ComboFix 10-05-11.06 - Lewis 13/05/2010 14:28:42.1.2 - x86
Running from: c:\users\Lewis\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\1330106359.dat
c:\windows\system32\AbaleZip.dll
c:\windows\system32\senekascbgtsrq.dat
c:\windows\system32\senekavwedokmp.dat
c:\windows\system32\system
Infected copy of c:\windows\system32\drivers\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.
2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Lewis\AppData\Local\temp
2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Guest\AppData\Local\temp
2010-05-13 13:39 . 2010-05-13 13:39 -------- dc----w- c:\users\Default\AppData\Local\temp
2010-05-12 18:34 . 2010-05-12 19:12 -------- dc----w- c:\users\Lewis\AppData\Local\Temp(32)
2010-05-12 18:23 . 2010-05-12 18:34 -------- dc----w- C:\ComboFix(1)
2010-05-10 19:24 . 2010-05-10 19:24 655360 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-05-10 19:24 . 2010-05-10 19:24 282624 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-05-10 19:24 . 2010-05-10 19:24 208896 -c--a-w- c:\users\Lewis\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2010-05-10 12:09 . 2010-05-10 12:09 93056 -c--a-w- C:\fwlcapod.sys
2010-05-10 11:45 . 2010-05-13 11:50 0 -c--a-w- c:\users\Lewis\AppData\Local\prvlcl.dat
2010-05-08 16:06 . 2010-05-08 16:08 -------- dc----w- C:\AdobeTemp
2010-05-04 15:04 . 2010-05-04 15:04 -------- dc----w- c:\users\Lewis\AppData\Roaming\Panda Security
2010-05-04 15:03 . 2010-05-04 15:03 -------- dc----w- c:\program files\Panda Security
2010-05-04 14:51 . 2010-05-04 14:51 -------- dc----w- c:\users\Lewis\AppData\Roaming\CheckPoint
2010-05-04 14:40 . 2010-05-04 14:40 144 -c--a-w- c:\windows\system32\lkfl.dat
2010-05-04 14:40 . 2010-05-04 15:00 -------- dc----w- c:\program files\CheckPoint
2010-05-04 14:38 . 2010-05-04 14:38 -------- dc----w- c:\programdata\CheckPoint
2010-05-01 21:25 . 2010-05-01 21:25 -------- dc----w- c:\users\Lewis\AppData\Roaming\AVG9
2010-05-01 06:34 . 2010-05-01 06:34 -------- dc----w- C:\WTablet
2010-04-30 17:24 . 2010-04-30 17:24 -------- dc----w- c:\program files\Trend Micro
2010-04-30 16:36 . 2010-04-30 16:36 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2010-04-30 16:35 . 2010-04-30 17:28 -------- dc----w- c:\program files\SUPERAntiSpyware
2010-04-29 12:23 . 2010-04-29 12:23 -------- dc----w- c:\program files\iPod
2010-04-29 12:23 . 2010-04-29 12:24 -------- dc----w- c:\program files\iTunes
2010-04-29 11:17 . 2007-11-05 02:15 1140056 -c----w- c:\programdata\HP\Installer\Temp\hpzmsi01.exe
2010-04-29 10:13 . 2010-04-29 10:13 0 -c--a-w- c:\programdata\AVG Security Toolbar\IEToolbar.dll
2010-04-29 09:58 . 2010-04-29 09:58 -------- dc----w- c:\users\Lewis\AppData\Local\AVG Security Toolbar
2010-04-29 09:52 . 2010-04-29 09:52 -------- dc----w- C:\$AVG
2010-04-29 09:51 . 2010-04-29 09:51 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-04-29 09:51 . 2010-04-29 09:51 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-29 09:51 . 2010-04-29 09:51 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-29 09:51 . 2010-05-13 09:00 -------- dc----w- c:\windows\system32\drivers\Avg
2010-04-29 09:51 . 2010-04-29 10:13 -------- dc----w- c:\programdata\AVG Security Toolbar
2010-04-29 09:50 . 2010-04-29 09:50 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-04-29 09:50 . 2010-04-29 09:50 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-04-29 09:50 . 2010-04-29 09:50 242896 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-29 09:50 . 2010-04-29 09:50 24856 -c--a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-04-29 09:49 . 2010-04-29 09:49 -------- dc----w- c:\program files\AVG
2010-04-29 09:48 . 2010-04-29 13:36 -------- dc----w- c:\programdata\avg9
