-02-26 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\users\Mark\AppData\Roaming\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\programdata\Malwarebytes
2012-02-24 22:59 . 2012-02-24 22:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-24 22:59 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-24 22:14 . 2011-12-15 06:21 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-22 00:17 . 2012-02-22 01:09 -------- d-----w- c:\users\UpdatusUser
2012-02-22 00:15 . 2012-02-10 04:13 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-22 00:15 . 2012-02-10 04:13 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-22 00:15 . 2012-02-10 04:13 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-22 00:15 . 2012-02-10 04:13 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-22 00:15 . 2012-02-10 04:13 19443520 ----a-w- c:\windows\system32\nvoglv32.dll
2012-02-22 00:15 . 2012-02-10 04:13 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-22 00:15 . 2012-02-10 04:13 10816832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-02-17 22:47 . 2012-02-17 22:47 -------- d-----w- c:\users\Mark\AppData\Roaming\AVG2012
2012-02-17 22:44 . 2012-02-25 03:09 -------- d-----w- c:\programdata\AVG2012
2012-02-17 20:58 . 2012-02-25 02:42 -------- d-----w- c:\programdata\MFAData
2012-02-14 20:06 . 2012-02-17 20:29 -------- d-----w- c:\users\Mark\AppData\Roaming\Usukmo
2012-02-14 20:06 . 2012-02-14 20:06 -------- d-----w- c:\users\Mark\AppData\Roaming\Mywara
2012-02-12 11:17 . 2012-02-17 14:51 -------- d-----w- c:\users\Mark\AppData\Roaming\Aktuot
2012-02-12 11:17 . 2012-02-12 11:37 -------- d-----w- c:\users\Mark\AppData\Roaming\Xete
2012-02-11 23:20 . 2012-02-25 10:10 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-09 20:05 . 2012-02-09 20:05 416064 ----a-w- c:\windows\system32\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-24 22:55 . 2010-09-11 16:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-10 04:13 . 2011-10-17 02:10 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:13 . 2011-10-17 02:10 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:13 . 2011-02-23 01:57 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-10 04:13 . 2009-06-10 17:33 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:13 . 2009-06-10 17:33 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-10 03:02 . 2011-02-23 00:40 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:00 . 2011-02-23 00:39 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-10 03:00 . 2011-02-23 00:38 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-10 03:00 . 2011-02-23 00:38 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-10 03:00 . 2009-06-10 08:34 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-01-12 19:52 . 2012-02-24 22:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 06:22 . 2012-02-24 22:14 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-02 15:15 . 2011-06-17 13:47 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 68856]
"Steam"="f:\program files\Steam\steam.exe" [2011-08-02 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Impulse Now.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-9 2042088]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\WG311v3.exe [2005-8-31 1691648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Update Agent.lnk
backup=c:\windows\pss\Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-10 09:02 216520 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-11-04 11:40 2087424 ----a-w- c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
qmofiltr
pserve
vmparport
k750mdfl
delldmi
knobserv
tvtpktfilter
datasvr2
amdk77
clsched
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-23 07:15]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 22:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.bbc.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mod.uk\
www.westminster
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\yqgk2812.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/|
http://www.hotmail.com/|http://www.facebook.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
AddRemove-Fallout Mod Manager_is1 - c:\program files\steam\steamapps\common\fallout 3\fomm\uninstall\unins000.exe
AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files\Common Files\BioWare\Uninstall Mass Effect 2.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:95,f0,cb,53,9a,96,d9,c6,ad,ef,7c,3c,7e,8b,6b,a3,ff,28,9d,b4,75,d4,82,
26,15,8f,b4,41,79,6c,09,51,8c,9d,91,01,67,9b,86,e0,74,e9,a2,47,79,c5,f6,54,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-1867690454-3942458551-2479712260-1000\Software\SecuROM\License information*]
"datasecu"=hex:a5,92,72,63,87,4c,26,d5,74,ef,71,ff,4a,aa,92,e9,20,64,f7,bc,f8,
32,3b,d6,50,cc,b4,51,90,1d,35,56,e8,e2,2e,e2,dd,d9,c4,a7,e9,d2,7b,27,af,d3,\
"rkeysecu"=hex:1e,ae,06,95,0e,65,8d,3b,aa,24,d6,13,54,d5,ef,7b
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\system32\wbem\unsecapp.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2012-02-26 03:26:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-26 03:25
.
Pre-Run: 38,793,306,112 bytes free
Post-Run: 38,562,734,080 bytes free
.
- - End Of File - - A677ADA0F2097407EC75804B713FEC3F