ComboFix 10-09-25.07 - Tiffany 09/26/2010 10:13:36.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2814.1635 [GMT -7:00]
Running from: c:\users\Tiffany\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\Uninstall
c:\program files\Common Files\Uninstall\PAV\Uninstall.lnk
.
((((((((((((((((((((((((( Files Created from 2010-08-26 to 2010-09-26 )))))))))))))))))))))))))))))))
.
2010-09-26 17:22 . 2010-09-26 17:22 -------- d-----w- c:\users\Tiffany\AppData\Local\temp
2010-09-26 17:22 . 2010-09-26 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-26 17:09 . 2010-09-26 17:09 -------- d-----w- c:\program files\ERUNT
2010-09-25 18:31 . 2010-09-25 18:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-22 19:06 . 2010-09-22 19:06 -------- d-----w- c:\users\Tiffany\AppData\Local\Apple
2010-09-22 19:05 . 2010-09-25 18:31 -------- d-----w- c:\users\Tiffany\AppData\Local\Adobe
2010-09-22 17:57 . 2010-09-22 17:57 -------- d-----w- c:\program files\trend micro
2010-09-22 17:57 . 2010-09-22 17:57 -------- d-----w- C:\rsit
2010-09-22 17:48 . 2010-09-22 19:12 -------- d-----w- c:\users\Tiffany\AppData\Local\Apple Computer
2010-09-22 17:30 . 2010-09-22 17:30 -------- d-----w- c:\users\Tiffany\AppData\Roaming\Malwarebytes
2010-09-22 17:29 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 17:29 . 2010-09-22 17:29 -------- d-----w- c:\programdata\Malwarebytes
2010-09-22 17:29 . 2010-09-22 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-22 17:29 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-18 10:22 . 2010-09-18 10:22 -------- d-----w- c:\program files\Windows Portable Devices
2010-09-18 10:05 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-09-18 10:05 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-09-18 10:05 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-09-18 10:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-09-18 10:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-09-18 10:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-09-17 06:04 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-17 06:04 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-17 06:04 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-17 06:04 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-17 06:04 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-17 06:03 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-09-17 06:03 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-17 06:02 . 2010-09-17 06:02 -------- d-----w- c:\programdata\Alwil Software
2010-09-17 06:02 . 2010-09-17 06:02 -------- d-----w- c:\program files\Alwil Software
2010-09-17 03:01 . 2010-09-17 03:03 -------- d-----w- c:\windows\system32\ca-ES
2010-09-17 03:01 . 2010-09-17 03:02 -------- d-----w- c:\windows\system32\eu-ES
2010-09-17 03:01 . 2010-09-17 03:02 -------- d-----w- c:\windows\system32\vi-VN
2010-09-17 00:17 . 2010-09-17 00:17 -------- d-----w- c:\windows\system32\EventProviders
2010-09-16 23:28 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-09-16 23:12 . 2009-10-16 23:06 1069056 ----a-w- c:\windows\system32\lxduserv.dll
2010-09-16 23:11 . 2009-10-16 23:06 651264 ----a-w- c:\windows\system32\lxdupmui.dll
2010-09-16 23:11 . 2009-10-16 23:06 376832 ----a-w- c:\windows\system32\lxducomm.dll
2010-09-16 23:11 . 2009-10-16 23:06 364544 ----a-w- c:\windows\system32\lxduinpa.dll
2010-09-16 23:11 . 2009-10-16 23:06 339968 ----a-w- c:\windows\system32\lxduiesc.dll
2010-09-16 23:11 . 2009-10-16 23:06 860160 ----a-w- c:\windows\system32\lxduusb1.dll
2010-09-16 23:11 . 2009-10-16 23:06 684032 ----a-w- c:\windows\system32\lxduhbn3.dll
2010-09-16 23:11 . 2009-10-16 23:06 364544 ----a-w- c:\windows\system32\lxducfg.exe
2010-09-16 23:11 . 2009-10-16 22:56 208896 ----a-w- c:\windows\system32\lxdugrd.dll
2010-09-16 23:11 . 2009-10-16 23:06 323584 ----a-w- c:\windows\system32\lxduih.exe
2010-09-16 23:05 . 2008-06-12 10:09 33088 ----a-w- c:\users\Tiffany\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-09-16 19:09 . 2010-09-16 19:09 -------- d-----w- c:\program files\QuickTime
2010-09-16 19:00 . 2009-05-18 20:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-09-16 19:00 . 2008-04-17 19:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-09-16 18:57 . 2010-09-16 18:57 -------- d-----w- c:\program files\iPod
2010-09-16 18:57 . 2010-09-16 18:59 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-16 18:57 . 2010-09-16 18:59 -------- d-----w- c:\program files\iTunes
2010-09-16 18:46 . 2010-09-16 18:46 -------- d-----w- c:\program files\Bonjour
2010-09-16 18:44 . 2010-09-16 18:44 -------- d-----w- c:\programdata\WindowsSearch
2010-09-16 18:35 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 18:35 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 18:35 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 18:34 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-16 18:33 . 2010-09-16 18:33 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-16 18:05 . 2010-09-16 18:05 -------- d-----w- c:\users\Tiffany\AppData\Local\Mozilla
2010-09-16 17:52 . 2010-09-21 23:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-16 17:52 . 2010-09-16 17:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-16 17:51 . 2010-09-16 17:51 -------- d-----w- c:\program files\SpywareBlaster
2010-09-16 17:48 . 2010-09-16 17:48 -------- d-----w- c:\program files\CCleaner
2010-09-16 17:47 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-16 17:47 . 2010-09-17 06:00 -------- dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-16 17:47 . 2010-08-12 12:16 2979848 -c--a-w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-09-16 17:46 . 2010-09-16 17:48 -------- d-----w- c:\programdata\Lavasoft