2010-04-29 08:42 . 2010-04-29 09:28 -------- dc----w- c:\programdata\Norton
2010-04-28 14:45 . 2010-04-28 14:45 73000 -c--a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-28 09:20 . 2010-04-28 09:32 -------- dc----w- c:\users\Lewis\AppData\Local\hcgflxxkg
2010-04-28 07:54 . 2010-04-29 11:19 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-28 07:54 . 2010-04-29 20:11 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 07:54 . 2010-04-29 11:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:34 . 2010-05-12 19:16 -------- dc----w- c:\users\Lewis\AppData\Roaming\881C5D5D406B957D4BF6DD90B42CCB8A
2010-04-23 15:21 . 2010-04-23 15:23 24805112 -c--a-w- c:\programdata\Birdstep Technology\EasyConnect\Update\3Connect_Flasher_Huawei.exe
2010-04-16 09:54 . 2010-04-16 09:54 -------- dc----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-14 06:29 . 2010-02-18 14:07 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-14 06:29 . 2010-02-18 13:30 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 06:29 . 2010-02-18 11:28 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-14 06:29 . 2010-02-23 11:10 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 06:29 . 2010-02-23 11:10 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 06:29 . 2010-02-23 11:10 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 06:29 . 2010-02-18 14:07 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 06:29 . 2010-02-18 14:07 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 06:29 . 2010-03-05 14:01 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-04-14 06:23 . 2009-12-23 11:33 172032 -c--a-w- c:\windows\system32\wintrust.dll
2010-04-14 06:23 . 2010-01-13 17:34 98304 -c--a-w- c:\windows\system32\cabview.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 13:25 . 2009-08-11 15:55 -------- dc----w- c:\users\Lewis\AppData\Roaming\WTablet
2010-05-13 09:16 . 2009-09-09 10:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\Spotify
2010-05-12 19:58 . 2009-08-27 20:34 -------- dc----w- c:\programdata\Rosetta Stone
2010-05-12 19:23 . 2009-08-27 22:14 116240 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-05-12 19:16 . 2009-08-18 14:40 -------- dc----w- c:\programdata\HP Product Assistant
2010-05-08 16:11 . 2008-10-06 08:22 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-05-08 16:11 . 2009-06-26 13:15 -------- dc----w- c:\program files\VSTplugins
2010-05-08 16:08 . 2009-01-23 17:15 -------- dc----w- c:\program files\Common Files\Adobe
2010-05-04 21:32 . 2009-01-24 14:13 -------- dc----w- c:\users\Lewis\AppData\Roaming\BitTorrent
2010-05-03 20:22 . 2009-01-23 17:35 1356 -c--a-w- c:\users\Lewis\AppData\Local\d3d9caps.dat
2010-05-02 10:02 . 2009-10-26 17:46 139924 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-04-30 17:28 . 2009-01-31 16:18 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-29 12:23 . 2009-01-23 20:18 -------- dc----w- c:\program files\Common Files\Apple
2010-04-29 12:18 . 2009-01-23 20:20 -------- dc----w- c:\program files\Bonjour
2010-04-29 11:37 . 2008-10-06 08:48 -------- dc----w- c:\programdata\WildTangent
2010-04-29 11:20 . 2009-07-07 16:37 -------- dc----w- c:\users\Lewis\AppData\Roaming\InstallShield
2010-04-29 11:12 . 2009-02-14 13:13 10848 -c--a-w- c:\users\Lewis\AppData\Roaming\wklnhst.dat
2010-04-18 18:28 . 2009-01-23 20:21 -------- dc----w- c:\users\Lewis\AppData\Roaming\Apple Computer
2010-04-17 14:30 . 2009-02-16 15:29 256 -c--a-w- c:\windows\system32\pool.bin
2010-04-16 09:51 . 2009-06-05 00:02 -------- dc----w- c:\program files\QuickTime
2010-04-15 06:34 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2010-04-15 06:21 . 2009-01-23 18:07 -------- dc----w- c:\programdata\Microsoft Help
