rendered paste bodyComboFix 11-11-23.03 - Robert 11/24/2011 5:30.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2130 [GMT 0:00]
Running from: c:\users\Robert\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
O:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 01:34 . 2011-11-24 01:34 -------- d--h--r- c:\users\Robert\AppData\Roaming\SecuROM
2011-11-22 10:08 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E41B43C-7ABA-4593-8D24-0518E87AE981}\mpengine.dll
2011-11-20 14:15 . 2011-11-20 14:15 -------- d-----w- c:\program files\Bohemia Interactive
2011-11-13 15:11 . 2011-11-13 15:11 -------- d-----w- c:\users\Robert\AppData\Local\Skyrim
2011-11-13 13:27 . 2011-11-13 15:13 -------- d-----w- c:\program files (x86)\The Elder Scrolls V Skyrim
2011-11-12 13:26 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-11-12 12:57 . 2011-11-12 12:57 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2011-11-12 12:41 . 2011-11-12 12:58 -------- d-----w- c:\program files (x86)\Battlefield 3
2011-11-09 02:55 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 02:55 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 02:55 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 02:55 . 2011-09-29 04:09 3141120 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 06:38 . 2011-11-04 06:40 -------- d-----w- c:\program files (x86)\SSF Realism Mod
2011-11-04 06:06 . 2011-11-04 11:39 -------- d-----w- c:\users\Robert\AppData\Roaming\Tunngle
2011-11-04 06:06 . 2011-11-04 07:48 -------- d-----w- c:\programdata\Tunngle
2011-11-04 06:06 . 2009-09-16 08:02 31232 ----a-w- c:\windows\system32\drivers\tap0901t.sys
2011-11-04 06:06 . 2011-11-04 06:07 -------- d-----w- c:\program files (x86)\Tunngle
2011-10-29 05:34 . 2011-10-29 05:34 -------- d-----w- c:\program files (x86)\AutoHotkey
2011-10-29 03:31 . 2011-10-29 03:31 -------- d-----w- c:\programdata\Sony
2011-10-29 03:31 . 2011-10-29 03:31 -------- d-----w- c:\users\Robert\AppData\Roaming\Publish Providers
2011-10-29 03:25 . 2011-10-29 03:57 -------- d-----w- c:\users\Robert\AppData\Local\Sony
2011-10-29 03:25 . 2011-10-29 03:56 -------- d-----w- c:\program files (x86)\Sony
2011-10-29 03:25 . 2011-10-29 03:43 -------- d-----w- c:\program files\Sony
2011-10-29 03:24 . 2011-10-30 04:13 -------- d-----w- c:\users\Robert\AppData\Roaming\Sony
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 05:40 . 2011-07-15 19:08 53312 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2011-10-17 15:04 . 2011-04-29 18:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-17 15:03 . 2011-04-29 18:34 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-17 14:53 . 2011-04-29 18:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-15 08:53 . 2011-04-29 18:15 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-04-29 18:15 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-15 08:53 . 2011-04-08 06:19 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-04-08 06:19 837952 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll
2011-10-15 08:53 . 2011-04-08 06:19 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-04-08 06:19 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-04-08 06:19 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-04-08 06:19 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 00:54 . 2011-10-15 00:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-09-24 19:45 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-19 07:07 . 2011-09-19 07:07 15360 ----a-w- c:\windows\SysWow64\bdmjpeg.dll
2011-09-19 07:07 . 2011-09-19 07:07 17920 ----a-w- c:\windows\system32\bdmjpeg64.dll
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- c:\windows\SysWow64\bdmpega.acm
2011-09-19 07:07 . 2011-09-19 07:07 62976 ----a-w- c:\windows\system32\bdmpega64.acm
2011-09-19 07:07 . 2011-09-19 07:07 58368 ----a-w- c:\windows\SysWow64\bdmpegv.dll
2011-09-19 07:07 . 2011-09-19 07:07 62464 ----a-w- c:\windows\system32\bdmpegv64.dll
2011-09-03 15:39 . 2011-05-25 16:24 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-31 17:00 . 2011-05-14 03:19 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 05:40 . 2011-10-12 20:13 861184 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:40 . 2011-10-12 20:13 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:43 . 2011-10-12 20:13 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43 . 2011-10-12 20:13 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-30 399736]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"mapdisk"="c:\users\Robert\Documents\ArmAWork\mapdisk.bat" [2011-11-20 49]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
c:\users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
thunderbird.exe - Shortcut.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2011-5-4 399512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R3 ALSysIO;ALSysIO;c:\users\Robert\AppData\Local\Temp\ALSysIO64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 136176]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2011-05-02 2560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 PRTG7CoreService;PRTG 8 Core Server Service;c:\program files (x86)\PRTG Network Monitor\PRTG Server.exe [2011-07-13 4177680]
S2 PRTG7ProbeService;PRTG 8 Probe Service;c:\program files (x86)\PRTG Network Monitor\PRTG Probe.exe [2011-07-13 3889936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2011-10-14 745832]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40340ed7-7ab7-11e0-9991-4061860a8fe1}]
\shell\AutoRun\command - E:\INSTALL.EXE
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 18:24]
.
