I was not able to start combofix.txt until I renamed it. It worked after renaming and it detected "Presence of rootkit activity" and then re started my machine. On reboting it deleted a bunch of files all starting with UAC* and then continued with its scan. Pls see below its log report. Please let me know what is the next step and thank you for your help.
ComboFix 09-05-21.08 - Narwal 05/22/2009 13:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.166 [GMT -4:00]
Running from: c:\users\Narwal\Pictures\Desktop\IBNT.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee VirusScan *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\UACwgeuoinwmqcitfg.sys
c:\windows\system32\UACfwdsisvoxxhnmga.dll
c:\windows\system32\UAChieqrljcpposafo.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkgudkysnhxbovym.dat
c:\windows\system32\UACphijboophyvpmyp.log
c:\windows\system32\UACqbvrvnxvuegjuog.log
c:\windows\system32\UACrhtvurpepilfvhv.dll
c:\windows\system32\UACtidvlqjvoqtryqh.dll
c:\windows\system32\UACtjinjvwspdehwsm.log
c:\windows\system32\UACtsbicajbbnwdbhd.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 17:33 . 2009-05-22 17:36 -------- d-----w c:\users\Narwal\AppData\Local\temp
2009-05-22 00:29 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{5FD376B0-56D7-488F-99BC-B731F7603876}\mpengine.dll
2009-05-21 12:01 . 2009-05-21 12:44 -------- d-----w C:\rsit
2009-05-19 23:11 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-19 23:11 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-19 23:11 . 2009-05-19 23:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-19 23:11 . 2009-05-19 23:11 -------- d-----w c:\programdata\Malwarebytes
2009-05-19 04:33 . 2009-05-19 04:33 -------- d-----w c:\windows\McAfee.com
2009-05-18 23:17 . 2009-05-18 23:19 -------- d-----w c:\windows\BDOSCAN8
2009-05-16 19:42 . 2009-05-16 19:42 -------- d-----w c:\program files\Trend Micro
2009-05-15 23:37 . 2008-06-19 21:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-15 23:37 . 2009-05-15 23:37 -------- d-----w c:\program files\Panda Security
2009-05-09 15:44 . 2009-05-09 15:44 -------- d-----w c:\windows\Sun
2009-05-05 12:15 . 2009-05-05 12:21 3584 ----a-w C:\Hello.exe
2009-05-05 03:06 . 2009-05-05 03:06 -------- d-----w c:\program files\Microsoft SDKs
2009-05-05 02:58 . 2009-05-05 02:58 -------- d-----w c:\program files\Debugging Tools for Windows
2009-05-05 02:46 . 2009-05-05 02:46 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-05-04 01:31 . 2009-05-06 00:20 -------- d-----w C:\Test
2009-05-02 19:06 . 2009-03-08 11:33 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-05-02 17:24 . 2009-05-02 17:24 -------- d-----w C:\perflogs
2009-05-02 17:01 . 2009-05-02 17:01 -------- d-----w C:\Downloads
2009-05-02 14:15 . 2009-05-02 14:15 -------- d-----w c:\users\Narwal\AppData\Roaming\MusicNet
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 13:49 . 2007-09-23 21:15 -------- d-----w c:\users\Narwal\AppData\Roaming\SiteAdvisor
2009-05-21 22:40 . 2008-11-15 22:03 1 ----a-w c:\users\Narwal\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-05-21 12:42 . 2008-08-01 22:36 -------- d-----w c:\program files\LimeWire
2009-05-19 12:31 . 2007-09-30 06:48 680 ----a-w c:\users\Narwal\AppData\Local\d3d9caps.dat
2009-05-17 00:24 . 2008-08-01 22:38 -------- d-----w c:\users\Narwal\AppData\Roaming\LimeWire
2009-05-14 07:02 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-05 03:28 . 2007-06-07 22:23 -------- d-----w c:\programdata\Microsoft Help
2009-05-02 18:57 . 2007-05-22 22:39 -------- d-----w c:\program files\Google
2009-05-02 18:36 . 2007-05-22 22:36 -------- d-----w c:\program files\TOSHIBA Games
2009-05-02 18:33 . 2007-05-22 22:14 -------- d-----w c:\program files\InterVideo
2009-05-02 18:33 . 2007-05-22 22:11 -------- d-----w c:\programdata\Ulead Systems
2009-05-02 18:33 . 2007-05-22 22:11 -------- d-----w c:\program files\Common Files\Ulead Systems
2009-05-02 18:30 . 2007-05-22 21:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-02 18:22 . 2007-05-22 22:33 -------- d-----w c:\programdata\Napster
2009-05-02 18:15 . 2009-02-05 02:10 -------- d-----w c:\program files\TotalImageConverter
2009-05-02 18:15 . 2007-08-30 03:38 -------- d-----w c:\users\Narwal\AppData\Roaming\yahoo!
