ComboFix 12-01-23.02 - ENTERPRISE 01/24/2012  17:51:34.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.894.164 [GMT -5:00]
Running from: c:\users\ENTERPRISE\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ENTERPRISE\AppData\Roaming\Microsoft\Windows\Recent\youtube.com-watchv=HLIWEOqvia8.url
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-12-24 to 2012-01-24  )))))))))))))))))))))))))))))))
.
.
2012-01-24 23:05 . 2012-01-24 23:06	--------	d-----w-	c:\users\ENTERPRISE\AppData\Local\temp
2012-01-24 23:05 . 2012-01-24 23:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-24 06:43 . 2012-01-24 06:43	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAC83323-3949-4864-BDE0-91C84A7C17C4}\offreg.dll
2012-01-24 06:24 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAC83323-3949-4864-BDE0-91C84A7C17C4}\mpengine.dll
2012-01-22 02:19 . 2012-01-23 01:01	--------	d-----w-	c:\users\ENTERPRISE\AppData\Roaming\Systweak
2012-01-22 02:17 . 2011-07-07 18:26	17280	----a-w-	c:\windows\system32\roboot.exe
2012-01-17 22:07 . 2011-11-17 06:48	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-17 22:07 . 2011-11-16 16:23	278528	----a-w-	c:\windows\system32\schannel.dll
2012-01-17 22:07 . 2011-11-16 16:23	377344	----a-w-	c:\windows\system32\winhttp.dll
2012-01-17 22:07 . 2011-11-16 16:23	72704	----a-w-	c:\windows\system32\secur32.dll
2012-01-17 22:07 . 2011-11-16 16:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-17 22:07 . 2011-11-16 14:12	9728	----a-w-	c:\windows\system32\lsass.exe
2012-01-16 23:36 . 2011-11-18 20:23	1205064	----a-w-	c:\windows\system32\ntdll.dll
2012-01-16 23:36 . 2011-10-14 16:03	189952	----a-w-	c:\windows\system32\winmm.dll
2012-01-16 23:36 . 2011-10-14 16:00	23552	----a-w-	c:\windows\system32\mciseq.dll
2012-01-16 23:35 . 2011-11-18 17:47	66560	----a-w-	c:\windows\system32\packager.dll
2012-01-16 23:35 . 2011-11-25 15:59	376320	----a-w-	c:\windows\system32\winsrv.dll
2012-01-16 23:35 . 2011-12-01 15:21	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-01-16 23:30 . 2011-10-25 15:58	1314816	----a-w-	c:\windows\system32\quartz.dll
2012-01-16 23:30 . 2011-10-25 15:58	497152	----a-w-	c:\windows\system32\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:37 . 2011-12-16 02:37	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 19:29 . 2011-05-17 18:14	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-11-08 14:42 . 2011-12-16 02:31	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-16 08:03	1798144	----a-w-	c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-16 08:03	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-16 08:03	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-16 08:03	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-10-27 08:01 . 2011-12-16 02:37	3602816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-16 02:37	3550080	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-11-21 04:04 . 2011-11-28 22:17	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Button Manager.lnk - c:\program files\HP\Button Manager\BM.exe [2011-8-6 356864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-06-02 07:55	80896	----a-w-	c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2006-09-28 13:42	65536	----a-w-	c:\hp\support\hpsysdrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 15:16	65536	----a-w-	c:\hp\KBD\KbdStub.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-22 18:49	13539872	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-22 18:49	92704	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2006-11-20 11:34	155648	----a-w-	c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 15:26	4874240	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17	149280	----a-w-	c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 51720851
*Deregistered* - 51720851
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-20 23:00	114176	----a-w-	c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-21 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - ENTERPRISE.job
- c:\program files\Norton Internet Security\Engine\18.6.0.29\navw32.exe [2011-05-02 00:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.237.161.12 71.250.0.12
FF - ProfilePath - c:\users\ENTERPRISE\AppData\Roaming\Mozilla\Firefox\Profiles\szy7ru7v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie9
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-autochk - c:\windows\SERVIC~2\LOCALS~1\protect.dll
AddRemove-sp37532 - c:\hp\Softpaq\sp37532\sp37532.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-24 18:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-24  18:19:38
ComboFix-quarantined-files.txt  2012-01-24 23:19
.
Pre-Run: 144,587,563,008 bytes free
Post-Run: 145,358,360,576 bytes free
.
- - End Of File - - 5433C7D1874DFD5DB3E4BAAFDA175A1D