ComboFix 11-10-25.04 - Undevco Films 10/25/2011  21:18:52.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3582.2901 [GMT -5:00]
Running from: c:\users\Undevco Films\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB4425$
c:\windows\$NtUninstallKB4425$\448590858\@
c:\windows\$NtUninstallKB4425$\448590858\L\qnbwvoto
c:\windows\$NtUninstallKB4425$\448590858\loader.tlb
c:\windows\$NtUninstallKB4425$\448590858\U\@00000001
c:\windows\$NtUninstallKB4425$\448590858\U\@000000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@000000cf
c:\windows\$NtUninstallKB4425$\448590858\U\@80000000
c:\windows\$NtUninstallKB4425$\448590858\U\@800000c0
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cb
c:\windows\$NtUninstallKB4425$\448590858\U\@800000cf
c:\windows\$NtUninstallKB4425$\874146624
c:\windows\system32\ 
c:\windows\system32\c_44374.nls
.
Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected 
Restored copy from - The cat found it :) 
Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_netfx-mscorsvw_exe_b03f5f7f11d50a3a_6.0.6000.16720_none_201c2ab5e826014f\mscorsvw.exe 
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-26 to 2011-10-26  )))))))))))))))))))))))))))))))
.
.
2020-01-07 05:32 . 2020-01-07 05:32	--------	d-----w-	c:\program files\Cracklock
2011-10-26 02:38 . 2011-10-26 02:38	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-10-26 02:38 . 2011-10-26 02:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-26 02:12 . 2011-10-25 16:12	67072	----a-w-	c:\windows\system32\drivers\cdrom.sys
2011-10-26 01:36 . 2011-10-26 01:36	48016	--sha-w-	c:\windows\system32\c_44374.nl_
2011-10-26 00:16 . 2011-10-26 00:16	94896	----a-w-	c:\windows\system32\drivers\92184235.sys
2011-10-26 00:16 . 2011-10-26 00:16	35328	----a-w-	c:\windows\system32\drivers\tskCB89.tmp
2011-10-25 21:16 . 2011-10-26 00:17	7168	----a-w-	c:\windows\system32\drivers\utiymje4.sys
2011-10-25 19:00 . 2011-10-25 19:00	--------	d-----w-	c:\programdata\Kaspersky Lab
2011-10-25 18:55 . 2011-10-25 18:55	--------	d-----w-	C:\asfjdk
2011-10-25 18:25 . 2011-10-18 23:04	23624	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-10-25 18:16 . 2011-10-25 18:19	--------	d-----w-	C:\asjklfhsdj
2011-10-25 16:21 . 2011-10-25 16:21	--------	d-----w-	C:\abc
2011-10-24 18:41 . 2011-10-24 18:41	--------	d-----w-	c:\program files\Hitman Pro 3.5
2011-10-24 10:29 . 2011-10-24 11:30	--------	d-----w-	C:\MGtools
2011-10-24 10:10 . 2011-10-24 10:12	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2011-10-24 09:34 . 2011-10-26 02:00	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-24 08:39 . 2011-10-24 08:39	--------	d-----w-	c:\program files\jskflhasdjk
2011-10-24 08:39 . 2011-08-31 22:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-24 05:42 . 2011-10-24 05:42	--------	d-----w-	c:\users\Undevco Films\Doctor Web
2011-10-24 05:41 . 2011-10-24 05:41	--------	d-----w-	c:\program files\Common Files\Doctor Web
2011-10-24 05:40 . 2011-10-24 07:10	--------	d-----w-	c:\program files\DrWeb
2011-10-24 03:57 . 2011-10-24 03:57	94896	----a-w-	c:\windows\system32\drivers\91912406.sys
2011-10-24 01:49 . 2011-10-24 06:34	--------	d-----w-	c:\programdata\Doctor Web
2011-10-24 01:09 . 2011-10-24 01:09	--------	d-----w-	c:\program files\m
2011-10-24 00:57 . 2011-10-26 02:00	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-23 22:47 . 2011-10-23 23:41	--------	d-----w-	c:\users\Undevco Films\DoctorWeb
2011-10-23 22:01 . 2011-10-23 22:01	94896	----a-w-	c:\windows\system32\drivers\62361770.sys
2011-10-23 20:31 . 2011-10-23 20:31	--------	d--h--w-	c:\windows\PIF
2011-10-23 19:28 . 2011-10-23 19:28	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-10-18 23:12 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-10-18 23:12 . 2011-08-03 02:50	96768	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-18 23:12 . 2011-08-03 02:50	443392	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-18 23:12 . 2011-08-03 02:49	151552	----a-w-	c:\windows\system32\MSNP.ax
2011-10-18 23:12 . 2011-08-03 02:49	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-10-18 23:12 . 2011-08-03 02:49	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-10-18 23:12 . 2011-09-14 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-10-18 23:12 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-10-18 23:12 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-18 23:12 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-10-18 23:12 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-10-16 21:49 . 2011-10-19 02:00	--------	d-----w-	c:\users\Undevco Films\AppData\Roaming\WTablet
2011-10-16 21:49 . 2009-11-24 16:25	7892776	----a-w-	c:\windows\system32\WacomTablet.cpl
2011-10-16 21:48 . 2007-02-16 15:12	11312	----a-w-	c:\windows\system32\drivers\wacommousefilter.sys
2011-10-16 21:47 . 2009-05-20 16:54	13736	----a-w-	c:\windows\system32\drivers\wacomvhid.sys
2011-10-16 21:46 . 2011-10-16 21:46	--------	d-----w-	c:\windows\system32\WTablet
2011-10-16 21:46 . 2009-11-24 16:25	4463400	----a-w-	c:\windows\system32\Wacom_Tablet.exe
2011-10-16 21:46 . 2009-11-24 16:25	412456	----a-w-	c:\windows\system32\Wacom_Tablet.dll
2011-10-16 21:46 . 2009-11-24 16:20	285184	----a-w-	c:\windows\system32\Wintab32.dll
2011-10-16 21:46 . 2011-10-16 21:48	--------	d-----w-	c:\program files\Tablet
2011-10-09 09:28 . 2011-10-09 09:28	--------	d-----w-	c:\program files\Black_Box
