WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


help

2 posters

descriptionhelp - Page 1 EmptyRe: help21st October 2009, 9:03 pm

more_horiz
I will do this right now...as an aside i have an external drive. should that be involved also?

descriptionhelp - Page 1 EmptyRe: help21st October 2009, 10:38 pm

more_horiz
Not at all. Just run ComboFix. Smile...

descriptionhelp - Page 1 EmptyRe: help22nd October 2009, 12:10 am

more_horiz
ComboFix 09-10-20.03 - ADMIN 10/21/2009 17:10.1.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1480 [GMT -4:00]
Running from: c:\users\Heather and Eddie\Desktop\commy.exe
Command switches used :: /stepdel
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1856941148-2225634861-2241160836-500
c:\$recycle.bin\S-1-5-21-3476589880-2846545486-3996084828-500
c:\windows\Installer\42a50.msi
c:\windows\system32\oem30.inf
c:\$recycle.bin\S-1-5-21-1856941148-2225634861-2241160836-500\desktop.ini
c:\$recycle.bin\S-1-5-21-3476589880-2846545486-3996084828-500\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 21:21 . 2009-10-21 21:24 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2009-10-21 21:21 . 2009-10-21 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-21 21:20 . 2009-10-21 21:20 -------- d-----w- c:\users\PADMAN\AppData\Local\temp
2009-10-21 21:20 . 2009-10-21 21:20 -------- d-----w- c:\users\heather\AppData\Local\temp
2009-10-21 10:07 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 10:07 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 10:07 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 10:07 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 10:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 10:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:06 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 10:06 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 03:34 . 2009-10-18 11:49 -------- d-----w- c:\users\Heather and Eddie\DoctorWeb
2009-10-17 22:44 . 2009-10-18 17:01 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-17 22:44 . 2009-10-18 17:01 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-17 22:43 . 2007-08-20 17:42 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-10-17 22:43 . 2007-08-20 17:42 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-10-17 22:43 . 2007-08-20 17:42 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-10-17 22:43 . 2007-08-20 17:42 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-17 22:43 . 2007-08-20 17:42 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-17 22:43 . 2007-08-20 17:42 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-17 22:43 . 2007-08-20 17:42 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-17 05:20 . 2009-10-17 05:20 -------- d-----w- c:\program files\Trend Micro
2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- C:\Rooter$
2009-10-17 05:10 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-17 05:10 . 2009-10-17 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 23:26 . 2009-10-16 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\{a393c4b5-0955-4a8b-afb4-ff66266c964c}
2009-10-16 22:40 . 2009-10-16 22:40 680 ----a-w- c:\users\ADMIN\AppData\Local\d3d9caps.dat
2009-10-16 22:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 22:03 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:03 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\ca-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\eu-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\vi-VN
2009-10-16 21:00 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- c:\windows\system32\EventProviders
2009-10-03 20:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 20:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 20:42 . 2009-10-03 20:42 -------- d-----w- c:\program files\iPod
2009-10-03 20:42 . 2009-10-03 20:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 20:14 . 2009-10-03 20:15 -------- d-----w- c:\program files\QuickTime
2009-10-03 05:58 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 21:00 . 2009-03-19 00:34 114540 ----a-w- c:\programdata\nvModes.dat
2009-10-20 20:52 . 2008-12-24 15:41 -------- d-----w- c:\programdata\Google Updater
2009-10-17 20:42 . 2008-07-11 11:50 -------- d-----w- c:\users\heather\AppData\Roaming\HP
2009-10-17 05:33 . 2008-11-29 18:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 04:20 . 2007-04-30 05:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-17 03:35 . 2007-12-23 19:04 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Hewlett-Packard
2009-10-17 03:29 . 2008-07-27 20:24 -------- d-----w- c:\program files\Winamp Remote
2009-10-17 00:19 . 2009-06-22 13:13 -------- d-----w- c:\users\PADMAN\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-21 20:35 -------- d-----w- c:\users\heather\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-17 00:18 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Memeo
2009-10-17 00:18 . 2008-09-19 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 22:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 21:38 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 21:35 . 2007-04-30 06:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-16 20:03 . 2007-12-21 05:44 -------- d-----w- c:\users\heather\AppData\Roaming\Hewlett-Packard
2009-10-03 22:00 . 2007-12-30 11:14 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Apple Computer
2009-10-03 20:43 . 2009-06-04 21:29 -------- d-----w- c:\program files\iTunes
2009-10-03 20:42 . 2007-12-30 10:50 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 09:29 . 2009-10-16 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 11:41 . 2009-10-16 21:01 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 06:54 . 2009-08-31 21:33 -------- d-----w- c:\programdata\NOS
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\NOS
2009-08-29 02:51 . 2009-05-30 15:38 97592 ----a-w- c:\users\PADMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 00:27 . 2009-09-02 22:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 01:55 . 2007-04-30 05:57 -------- d-----w- c:\programdata\Roxio
2009-08-27 23:15 . 2007-12-20 07:40 97592 ----a-w- c:\users\Heather and Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 21:01 . 2007-12-21 05:42 97592 ----a-w- c:\users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:53 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-27 20:48 . 2007-12-23 18:46 97592 ----a-w- c:\users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:47 . 2009-08-27 20:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 21:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 21:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 21:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-16 03:41 . 2008-11-16 03:41 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-17 230664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Heather and Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2008-9-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):63,92,ba,7c,a5,4e,ca,01