2011-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-29 18:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 8.8.8.8 4.4.4.4
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\f9rruc7i.default\
FF - prefs.js: browser.startup.homepage - about:home
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-BattlEye - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\steam\steamapps\common\arma 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-FSM Editor Personal Edition - c:\program files (x86)\Bohemia Interactive\Tools\FSM Editor Personal Edition\UnInstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-790439142-3435915906-985103671-1000\Software\SecuROM\License information*]
"datasecu"=hex:25,ed,fe,05,7f,52,fa,91,cc,02,49,78,5e,12,f3,8a,c9,c8,b8,4d,93,
d7,6f,54,cb,d7,50,48,19,89,2f,4c,8b,e9,fa,a7,97,2b,f9,08,36,18,21,0a,60,0b,\
"rkeysecu"=hex:dc,d3,0d,74,ae,a1,10,5e,52,cc,8b,3b,14,bf,4a,74
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\C4838B3D951212E6CDEE180D9201C56E]
"1"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,4c,0f,9a,93,b5,f7,5b,
e0
"2"=hex:af,48,68,fb,0f,c8,42,37
"3"=hex:7e,2a,19,6e,e4,cb,24,18,7d,df,82,fd,ad,18,20,a4,b0,48,ce,e6,19,d8,ee,
c7,45,dd,db,38,3b,d3,3d,01,f0,38,fa,cd,b5,1e,36,21,17,ec,71,30,5e,a6,61,9d,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:07,1f,1a,27,85,96,85,c3,38,71,53,58,52,6e,65,80,0a,e7,b1,ce,73,6a,58,
57,b4,92,42,c6,86,c1,72,81,84,78,bc,10,9b,59,93,10,93,38,75,f5,0c,fd,c5,cf,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
cb,0a,c9,95,21,b9,0e,5a,4a,38,5d,cd,24,ba,97,5c,5b,05,87,8a,eb,b5,bb,db,d2,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:0e,dd,e9,89,af,59,f5,3c,69,1c,a4,5d,e3,31,17,13,57,b0,fd,64,c1,ce,08,
87,e5,16,7a,1f,24,2a,d6,8f,f5,19,c1,b1,12,2d,58,66,28,03,0d,d6,e5,fc,99,de,\
"13"=hex:19,7a,8a,94,e9,cf,c8,fd,f3,80,48,e1,5b,15,b3,b6,89,31,02,99,8a,04,b3,
0c,b6,ac,03,df,bf,e8,08,ba,e8,d1,69,ae,ae,47,ae,fd
"14"=hex:cc,37,e6,02,49,3c,f3,ea,f2,40,e6,1c,3c,12,e0,3d
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c2,26,f5,1d,bf,83,c6,08,30,ad,78,80,0f,70,41,08
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:b7,57,57,8b,fe,ba,66,bd,62,69,01,45,03,ca,be,d2,1b,86,ab,41,9a,79,27,
67,32,b4,42,fb,47,8f,82,67,f8,b1,f3,02,b2,c4,91,43,86,67,f3,17,ed,6a,b5,69,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\DF7B54A6112C2A0959607A574D3D99D6]
"1"=hex:05,a5,52,27,27,68,21,41,63,83,05,15,ef,55,2c,92
"2"=hex:af,48,68,fb,0f,c8,42,37
"3"=hex:38,f6,95,d2,b4,28,07,be,05,ae,2c,1e,f2,5b,8a,52,60,38,56,31,1d,11,a2,
d2,4e,ab,e9,ff,9e,c8,be,72,1f,d5,ed,00,14,59,c2,e4,ae,9b,a7,c9,a1,04,24,bf,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:05,a5,52,27,27,68,21,41,e8,57,cb,d5,86,b9,d9,4d,3c,4b,d6,bd,45,0e,9f,
2c,37,f3,41,b2,34,84,07,a9,a5,3f,b6,64,6e,94,60,17,ca,27,98,0e,b4,db,a1,ca,\
"7"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,56,a7,02,9d,f0,a0,1d,
cc,28,d9,b1,18,9e,f1,8d,e8,54,e6,61,27,95,2e,52,cc,1c,f7,fa,64,bd,24,b7,82,\
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,2a,be,8e,36,28,f4,02,
cb,0a,c9,95,21,b9,0e,5a,4a,38,5d,cd,24,ba,97,5c,5b,05,87,8a,eb,b5,bb,db,d2,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:d0,71,12,cb,08,b7,a7,d6
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:cb,8e,c6,9f,83,a9,73,d7,4f,a9,42,df,aa,cc,83,92,88,84,5e,92,b8,98,34,
aa,ba,38,ee,a2,6b,d9,7b,f7,31,69,a3,a6,7a,5b,69,c2,24,e3,3c,1b,79,49,1d,31,\
"13"=hex:19,7a,8a,94,e9,cf,c8,fd,f3,80,48,e1,5b,15,b3,b6,89,31,02,99,8a,04,b3,
0c,b6,ac,03,df,bf,e8,08,ba,e8,d1,69,ae,ae,47,ae,fd
"14"=hex:08,ff,2b,1c,69,18,ef,7b,2e,51,47,6e,41,a5,c7,f7
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:c2,26,f5,1d,bf,83,c6,08,30,ad,78,80,0f,70,41,08
"22"=hex:81,20,8f,ab,28,6a,52,9c
"15"=hex:6b,47,5a,60,03,85,c2,b8,6b,00,06,ef,88,67,4d,91,54,ce,cd,0d,6e,44,ca,
c4,8a,5b,38,63,81,0c,90,54,b5,26,40,a7,b2,45,ab,4a,37,2a,bc,8c,9d,41,9f,83,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
.
**************************************************************************
.
Completion time: 2011-11-24 05:44:11 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-24 05:44
.
Pre-Run: 9,536,585,728 bytes free
Post-Run: 29,461,864,448 bytes free
.
- - End Of File - - ED687C8779D7DBDD770BEEC690112CF8