combofix log
Hope these help. Awaiting further instructions, Thanks you for your help, it is greatly appreciated.
John
ComboFix 10-08-11.05 - kameron 08/12/2010 6:57.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1421 [GMT -6:00]
Running from: c:\users\kameron\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-07-12 to 2010-08-12 )))))))))))))))))))))))))))))))
.
2010-08-12 13:05 . 2010-08-12 13:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 12:56 . 2010-08-12 12:56 -------- d-----w- C:\32788R22FWJFW
2010-08-12 12:46 . 2010-08-12 13:05 -------- d-----w- c:\users\kameron\AppData\Local\temp
2010-08-11 13:15 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-11 13:15 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-11 13:15 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-11 13:15 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-11 13:15 . 2010-04-14 16:31 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-08-11 13:15 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-08-11 13:15 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-11 13:15 . 2010-08-11 13:15 -------- d-----w- c:\programdata\Alwil Software
2010-08-11 13:15 . 2010-08-11 13:15 -------- d-----w- c:\program files\Alwil Software
2010-08-07 14:46 . 2010-08-07 14:46 139624 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-19 19:59 . 2010-07-19 19:59 -------- d-----w- c:\windows\CheckSur
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 12:46 . 2009-10-02 23:36 -------- d-----w- c:\program files\PlaySushi
2010-08-12 02:12 . 2010-01-06 23:05 680 ----a-w- c:\users\kameron\AppData\Local\d3d9caps.dat
2010-08-11 14:06 . 2009-03-07 23:40 -------- d-----w- c:\programdata\pdf995
2010-08-11 03:38 . 2008-03-01 18:53 -------- d-----w- c:\program files\iWin
2010-08-11 03:30 . 2008-01-08 03:47 1366 ----a-w- c:\users\kameron\AppData\Roaming\wklnhst.dat
2010-07-16 15:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-12 15:35 . 2008-03-14 22:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-12 02:54 . 2010-07-12 02:54 -------- d-----w- c:\program files\Common Files\PC Tools
2010-07-12 02:23 . 2007-10-31 06:04 -------- d-----w- c:\program files\Microsoft Works
2010-07-12 02:07 . 2010-07-12 02:07 -------- d-----w- c:\program files\Microsoft.NET
2010-07-12 01:26 . 2010-07-12 01:26 -------- d-----w- c:\program files\Windows Portable Devices
2010-07-12 01:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-07-12 01:26 . 2010-07-12 01:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-12 01:25 . 2010-07-12 01:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-12 00:55 . 2009-12-19 15:39 -------- d-----w- c:\program files\Conquer 2.0
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-07-12 00:28 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-07-11 06:04 . 2009-03-07 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-26 17:06 . 2010-07-11 06:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-07-11 06:37 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 20:14 . 2009-10-02 20:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2006-11-02 12:50 . 2006-11-02 12:50 174 --sha-w- c:\program files\desktop(277).ini
2007-10-31 13:21 . 2007-10-31 13:11 8192 --sha-w- c:\windows\Users\Default\NTUSER(896).DAT
2007-10-31 13:21 . 2007-10-31 13:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-30 03:55 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-30 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2007-08-29 1347584]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2010-04-08 292824]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-21 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-04-08 104408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
c:\users\kameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
desktop(585).ini [2007-12-3 174]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
desktop(504).ini [2006-11-2 174]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-30 50688]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-30 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):6d,25,e0,17,5a,21,cb,01
R1 aswSP;aswSP; [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-04-14 51792]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PXHELP20
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-11 06:13]
2009-12-16 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-12-14 21:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://kingsisle.hs.llnwd.net/e1/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-RunOnce-<NO NAME> - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-08-12 07:06
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-12 07:09:09
ComboFix-quarantined-files.txt 2010-08-12 13:08
Pre-Run: 23,591,489,536 bytes free
Post-Run: 23,367,536,640 bytes free
- - End Of File - - 599FBC04D9A98B03E9B12A914C0355B9