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/17/2009 1:10 AM 583640]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/17/2007 1:10 AM 189704]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/16/2008 5:10 PM 21504]
S3 ndsdatamax;ndsdatamax;c:\windows\System32\drivers\ndsdatamax.sys [5/12/2008 6:37 PM 29184]
S3 TucbDriverV32;TucbDriverV32;c:\windows\System32\drivers\TucbDriverV32.sys [5/11/2008 5:07 PM 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\System32\drivers\TucbVideo32.sys [5/11/2008 5:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as ADMIN at 6 42 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 05:10]

2009-10-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 03:02]

2009-10-17 c:\windows\Tasks\HPCeeScheduleForADMIN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\HPCeeScheduleForHeather and Eddie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-03 c:\windows\Tasks\HPCeeScheduleForheather.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForPADMAN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{2A13004B-6FE0-4817-BB79-9A466D703659}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{756F0A98-2880-4030-99A6-47135E7B52EE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 17:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-10-21 17:26
ComboFix-quarantined-files.txt 2009-10-21 21:26

Pre-Run: 19,797,499,904 bytes free
Post-Run: 24,302,723,072 bytes free

- - End Of File - - 0BAFDEB2E675CCF8B388879794225AA6





32 Bit HP CIO Components Installer
6300
6300_Help
6300Trb
Action Replay Code Manager
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.5
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CoffeeCup Free Zip Wizard
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink MediaShow
Data Lifeguard Diagnostic for Windows
Destinations
DeviceManagementQFolder
Disney Pirates of the Caribbean Online
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Fax
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Detection
HP Quick Launch Buttons 6.20 D3
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
InstallMgr
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
KB408682
LightScribe System Software 1.10.19.1
m:trip
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSCU for Microsoft Vista
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PartyPoker
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Recover My Files
Registry Mechanic 9.0
Rhapsody
Rhapsody Player Engine
Rio Internet Update
Rio Music Manager
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TWC Customer Controls
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vongo
WebReg
Winamp
Winamp Remote
Wizard101

descriptionhelp - Page 1 EmptyRe: help22nd October 2009, 12:45 am

more_horiz
help - Page 1 Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionhelp - Page 1 EmptyRe: help22nd October 2009, 3:13 am

more_horiz
my antivirus is running in the background and picking up viruses is that ok or should i shut it down?

descriptionhelp - Page 1 EmptyRe: help22nd October 2009, 2:46 pm

more_horiz
I just need a malwarebytes logs. The antivirus is fine.

descriptionhelp - Page 1 EmptyRe: help23rd October 2009, 2:17 am

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 3008
Windows 6.0.6002 Service Pack 2

10/22/2009 5:33:32 AM
mbam-log-2009-10-22 (05-33-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 365427
Time elapsed: 3 hour(s), 35 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionhelp - Page 1 EmptyRe: help23rd October 2009, 4:30 am

more_horiz
Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

descriptionhelp - Page 1 EmptyRe: help24th October 2009, 4:38 pm

more_horiz
it keeps attempting to delete my antivirus and it cannot. i attempted to manually delete it and it would not let me

descriptionhelp - Page 1 EmptyRe: help24th October 2009, 4:52 pm

more_horiz
Every time it reboots I get a window intaller that says the feature you are trying to use is on a network resource that is unavailable. the source is listed below



C:\Users\Heather and Eddie\AppData\Local\Temp\{A4C0BD9F-384A-4277-B77C-579FCCF19D36}

descriptionhelp - Page 1 EmptyRe: help24th October 2009, 8:59 pm

more_horiz
Let's take care of that...