2009-05-02 18:15 . 2007-08-29 20:13 -------- d-----w c:\programdata\Yahoo!
2009-03-20 01:03 . 2009-03-20 01:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-17 03:16 . 2009-04-14 20:39 14848 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-14 20:39 25600 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-02 19:06 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-02 19:07 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-02 19:07 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-02 19:06 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-02 19:06 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-02 19:06 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-02 19:06 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-02 19:07 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-02 19:07 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-02 19:07 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-02 19:07 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-02 19:06 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-02 19:07 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-02 19:07 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-02 19:06 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-02 19:07 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:24 . 2009-04-14 20:39 3503584 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-14 20:39 3469280 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:19 . 2009-04-14 20:39 158720 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-14 20:40 549888 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-14 20:39 24576 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-14 20:39 97280 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-14 20:39 53248 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-14 20:39 37888 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 02:40 . 2009-04-14 20:39 654336 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-07 14:20 . 2007-08-30 03:42 67688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-03-07 14:20 . 2007-08-30 03:42 54368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-03-07 14:20 . 2007-08-30 03:42 34944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-03-07 14:20 . 2007-08-30 03:42 46712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-03-07 14:20 . 2007-08-30 03:42 172136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-27 4670704]
"Google Update"="c:\users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-10-19 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-29 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-29 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-29 81920]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-17 152144]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EC6D873D-C5A2-408C-B890-BA0759BD77A5}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F77D8236-E1E7-44A4-8538-8A51B97A209A}"= TCP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A128CD60-A295-4083-AE9E-A518E58012BD}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{01069126-3EC4-4B6A-83FA-65AF7223E68A}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{0FB45AC3-AA99-477A-A388-D1E2BB47BCC7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{70F80FBA-B2E6-44FD-B1F2-A0CE3FA5D84C}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C21DFE4B-B7C4-4383-83A7-18BF1AACE400}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{149DFD65-B62B-4D53-8614-6F17971CEAED}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{46AEFF78-1986-40CB-A22E-9E49D98FE82C}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{7904F69F-94AC-4BDE-91D3-D66CBFE2D84D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3B62BEB7-2683-48AA-8DC2-4B184A1C6480}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{8EA75245-EC49-4C99-94D6-38A5EB59D300}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{444D6893-1902-4708-85CC-E2E9A5BA76F3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{0C762571-4458-4CBA-BF48-2BD78747981D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{127D8293-7E47-45D6-BEA8-CEA7AE9794F7}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{75E52C50-FEDB-44DA-90DF-FBF895DF4D0F}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{92ECA8B8-C8DA-4F1A-B641-6DD560235E25}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{C87C6BB0-BCED-4F1B-B5CA-A40D28B393E1}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F06CD406-BF0B-449A-B2B5-11ECEA41CD61}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{91EB9F6E-1FE4-4FC8-8D04-399C7710C061}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [5/15/2009 7:37 PM 28544]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\System32\drivers\V0250Dev.sys [11/10/2007 12:58 PM 169696]
S3 V0250Vfx;V0250Vfx;c:\windows\System32\drivers\V0250Vfx.sys [11/10/2007 12:58 PM 6272]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2307070536-2186033536-3377706424-1000.job
- c:\users\Narwal\AppData\Local\Google\Update\GoogleUpdate.exe [2008-10-19 03:00]
2009-05-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-01 17:32]
2008-06-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-06-01 17:32]
.
- - - - ORPHANS REMOVED - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103472 -Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: tdameritrade.com
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadv ... /abxgh.cab
FF - ProfilePath - c:\users\Narwal\AppData\Roaming\Mozilla\Firefox\Profiles\613cgtrm.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\SiteAdvisor\6253\FF\components\FFHook.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 13:36
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????Z#6_??????U?8?U?p?U???U???
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-22 13:38
ComboFix-quarantined-files.txt 2009-05-22 17:38
Pre-Run: 13,673,578,496 bytes free
Post-Run: 14,218,256,384 bytes free
276 --- E O F --- 2009-05-22 00:30