ComboFix 13-06-15.01 - user 06/15/2013  17:42:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2037.1213 [GMT -5:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\cY1532y3.exe.b
c:\programdata\cY1532y3.exe_.b
c:\users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\TestBrowser.html
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-15 to 2013-06-15  )))))))))))))))))))))))))))))))
.
.
2013-06-15 22:51 . 2013-06-15 22:51	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2013-06-15 22:51 . 2013-06-15 22:51	--------	d-----w-	c:\users\hedev\AppData\Local\temp
2013-06-15 22:51 . 2013-06-15 22:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-06-15 19:50 . 2013-06-15 19:50	--------	d-----w-	C:\_OTL
2013-06-15 09:49 . 2013-06-15 09:49	0	----a-w-	C:\prefs.js
2013-06-15 09:49 . 2013-06-15 09:49	--------	d-----w-	c:\program files\Application Updater
2013-06-15 09:49 . 2013-06-15 09:49	--------	d-----w-	c:\program files\Vuze Remote Toolbar
2013-06-14 20:08 . 2013-06-14 20:08	--------	d-----w-	c:\program files\Common Files\Java
2013-06-14 20:08 . 2013-06-14 20:07	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-06-12 13:10 . 2013-05-08 04:37	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-12 13:10 . 2013-05-02 04:04	443904	----a-w-	c:\windows\system32\win32spl.dll
2013-06-12 13:10 . 2013-05-02 04:03	37376	----a-w-	c:\windows\system32\printcom.dll
2013-06-12 13:10 . 2013-04-24 04:00	985600	----a-w-	c:\windows\system32\crypt32.dll
2013-06-12 13:10 . 2013-04-24 04:00	98304	----a-w-	c:\windows\system32\cryptnet.dll
2013-06-12 13:10 . 2013-04-24 04:00	133120	----a-w-	c:\windows\system32\cryptsvc.dll
2013-06-12 13:10 . 2013-04-24 04:00	41984	----a-w-	c:\windows\system32\certenc.dll
2013-06-12 13:10 . 2013-04-24 01:46	812544	----a-w-	c:\windows\system32\certutil.exe
2013-06-12 13:10 . 2013-05-02 22:03	3603832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-06-12 13:10 . 2013-05-02 22:03	3551096	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-06-10 09:30 . 2013-06-10 09:30	--------	d-----w-	c:\users\user\AppData\Local\Slick Savings
2013-06-10 09:29 . 2013-06-15 09:49	--------	d-----w-	c:\program files\Common Files\Spigot
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-14 20:07 . 2012-07-24 08:47	866720	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-06-14 20:07 . 2010-05-23 01:08	788896	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-12 00:35 . 2012-10-09 22:03	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-06-12 00:35 . 2011-07-29 19:37	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-03 09:07 . 2013-05-03 09:07	24704	----a-w-	c:\windows\system32\drivers\dtscsibus.sys
2013-04-15 14:20 . 2013-05-14 19:21	638328	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-14 19:21	37376	----a-w-	c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-14 19:21	2049024	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files\Vuze Remote Toolbar\IE\7.2\vuzeToolbarIE.dll" [2013-06-08 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
2013-06-08 01:39	1353536	----a-w-	c:\program files\Vuze Remote Toolbar\IE\7.2\vuzeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54	175912	----a-w-	c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 21:54	175912	----a-w-	c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{05478A66-EDB6-4A22-A870-A5987F80A7DA}"= "c:\program files\Vuze Remote Toolbar\IE\7.2\vuzeToolbarIE.dll" [2013-06-08 1353536]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{05478a66-edb6-4a22-a870-a5987f80a7da}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DAEMON Tools Ultra Agent"="c:\program files\DAEMON Tools Ultra\DTAgent.exe" [2013-03-06 3088448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-08-15 192512]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 4423680]
"Skytel"="Skytel.exe" [2007-03-16 1822720]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-12 174872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-04 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-06-08 1302336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 00:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10043&barid={10880EA7-B3D1-11E2-AFBB-000AE41569CF}
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 4\imc.exe
HKCU-Run-Desktop Software - c:\program files\Common Files\SupportSoft\bin\bcont.exe
HKCU-Run-SubliminalEzy - c:\program files\SubliminalEzy\SubLiminalEzy.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKU-Default-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-WOLAPI - c:\westwood\Internet\UnstllAP.EXE
AddRemove-Winamp Detect - c:\program files\Winamp Detect\UninstWaDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-15 17:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2024)
c:\windows\system32\ieframe.dll
.
Completion time: 2013-06-15  17:55:00
ComboFix-quarantined-files.txt  2013-06-15 22:54
.
Pre-Run: 6,684,098,560 bytes free
Post-Run: 12,541,726,720 bytes free
.
- - End Of File - - 29E7517AAE9DB70843BDC8946CF54955
5C616939100B85E558DA92B899A0FC36