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    C:\Users\Heather and Eddie\AppData\Local\Temp\{A4C0BD9F-384A-4277-B77C-579FCCF19D36}
  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    help - Page 1 2v3rg44

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

descriptionhelp - Page 1 EmptyRe: help24th October 2009, 10:05 pm

more_horiz
ComboFix 09-10-23.01 - ADMIN 10/24/2009 17:46.3.2 - NTFSx86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1550 [GMT -4:00]
Running from: c:\users\Heather and Eddie\Desktop\commy.exe
Command switches used :: c:\users\Heather and Eddie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\PADMAN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\heather\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-23 05:29 . 2009-10-24 16:47 -------- d-----w- c:\programdata\fssg
2009-10-23 05:28 . 2009-10-23 05:28 -------- d-----w- c:\programdata\f-secure
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\programdata\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 10:07 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 10:07 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 10:07 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 10:07 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 10:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 10:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:06 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 10:06 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 03:34 . 2009-10-18 11:49 -------- d-----w- c:\users\Heather and Eddie\DoctorWeb
2009-10-17 05:20 . 2009-10-17 05:20 -------- d-----w- c:\program files\Trend Micro
2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- C:\Rooter$
2009-10-17 05:10 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-17 05:10 . 2009-10-17 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 23:26 . 2009-10-16 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\{a393c4b5-0955-4a8b-afb4-ff66266c964c}
2009-10-16 22:40 . 2009-10-16 22:40 680 ----a-w- c:\users\ADMIN\AppData\Local\d3d9caps.dat
2009-10-16 22:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 22:03 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:03 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\ca-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\eu-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\vi-VN
2009-10-16 21:00 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- c:\windows\system32\EventProviders
2009-10-03 20:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 20:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 20:42 . 2009-10-03 20:42 -------- d-----w- c:\program files\iPod
2009-10-03 20:42 . 2009-10-03 20:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 20:14 . 2009-10-03 20:15 -------- d-----w- c:\program files\QuickTime
2009-10-03 05:58 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 21:37 . 2009-03-19 00:34 114540 ----a-w- c:\programdata\nvModes.dat
2009-10-24 18:21 . 2009-07-31 01:57 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Mozilla-Cache
2009-10-24 16:31 . 2007-12-20 18:58 -------- d-----w- c:\program files\CA
2009-10-23 23:55 . 2008-12-24 15:41 -------- d-----w- c:\programdata\Google Updater
2009-10-17 20:42 . 2008-07-11 11:50 -------- d-----w- c:\users\heather\AppData\Roaming\HP
2009-10-17 05:33 . 2008-11-29 18:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 04:20 . 2007-04-30 05:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-17 03:35 . 2007-12-23 19:04 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Hewlett-Packard
2009-10-17 03:29 . 2008-07-27 20:24 -------- d-----w- c:\program files\Winamp Remote
2009-10-17 00:19 . 2009-06-22 13:13 -------- d-----w- c:\users\PADMAN\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-21 20:35 -------- d-----w- c:\users\heather\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-17 00:18 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Memeo
2009-10-17 00:18 . 2008-09-19 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 22:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 21:38 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 21:35 . 2007-04-30 06:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-16 20:03 . 2007-12-21 05:44 -------- d-----w- c:\users\heather\AppData\Roaming\Hewlett-Packard
2009-10-03 22:00 . 2007-12-30 11:14 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Apple Computer
2009-10-03 20:43 . 2009-06-04 21:29 -------- d-----w- c:\program files\iTunes
2009-10-03 20:42 . 2007-12-30 10:50 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 09:29 . 2009-10-16 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 11:41 . 2009-10-16 21:01 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 06:54 . 2009-08-31 21:33 -------- d-----w- c:\programdata\NOS
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\NOS
2009-08-29 02:51 . 2009-05-30 15:38 97592 ----a-w- c:\users\PADMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 00:27 . 2009-09-02 22:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 01:55 . 2007-04-30 05:57 -------- d-----w- c:\programdata\Roxio
2009-08-27 23:15 . 2007-12-20 07:40 97592 ----a-w- c:\users\Heather and Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 21:01 . 2007-12-21 05:42 97592 ----a-w- c:\users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:53 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-27 20:48 . 2007-12-23 18:46 97592 ----a-w- c:\users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:47 . 2009-08-27 20:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 21:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 21:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 21:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-16 03:41 . 2008-11-16 03:41 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-21_21.24.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-30 05:46 . 2009-10-24 21:39 57274 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-24 21:39 61298 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-20 07:34 . 2009-10-24 21:39 10382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856941148-2225634861-2241160836-1000_UserData.bin
+ 2009-10-24 16:53 . 2009-10-24 16:53 79424 c:\windows\System32\vetredir.dll
- 2009-10-17 22:43 . 2007-08-20 17:42 79424 c:\windows\System32\vetredir.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 11280 c:\windows\System32\vetntmsg.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 75280 c:\windows\System32\isafprod.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 99904 c:\windows\System32\isafeif.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 32528 c:\windows\System32\drivers\vetmonnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21648 c:\windows\System32\drivers\vetfddnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21392 c:\windows\System32\drivers\vet-rec.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 26640 c:\windows\System32\drivers\vet-filt.sys
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 79376 c:\windows\System32\caavresource.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 95496 c:\windows\System32\avshlext.dll
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 8720 c:\windows\System32\caavproduct.dll
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 233472 c:\windows\System32\vetmsg.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 120072 c:\windows\System32\unvet32.exe
+ 2006-11-02 10:33 . 2009-10-24 21:43 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-24 21:43 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 101350 c:\windows\System32\perfc009.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 218688 c:\windows\System32\isafserv.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 108096 c:\windows\System32\isafinst.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 144960 c:\windows\System32\isafe.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 222472 c:\windows\System32\driverif.dll
+ 2009-08-27 20:46 . 2009-10-24 17:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-27 20:46 . 2009-10-17 00:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 230664 c:\windows\System32\cavrid.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 365832 c:\windows\System32\cavrep.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 214256 c:\windows\System32\caavscan.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 321040 c:\windows\System32\caavimages.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 222448 c:\windows\System32\caavguiscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 152816 c:\windows\System32\caavcmdscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 360448 c:\windows\System32\caav.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 337192 c:\windows\System32\arclib.dll
+ 2009-10-23 05:29 . 2009-10-23 05:29 135680 c:\windows\Installer\60bcf25.msi
- 2007-12-20 17:40 . 2009-10-21 20:51 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-12-20 17:40 . 2009-10-24 21:35 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Heather and Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2008-9-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):63,92,ba,7c,a5,4e,ca,01

