--------------------------------------------------------------------------------
ComboFix 11-11-24.01 - Vinnievel 11/24/2011 13:40:47.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1023.257 [GMT -5:00]
Running from: c:\users\Vinnievel\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Vinnievel\AppData\Roaming\OpenCloud Security
c:\users\Vinnievel\AppData\Roaming\OpenCloud Security\OpenCloud Security.ico
c:\users\Vinnievel\AppData\Roaming\OpenCloud Security\wmf.cfg
c:\users\Vinnievel\Documents\~WRL0001.tmp
c:\users\Vinnievel\Documents\~WRL0002.tmp
c:\users\Vinnievel\Documents\~WRL0003.tmp
c:\users\Vinnievel\Documents\~WRL0004.tmp
c:\users\Vinnievel\Documents\~WRL0005.tmp
c:\users\Vinnievel\Documents\~WRL0006.tmp
c:\users\Vinnievel\Documents\~WRL0007.tmp
c:\users\Vinnievel\Documents\~WRL0008.tmp
c:\users\Vinnievel\Documents\~WRL0009.tmp
c:\users\Vinnievel\Documents\~WRL0010.tmp
c:\users\Vinnievel\Documents\~WRL0136.tmp
c:\users\Vinnievel\Documents\~WRL0250.tmp
c:\users\Vinnievel\Documents\~WRL0861.tmp
c:\users\Vinnievel\Documents\~WRL1018.tmp
c:\users\Vinnievel\Documents\~WRL1406.tmp
c:\users\Vinnievel\Documents\~WRL1548.tmp
c:\users\Vinnievel\Documents\~WRL1697.tmp
c:\users\Vinnievel\Documents\~WRL1892.tmp
c:\users\Vinnievel\Documents\~WRL1911.tmp
c:\users\Vinnievel\Documents\~WRL1938.tmp
c:\users\Vinnievel\Documents\~WRL2000.tmp
c:\users\Vinnievel\Documents\~WRL2156.tmp
c:\users\Vinnievel\Documents\~WRL2175.tmp
c:\users\Vinnievel\Documents\~WRL2350.tmp
c:\users\Vinnievel\Documents\~WRL2464.tmp
c:\users\Vinnievel\Documents\~WRL2585.tmp
c:\users\Vinnievel\Documents\~WRL2675.tmp
c:\users\Vinnievel\Documents\~WRL2699.tmp
c:\users\Vinnievel\Documents\~WRL2908.tmp
c:\users\Vinnievel\Documents\~WRL3096.tmp
c:\users\Vinnievel\Documents\~WRL3212.tmp
c:\users\Vinnievel\Documents\~WRL3378.tmp
c:\users\Vinnievel\Documents\~WRL3516.tmp
c:\users\Vinnievel\Documents\~WRL3742.tmp
c:\users\Vinnievel\Documents\~WRL3764.tmp
c:\users\Vinnievel\Documents\~WRL4073.tmp
c:\users\Vinnievel\GoToAssistDownloadHelper.exe
c:\windows\system32\service
c:\windows\system32\service\09102009_TIS17_SfFniAU .log
c:\windows\system32\service\19102009_TIS17_SfFniAU .log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-24 to 2011-11-24 )))))))))))))))))))))))))))))))
.
.
2011-11-24 18:57 . 2011-11-24 18:58 -------- d-----w- c:\users\Vinnievel\AppData\Local\temp
2011-11-24 18:57 . 2011-11-24 18:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-24 18:10 . 2011-11-24 18:10 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{748C3753-A768-4390-B06C-41E314C23BB1}\offreg.dll
2011-11-22 07:07 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{748C3753-A768-4390-B06C-41E314C23BB1}\mpengine.dll
2011-11-21 14:18 . 2011-11-21 14:18 388096 ----a-r- c:\users\Vinnievel\AppData\Roaming\Microsoft\Insta ller\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 14:18 . 2011-11-21 14:18 -------- d-----w- c:\program files\Trend Micro
2011-11-15 08:52 . 2011-11-15 08:52 -------- d-----w- c:\users\Vinnievel\AppData\Roaming\Malwarebytes
2011-11-15 08:51 . 2011-11-15 08:51 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 08:51 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 08:51 . 2011-11-15 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-11 02:31 . 2011-09-06 21:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-11 02:31 . 2011-09-06 21:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-11 02:31 . 2011-09-06 21:38 111320 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-11-11 02:29 . 2011-09-06 21:37 195416 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-11-11 02:29 . 2011-09-06 21:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-11 02:29 . 2011-09-06 21:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-11 02:29 . 2011-09-06 21:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-11 02:29 . 2011-09-06 21:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-11 02:28 . 2011-09-06 21:45 41184 ----a-w- c:\windows\avastSS.scr
2011-11-11 02:28 . 2011-09-06 21:10 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2011-11-11 02:28 . 2011-09-06 21:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-10 22:08 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 22:08 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-10 22:08 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-01 16:34 . 2011-11-06 15:23 -------- d-----w- c:\programdata\ArcaBit
2011-10-25 20:19 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-09-30 23:06 . 2011-10-12 05:14 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-12 05:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-12 05:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-12 05:14 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 23:01 . 2011-10-12 05:14 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 22:07 . 2011-10-12 05:14 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-12 05:14 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-12 05:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-06 13:30 . 2011-10-12 05:14 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 21:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-11-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"SunJavaUpdateReg"="c:\windows\system32\jureg. exe" [2007-04-07 54936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2007-12-18 90112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-05 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-12-05 81920]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.ex e [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 cpuz134;cpuz134;c:\users\VINNIE~1\AppData\Local\Te mp\cpuz134\cpuz134_x32.sys [x]
R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV 3.SYS [2006-11-02 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTB S23.SYS [2006-11-02 251904]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-09-06 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-09-06 54616]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2011-09-06 127192]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2011-08-31 22216]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-24 c:\windows\Tasks\User_Feed_Synchronization-{50DE2697-B028-451F-9231-A45B7D5F8F7D}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-KeyboardVerifierVerifier - c:\programdata\KeyboardVerifierVerifier.dll
HKLM-Run-ABREGMON - c:\program files\ArcaBit\ArcaVir\ABregmon.exe
.
.
.
************************************************** ************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-11-24 13:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-767366433-610941212-150165689-1000\¬ î**]
@Allowed: (Read) (RestrictedCode)
"MachineID"=hex:80,9a,af,d0,2a,7a,28,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-24 14:05:42
ComboFix-quarantined-files.txt 2011-11-24 19:05
.
Pre-Run: 232,880,283,648 bytes free
Post-Run: 233,142,558,720 bytes free
.
- - End Of File - - 4FFA216A5EF261D2A9F62BFC37C17D7B