2010-09-16 17:46 . 2010-09-16 17:46 -------- d-----w- c:\program files\Lavasoft
2010-09-10 22:36 . 2010-09-10 22:36 58760 ----a-w- C:\symlcsv1.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 17:10 . 2008-11-02 01:46 48461 ----a-w- c:\programdata\nvModes.dat
2010-09-22 17:48 . 2008-10-24 00:10 75832 ----a-w- c:\users\Tiffany\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 17:46 . 2010-07-01 03:33 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-18 10:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-09-18 10:22 . 2010-09-18 10:22 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-18 10:21 . 2010-09-18 10:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-17 06:07 . 2008-08-04 16:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-17 05:55 . 2008-08-04 16:43 -------- d-----w- c:\programdata\Symantec
2010-09-17 03:18 . 2008-12-19 01:45 -------- d-----w- c:\users\Tiffany\AppData\Roaming\Apple Computer
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-09-17 03:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-09-17 03:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-09-17 02:49 . 2008-09-09 01:48 -------- d-----w- c:\programdata\NVIDIA
2010-09-17 00:11 . 2008-08-04 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-16 23:59 . 2008-08-04 16:27 -------- d-----w- c:\program files\Hewlett-Packard
2010-09-16 23:44 . 2008-11-16 02:19 -------- d-----w- c:\program files\Google
2010-09-16 23:26 . 2008-08-04 18:13 -------- d-----w- c:\programdata\Microsoft Help
2010-09-16 23:10 . 2008-10-24 00:03 -------- d-----w- c:\programdata\Viewpoint
2010-09-16 22:56 . 2008-08-04 18:37 -------- d-----w- c:\program files\Yahoo!
2010-09-16 19:21 . 2008-08-04 18:49 -------- d-----w- c:\program files\Java
2010-09-16 19:12 . 2010-07-01 03:32 -------- d-----w- c:\program files\Bing Bar Installer
2010-09-16 18:57 . 2008-12-19 01:41 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 22:40 . 2010-04-29 01:30 1819504 ----a-w- c:\programdata\Norton\NUA.exe
2010-08-31 01:06 . 2009-06-15 13:01 7808 ----a-w- c:\users\Tiffany\AppData\Local\d3d9caps.dat
2010-08-28 01:08 . 2010-04-29 01:30 -------- d-----w- c:\programdata\Norton
2010-08-24 02:54 . 2008-12-27 02:35 -------- d-----w- c:\program files\Symantec
2010-08-24 02:54 . 2008-12-27 02:35 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-24 02:54 . 2008-08-04 16:44 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-24 02:54 . 2008-08-04 16:44 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-21 19:30 . 2010-08-21 19:30 226650 ----a-w- c:\programdata\SPL99FE.tmp
2010-08-21 18:58 . 2010-08-21 18:58 226650 ----a-w- c:\programdata\SPLCF9E.tmp
2010-08-21 15:47 . 2010-08-21 15:47 268945 ----a-w- c:\programdata\SPL12F3.tmp
2010-08-21 03:21 . 2010-08-21 03:21 268945 ----a-w- c:\programdata\SPL7625.tmp
2010-08-14 04:00 . 2008-08-04 17:50 -------- d-----w- c:\program files\Microsoft Works
2010-07-28 01:44 . 2010-07-28 01:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44 . 2010-07-28 01:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44 . 2010-07-28 01:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-16 02:30 . 2010-07-16 02:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-16 01:53 . 2010-07-16 01:52 23089 ----a-w- c:\windows\hpqins15.dat
2010-07-16 01:27 . 2010-07-16 01:27 118906 ----a-w- c:\programdata\SPL5918.tmp
2010-07-15 01:05 . 2010-07-15 01:05 118906 ----a-w- c:\programdata\SPL5DCD.tmp
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-09 47904]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-28 122368]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-08 968536]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Auto Detect.lnk - c:\program files\iConcepts Music Express\MEAutoDetect.exe [2010-2-7 374104]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-01-15 204800]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-12 1355416]
R3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\DRIVERS\PTDUBus.sys [2008-03-11 29824]
R3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\DRIVERS\PTDUMdm.sys [2008-03-11 41344]
R3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\DRIVERS\PTDUVsp.sys [2008-03-11 39936]
R3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\DRIVERS\PTDUWWAN.sys [2008-03-11 59776]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 589824]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [2009-10-16 94208]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-05-09 43040]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]
--- Other Services/Drivers In Memory ---
*Deregistered* - Normandy
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 21:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 03:29]
2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 03:29]
2010-09-25 c:\windows\Tasks\User_Feed_Synchronization-{FACDD4D7-6EBC-471A-A725-DA0B4DB147F9}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnbuInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Tiffany\AppData\Roaming\Mozilla\Firefox\Profiles\hw7xbn9f.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: keyword.URL -
hxxp://search.mywebsearch.com/mywebsear ... searchfor=FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-hpqSRMon - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-26 10:22
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,d3,e2,30,40,42,15,46,a3,79,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e9,d3,e2,30,40,42,15,46,a3,79,02,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-26 10:26:51
ComboFix-quarantined-files.txt 2010-09-26 17:26
Pre-Run: 221,997,453,312 bytes free
Post-Run: 221,934,870,528 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 5E9DB3A9467BADA9E3715347E6C3F55A