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/17/2009 1:10 AM 583640]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/16/2008 5:10 PM 21504]
S3 ndsdatamax;ndsdatamax;c:\windows\System32\drivers\ndsdatamax.sys [5/12/2008 6:37 PM 29184]
S3 TucbDriverV32;TucbDriverV32;c:\windows\System32\drivers\TucbDriverV32.sys [5/11/2008 5:07 PM 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\System32\drivers\TucbVideo32.sys [5/11/2008 5:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 03:02]

2009-10-17 c:\windows\Tasks\HPCeeScheduleForADMIN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\HPCeeScheduleForHeather and Eddie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-03 c:\windows\Tasks\HPCeeScheduleForheather.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForPADMAN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{2A13004B-6FE0-4817-BB79-9A466D703659}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{756F0A98-2880-4030-99A6-47135E7B52EE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 17:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-10-24 18:01
ComboFix-quarantined-files.txt 2009-10-24 22:01
ComboFix2.txt 2009-10-24 21:29
ComboFix3.txt 2009-10-21 21:30

Pre-Run: 21,131,862,016 bytes free
Post-Run: 21,094,494,208 bytes free

- - End Of File - - 6F730CA1F5C85C4A07E01C07B91D1EC2

descriptionhelp - Page 1 EmptyRe: help24th October 2009, 11:47 pm

more_horiz
help - Page 1 Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionhelp - Page 1 EmptyRe: help25th October 2009, 2:43 pm

more_horiz
Malwarebytes' Anti-Malware 1.41
Database version: 3028
Windows 6.0.6002 Service Pack 2

10/25/2009 10:43:25 AM
mbam-log-2009-10-25 (10-43-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 364320
Time elapsed: 1 hour(s), 27 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionhelp - Page 1 EmptyRe: help25th October 2009, 4:04 pm

more_horiz
In order to get to internet explorer, I need to run as an administrator. I get the following message if I try to go online as a non adminstrator


illegal operation attempted on a registry key that has been marked for deletion

descriptionhelp - Page 1 EmptyRe: help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum