Combo fix log:
ComboFix 12-10-10.02 - Owner 10/10/2012 18:04:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1594 [GMT -5:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 23:15 . 2012-10-10 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 08:25 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll
2012-10-10 08:25 . 2012-02-29 15:11 172032 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 08:25 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll
2012-10-10 08:25 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-10-10 08:17 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-10-10 08:06 . 2012-10-10 08:06 -------- d-----w- c:\program files\Common Files\Skype
2012-10-09 22:10 . 2012-08-07 21:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5092A630-2BAE-4909-AD2A-B67C3F0B9089}\gapaengine.dll
2012-10-09 22:09 . 2012-09-19 05:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C44A2A5E-85FE-4414-BEEA-2D014B3E2F9D}\mpengine.dll
2012-10-09 22:07 . 2012-10-09 22:07 -------- d-----w- c:\program files\VS Revo Group
2012-10-09 21:56 . 2012-10-09 21:57 -------- d-----w- c:\program files\Microsoft Security Client
2012-10-09 21:55 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-10-09 21:10 . 2012-10-09 21:10 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-10-09 17:49 . 2012-10-09 17:49 -------- d-----w- C:\_OTL
2012-10-09 13:52 . 2012-09-19 05:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53767A2C-A6A7-4ADD-88C7-56414A7E8C22}\mpengine.dll
2012-10-09 13:48 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-10-09 13:48 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-10-09 13:48 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-09 13:48 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-09 12:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-10-09 12:39 . 2012-03-20 23:28 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-09 12:35 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-10-09 12:15 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-09 12:15 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-10-09 12:15 . 2012-02-01 15:11 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-10-09 12:15 . 2012-02-01 15:10 983040 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-10-09 12:15 . 2012-02-01 15:10 964608 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-10-09 12:15 . 2012-02-01 15:10 1404928 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll
2012-10-09 12:15 . 2012-02-01 15:10 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-09 12:15 . 2012-02-01 13:58 47104 ----a-w- c:\program files\Windows Journal\PDIALOG.exe
2012-10-09 12:12 . 2012-03-01 14:46 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-10-09 12:12 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-10-09 12:12 . 2012-03-01 14:46 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-10-09 12:12 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-10-09 12:12 . 2012-02-29 13:44 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-10-09 12:06 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-10-09 12:06 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-10-09 12:05 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-09 12:05 . 2012-04-03 08:16 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-09 12:05 . 2012-04-03 08:16 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 12:05 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-10-09 12:05 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
2012-10-09 12:05 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-10-09 10:59 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-09 10:59 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-10-09 10:59 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-10-09 10:59 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-09 10:58 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-10-09 10:58 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-10-09 10:58 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-10-09 10:58 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-09 10:58 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-10-09 00:08 . 2012-10-09 00:08 -------- d-----w- c:\program files\Common Files\Western Digital
2012-10-09 00:04 . 2012-10-09 00:08 -------- d-----w- c:\program files\Western Digital
2012-10-08 23:22 . 2012-10-09 00:06 -------- d-----w- c:\programdata\Western Digital
2012-10-08 23:22 . 2012-10-09 00:07 -------- d-----w- c:\users\Owner\AppData\Local\Western Digital
2012-10-07 22:15 . 2012-10-10 10:49 -------- d-----r- c:\users\Owner\Dropbox
2012-10-07 22:11 . 2012-10-07 22:11 -------- d-----w- c:\program files\Dropbox
2012-10-07 22:02 . 2012-10-10 22:40 -------- d-----w- c:\users\Owner\AppData\Roaming\Dropbox
2012-10-04 22:04 . 2012-10-04 22:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-04 22:04 . 2012-09-07 22:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 11:36 . 2012-10-09 01:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-28 11:36 . 2012-10-04 21:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-27 16:48 . 2012-09-28 11:27 -------- d-----w- c:\programdata\AVAST Software
2012-09-26 15:15 . 2012-09-26 15:15 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2012-09-26 15:15 . 2012-10-04 22:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-26 15:15 . 2012-09-26 15:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-12 18:22 . 2012-09-12 18:22 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-09-12 18:20 . 2012-09-12 18:20 -------- d-----w- c:\programdata\Malwarebytes
2012-09-12 17:30 . 2012-09-12 17:31 -------- d-----w- c:\programdata\HitmanPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-31 03:03 . 2012-08-31 03:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-31 03:03 . 2012-08-31 03:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-10-09 21:10 . 2012-03-05 11:50 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4219427b-0228-4356-a78b-eb7668d37d07}"= "c:\program files\InboxDollars\Helper.dll" [2012-07-11 360960]
.
[HKEY_CLASSES_ROOT\clsid\{4219427b-0228-4356-a78b-eb7668d37d07}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8EF4D7EF-810E-4629-A9C9-F92FD201FE1A}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4}]
2012-07-11 23:46 1624576 ----a-w- c:\program files\InboxDollars\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2012-07-11 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{47980628-3844-42AA-A0DD-E2D86BBA9600}"= "c:\program files\InboxDollars\Toolbar.dll" [2012-07-11 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{47980628-3844-42aa-a0dd-e2d86bba9600}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{5DB5671F-D35B-419E-A124-0653A57FBCA1}]
[HKEY_CLASSES_ROOT\FCTB000062133.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-04 4763008]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"MobiLink3"="c:\program files\Novatel Wireless\Virgin Mobile\MobiLink3.exe" [2009-08-27 902144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"SigmatelSysTrayApp"="sttray.exe" [2007-07-27 405504]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2003-08-18 53248]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-22 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll,
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 17:04]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-17 17:04]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp32&d=0808&m=t-6330u
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\t2o521ok.default-1349807635457\
.
.
------- File Associations -------
.
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-10-10 18:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4572)
c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2012-10-10 18:17:22
ComboFix-quarantined-files.txt 2012-10-10 23:17
.
Pre-Run: 133,032,820,736 bytes free
Post-Run: 133,030,465,536 bytes free
.
- - End Of File - - 89831E8B315B978B0E03690C11109F28
The computer is running well. I had a different desktop background (trees) and my icons are rearranged from where I had them. FF is working well with no redirects and the google box is still working.