No, i'm not using any USB. Yes, the application is on the desktop.
I've deleted ComboFix and downloaded it again, saved it on the desktop and run it.
Here's the log:
ComboFix 11-11-13.03 - Owner 11/13/2011 17:18:49.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1121 [GMT -8:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
c:\windows\system32\shimg.dll
c:\windows\system32\spsys.log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-14 02:02 . 2011-11-14 02:05 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-11-14 02:02 . 2011-11-14 02:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-11-14 02:02 . 2011-11-14 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-14 00:38 . 2011-11-14 00:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA0FCA8-8D76-451C-836A-C0EE47807A01}\offreg.dll
2011-11-12 21:25 . 2011-11-12 21:25 -------- d-----w- c:\programdata\ErrorEND
2011-11-12 21:25 . 2011-11-12 21:25 -------- d-----w- c:\program files\ErrorEND
2011-11-12 19:32 . 2011-11-12 19:32 140760 ----a-w- c:\windows\system32\WRusr.dll
2011-11-12 19:32 . 2011-11-12 19:32 106312 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2011-11-12 19:28 . 2011-11-14 00:42 -------- d-----w- c:\programdata\WRData
2011-11-12 18:26 . 2011-11-12 18:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Webroot
2011-11-12 18:26 . 2011-11-12 19:32 -------- d-----w- c:\program files\Webroot
2011-11-12 18:26 . 2011-11-12 18:26 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot
2011-11-12 18:26 . 2009-11-06 23:19 1563008 ----a-w- c:\windows\WRSetup.dll
2011-11-11 21:27 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4BA0FCA8-8D76-451C-836A-C0EE47807A01}\mpengine.dll
2011-11-10 08:25 . 2011-11-10 08:25 -------- d-----w- C:\found.000
2011-11-10 01:58 . 2011-11-10 01:58 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\McAfee
2011-11-09 09:05 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-11-09 09:05 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-09 07:43 . 2011-11-09 07:43 -------- d-----w- c:\windows\system32\SPReview
2011-11-09 04:40 . 2011-11-09 04:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
2011-11-09 04:24 . 2011-11-09 04:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2011-11-08 20:57 . 2011-11-08 20:57 -------- d-----w- c:\windows\system32\EventProviders
2011-10-23 17:13 . 2011-10-23 17:13 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\programdata\Malwarebytes
2011-10-22 21:43 . 2011-10-22 21:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-22 21:43 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-22 16:37 . 2011-10-22 16:37 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 02:16 . 2011-10-04 03:01 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-12-17 13:57 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-09-20 253952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-12 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2007-09-01 4669440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NVC"="c:\program files\Nortel\Nortel VPN Client\Nvc.exe" [2010-03-01 1717600]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-30 16200]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2011-11-12 605272]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-11-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
VPN Client.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 03:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2528014064-590018410-3601204245-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2008-08-03 835208]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2011-11-12 605272]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 135664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-09-01 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-11 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2011-11-12 106312]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-09-20 204800]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-03-01 628072]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys [2010-03-01 68688]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys [2010-03-01 40016]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-12 c:\windows\Tasks\ErrorEND.job
- c:\program files\ErrorEND\ErrorEND.exe [2011-03-09 12:23]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 05:16]
.
2011-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2528014064-590018410-3601204245-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-31 08:07]
.
2011-11-14 c:\windows\Tasks\User_Feed_Synchronization-{3B6E8EFF-32D9-45EC-A183-6F51D35F4E4A}.job
- c:\windows\system32\msfeedssync.exe [2011-07-28 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.sg.globalsources.com:3333
uInternet Settings,ProxyOverride = globalsources.com;www2.variety.com;*.local;<local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
Trusted Zone: d-addicts.com
Trusted Zone: d-addicts.net
Trusted Zone: globalsources.com\bugzero
Trusted Zone: globalsources.com\exchange
Trusted Zone: globalsources.com\merlion
Trusted Zone: globalsources.com\www
Trusted Zone: google.com\mail
Trusted Zone: variety.com\www
Trusted Zone: variety.com\www2
Trusted Zone: youtube.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8F0D53FB-9794-4FCC-A3D7-BDE95685A1FF}: NameServer = 10.35.28.28,10.71.20.53
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\d7hqvm9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1750559&SearchSource=13
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-11-13 18:03
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-13 18:22:51
ComboFix-quarantined-files.txt 2011-11-14 02:22
ComboFix2.txt 2011-11-05 17:18
ComboFix3.txt 2011-11-04 05:19
.
Pre-Run: 45,018,853,376 bytes free
Post-Run: 45,416,165,376 bytes free
.
- - End Of File - - 0D65886D81BD2FE5BCBD32A43E2B9FE9
Edited by maezhou, 13 November 2011 - 08:26 PM.