ComboFix 12-08-17.03 - Sean 08/18/2012   9:58.5.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3325.1983 [GMT -7:00]
Running from: c:\users\Sean\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-07-18 to 2012-08-18  )))))))))))))))))))))))))))))))
.
.
2012-08-18 17:08 . 2012-08-18 17:08	--------	d-----w-	c:\users\QBDataServiceUser19\AppData\Local\temp
2012-08-18 17:08 . 2012-08-18 17:08	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-08-17 00:51 . 2012-08-17 00:51	159744	----a-w-	c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-08-17 00:51 . 2012-08-17 00:51	--------	d-----w-	c:\program files\QuickTime
2012-08-17 00:51 . 2012-08-17 00:51	--------	d-----w-	c:\programdata\Apple Computer
2012-08-12 22:15 . 2012-08-12 22:15	--------	d-----w-	c:\programdata\WindowsSearch
2012-08-12 22:13 . 2012-07-03 16:21	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 22:13 . 2012-07-03 16:21	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-12 22:13 . 2012-07-03 16:21	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-08-12 22:13 . 2012-07-03 16:21	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-12 22:13 . 2012-07-03 16:21	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-12 22:12 . 2012-07-03 16:21	57656	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 22:11 . 2012-07-03 16:21	41224	----a-w-	c:\windows\avastSS.scr
2012-08-12 22:11 . 2012-07-03 16:21	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-08-12 22:11 . 2012-08-12 22:11	--------	d-----w-	c:\programdata\AVAST Software
2012-08-12 22:11 . 2012-08-12 22:11	--------	d-----w-	c:\program files\AVAST Software
2012-08-09 21:15 . 2012-08-18 17:09	--------	d-----w-	c:\users\Sean\AppData\Local\temp
2012-08-09 19:00 . 2012-08-16 22:26	--------	d-----w-	c:\users\Sean\AppData\Roaming\QuickScan
2012-08-09 18:58 . 2012-08-09 18:58	--------	d-----w-	c:\program files\ESET
2012-08-06 18:27 . 2012-07-16 09:41	6891424	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{141459E4-D7A2-4B86-A067-35D3B61CB2F3}\mpengine.dll
2012-08-05 16:24 . 2012-08-05 16:24	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-08-05 16:24 . 2012-07-03 20:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-03 16:52 . 2012-08-03 16:52	--------	d-----w-	C:\_OTL
2012-08-02 17:54 . 2012-08-02 17:54	--------	d-----w-	c:\program files\DLLSuite
2012-08-02 16:32 . 2012-08-02 16:32	2881	----a-w-	C:\Sharedaccess.reg
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 19:25 . 2009-10-03 08:48	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-13 68856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-11 4452352]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-03 1862144]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-10-28 1085704]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2010-10-01 299008]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-04-06 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-04-13 79112]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-28 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-28 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-28 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe [2008-6-12 36864]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2008-6-12 24576]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-3 50688]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-12-10 984352]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2008-6-12 1769472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 19:59]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 17:34]
.
2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-04 17:34]
.
2012-08-18 c:\windows\Tasks\TradeStation Backup - Weekly.job
- c:\program files\TradeStation 8.6 (Build 2696)\Program\TSBackupRestore.exe [2009-10-12 08:06]
.
.
------- Supplementary Scan -------
.
uStart Page = file:///C:/Proj/dbtraderlinks/index.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: ameritrade.com\wwws
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {0FB028C2-2704-40F6-A983-2A2405027A19} - hxxps://epresent.sungard.com/ws/dropslot.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-xulnw - c:\users\Sean\AppData\Roaming\Microsoft\Jreii\jreii.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-18 10:09
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,8d,2c,57,3f,5f,45,49,a9,85,cb,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a0,8d,2c,57,3f,5f,45,49,a9,85,cb,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-18  10:13:43
ComboFix-quarantined-files.txt  2012-08-18 17:13
ComboFix2.txt  2012-08-09 21:15
ComboFix3.txt  2012-08-08 18:36
ComboFix4.txt  2012-08-08 07:16
ComboFix5.txt  2012-08-18 16:55
.
Pre-Run: 88,659,300,352 bytes free
Post-Run: 88,739,622,912 bytes free
.
- - End Of File - - 2BAF72682B2AD3E18F8B55A63CA27C7A