2011-10-01 04:33 . 2011-10-25 18:49	--------	d-----w-	c:\programdata\Hitman Pro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-26 04:30 . 2010-03-13 07:50	35328	----a-w-	c:\windows\system32\drivers\npfs.sys
2011-10-26 02:40 . 2010-03-12 11:04	17488	----a-w-	c:\windows\gdrv.sys
2011-10-25 01:13 . 2010-03-13 07:50	66560	----a-w-	c:\windows\system32\drivers\smb.sys
2011-10-25 01:10 . 2011-06-15 22:03	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-10-24 19:11 . 2011-06-15 22:03	273408	----a-w-	c:\windows\system32\drivers\afd.sys
2011-10-24 11:30 . 2011-10-24 10:31	580339	----a-w-	C:\MGlogs.zip
2011-10-24 07:10 . 2010-03-12 22:37	35840	----a-w-	c:\windows\system32\drivers\netbios.sys
2011-10-24 04:02 . 2010-03-13 07:50	72192	----a-w-	c:\windows\system32\drivers\tdx.sys
2011-10-24 01:24 . 2010-03-13 07:51	185856	----a-w-	c:\windows\system32\drivers\netbt.sys
2011-10-03 00:25 . 2010-03-22 18:49	16432	----a-w-	c:\windows\system32\lsdelete.exe
2011-08-11 17:37 . 2011-08-11 17:37	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-08-11 17:37 . 2011-08-11 17:37	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-08-11 17:37 . 2011-08-11 17:37	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-08-11 17:37 . 2011-08-11 17:37	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-08-11 17:37 . 2011-08-11 17:37	161792	----a-w-	c:\windows\system32\msls31.dll
2011-08-11 17:37 . 2011-08-11 17:37	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-08-11 17:37 . 2011-08-11 17:37	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-08-11 17:37 . 2011-08-11 17:37	367104	----a-w-	c:\windows\system32\html.iec
2011-08-11 17:37 . 2011-08-11 17:37	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-11 17:37 . 2011-08-11 17:37	152064	----a-w-	c:\windows\system32\wextract.exe
2011-08-11 17:37 . 2011-08-11 17:37	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-08-11 17:37 . 2011-08-11 17:37	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-08-11 17:37 . 2011-08-11 17:37	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-08-11 17:37 . 2011-08-11 17:37	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-08-11 17:37 . 2011-08-11 17:37	11776	----a-w-	c:\windows\system32\mshta.exe
2011-08-11 17:37 . 2011-08-11 17:37	101888	----a-w-	c:\windows\system32\admparse.dll
2011-08-11 17:37 . 2011-08-11 17:37	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-08-11 17:37 . 2011-08-11 17:37	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-09-29 06:53 . 2011-10-03 03:43	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngin0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54	175912	----a-w-	c:\program files\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngin0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-11-02 8704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Undevco Films^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CineFormActiveMetadataStatusViewer.exe]
backup=c:\windows\pss\CineFormActiveMetadataStatusViewer.exe.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 22:00	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
2;2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x]
R3 cpuz130;cpuz130;c:\users\UNDEVC~1\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2007-10-31 97808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-10-18 23624]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\system32\drivers\pgusbmm3.sys [x]
R3 pgusbwdm;usb-audio.de driver  (commercial 2.8.40);c:\windows\system32\Drivers\pgusbwdm.sys [x]
R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 132232]
R3 utiymje4;AVZ Kernel Driver;c:\windows\system32\Drivers\utiymje4.sys [2011-10-26 7168]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 17703796;17703796;c:\windows\system32\drivers\62361770.sys [2011-10-23 94896]
R4 58010134;58010134;c:\windows\system32\drivers\91912406.sys [2011-10-24 94896]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-10-03 2151640]
R4 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-11-24 4463400]
R4 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2010-09-17 139264]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-05 64288]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-12 69632]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2007-10-31 16400]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2009-07-30 61440]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-23 c:\windows\Tasks\FrontLine Registry Cleaner Scheduled Scan - Undevco Films.job
- c:\program files\Frontline Registry Cleaner\REGCLEANER.exe [2010-05-08 20:06]
.
2011-10-24 c:\windows\Tasks\Hitman Pro 3.5 Boot Task.job
- c:\program files\Hitman Pro 3.5\HitmanPro35.exe [2011-10-24 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Undevco Films\AppData\Roaming\Mozilla\Firefox\Profiles\e5x5ced7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B6bf54e0b-9c56-49f2-be14-38455c6e14c9%7D&mid=48af4c0ea42647d19c20d119f9fce2b8-53e996cf7d9b37f515ee00ef1aaf8720b6ea968c&ds=AVG&v=8.0.0.34.1&lang=en&pr=pr&d=2011-10-05%2020%3A37%3A06&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-25 21:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2011-10-25  21:47:17 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-26 02:47
ComboFix2.txt  2011-10-25 22:11
ComboFix3.txt  2011-10-25 21:57
.
Pre-Run: 57,130,147,840 bytes free
Post-Run: 57,092,157,440 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - DD4DCDEC10A16D9F76F4383BEAE014B6