2010-04-11 09:34 . 2009-02-08 19:30 -------- dc----w- c:\users\Lewis\AppData\Roaming\LimeWire
2010-04-08 12:20 . 2010-04-08 12:20 91424 -c--a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 -c--a-w- c:\windows\system32\dns-sd.exe
2010-04-07 18:23 . 2009-01-24 19:56 -------- dc----w- c:\programdata\FLEXnet
2010-04-07 18:22 . 2010-04-07 18:22 -------- dc----w- c:\program files\Rosetta Stone
2010-04-07 18:22 . 2010-04-07 18:21 -------- dc----w- c:\programdata\RosettaStoneLtdBackup
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\users\Lewis\AppData\Roaming\Malwarebytes
2010-03-23 10:29 . 2010-03-23 10:29 -------- dc----w- c:\programdata\Malwarebytes
2010-02-25 11:32 . 2010-02-25 11:32 56 -c-ha-w- c:\windows\system32\ezsidmv.dat
2010-02-24 09:16 . 2009-10-03 09:35 181632 -c----w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 08:52 916480 -c--a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 08:52 109056 -c--a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 08:52 71680 -c--a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 08:52 133632 -c--a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-12 08:17 24064 -c--a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-12 08:17 30720 -c--a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-12 08:17 411648 -c--a-w- c:\windows\system32\drivers\http.sys
2010-02-18 11:17 . 2008-10-06 08:52 588472 -c--a-w- c:\windows\system32\ezsvc7x.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-06 17:07 . 2008-10-06 17:07 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 13:04 1664256 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-09-19 615696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-03-13 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c5,4f,94,5b,08,f2,ca,01
R2 BrowserRasAuto;Computer Browser BrowserRasAuto;c:\windows\system32\admparsek.exe [x]
R2 ehSchediphlpsvc;Windows Media Center Scheduler Service ehSchediphlpsvc;c:\windows\system32\Ahmbedk.exe [x]
R2 WUSB54GSVC;WUSB54GSVC;c:\program files\WUSB54G Wireless-G Adapter\WLService.exe WUSB54G.exe [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-01 691696]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-04-29 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-29 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-29 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-29 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-29 242896]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-04-29 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-29 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-29 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 2749736]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-04-29 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-04-29 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-04-29 27144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cndt
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Lewis\AppData\Roaming\Mozilla\Firefox\Profiles\jg50e0ld.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-AdobeBridge - (no file)
AddRemove-PC-Doctor for Windows - c:\program files\PC-Doctor for Windows\uninst.exe
AddRemove-RETAS!PRO STYLOS HD 2.1E DEMO - c:\program files\CELSYS\RETAS!PRO HD DEMO\STYLOS HD DEMO\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 14:39
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:9d,3a,06,d5,93,e6,c1,8c,ab,fb,ec,26,ef,e3,1c,b1,e9,e2,71,2b,c3,
c5,9e,78,94,a9,f5,45,87,70,e2,af,aa,e7,ab,09,13,05,cc,3a,c9,ff,d2,b9,ef,a9,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-13 14:42:01
ComboFix-quarantined-files.txt 2010-05-13 13:41
Pre-Run: 171,396,800,512 bytes free
Post-Run: 171,237,646,336 bytes free
- - End Of File - - DE269B65A6D6412197CFA808D9D0126E