YAYYYY...I'm on my laptop now.
I had to restart the computer and start the program right away to trick the virus or else it would've shut the install down and say it's infected. Here's the log: (does it give away any incriminating evidence?...hope not). Thanks for the help.
ComboFix 09-12-29.06 - Tiffany Stephens 12/30/2009 19:31:44.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1202 [GMT -7:00]
Running from: c:\documents and settings\Tiffany Stephens\Desktop\commy.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 1
/wow section - STAGE 2
/wow section - STAGE 3
PEV Error: DesktopFile
PEV Error: DesktopFolder
PEV Error: FavFile
PEV Error: LocalAppDataFile
PEV Error: LocalAppDataFolder
PEV Error: LocalSettingsFile
PEV Error: MenuFile
PEV Error: MenuFolder
PEV Error: PersonalFile
PEV Error: ProgramsFile
PEV Error: ProgramsFolder
PEV Error: StartUpFile
PEV Error: TemplatesFile
PEV Error: TemplatesFolder
PEV Error: UserFile
PEV Error: UserFolder
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\vmayrh
c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\vmayrh\ofuhsysguard.exe
c:\windows\system32\xtemp1.exe
c:\windows\system32\xtemp2.exe
c:\windows\Temp\log.txt
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-31 02:00 . 2009-12-31 02:00 0 ----a-w- c:\documents and settings\Tiffany Stephens\Application Data\U3\01646018E142C9D1\cleanup.exe
2009-12-16 03:43 . 2009-12-16 03:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-12-16 00:32 . 2009-12-16 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-12-12 01:35 . 2009-12-12 01:33 2065688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-08 04:26 . 2009-12-08 04:27 -------- d-----w- c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\CutePDF Writer
2009-12-08 04:05 . 2009-12-31 02:16 -------- d-----w- c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\AskToolbar
2009-12-08 04:04 . 2009-12-08 04:04 -------- d-----w- c:\program files\GPLGS
2009-12-08 04:00 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\program files\Acro Software
2009-12-08 03:59 . 2009-12-08 03:59 -------- d-----w- c:\program files\Ask.com
2009-12-07 03:44 . 2009-12-07 03:44 -------- d-----w- c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\Identities
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 02:39 . 2007-08-07 22:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-31 02:00 . 2008-11-13 01:48 -------- d-----w- c:\documents and settings\Tiffany Stephens\Application Data\U3
2009-12-28 19:39 . 2009-11-23 22:17 79488 ----a-w- c:\documents and settings\Tiffany Stephens\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-28 02:32 . 2008-03-20 02:27 -------- d-----w- c:\documents and settings\Tiffany Stephens\Application Data\LimeWire
2009-12-21 18:29 . 2008-11-06 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-15 04:42 . 2007-08-07 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-28 22:19 . 2008-11-06 06:21 -------- d-----w- c:\program files\QuickTime
2009-11-28 22:18 . 2009-11-28 22:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-28 22:17 . 2009-11-28 22:17 -------- d-----w- c:\program files\Common Files\Apple
2009-11-28 22:16 . 2009-11-28 22:16 -------- d-----w- c:\program files\Apple Software Update
2009-11-28 22:16 . 2009-11-28 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-29 07:46 . 2007-04-18 12:31 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-05 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-05 03:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2004-08-05 03:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-05 03:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-05 03:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-05 03:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-05 03:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-05 03:00 112128 ----a-w- c:\windows\system32\rastls.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-10-27 20:48 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-10-27 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-06 39408]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-06 2356088]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-07 1015808]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-04-28 84640]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-04-28 26248]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2007-02-20 61440]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-10 198160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-5 45056]
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-7-26 1114217]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 15:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/23/2008 11:17 AM 335240]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 10:39 PM 297752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/23/2008 3:50 PM 101936]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
2009-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-12-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tiffany Stephens.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-04-28 00:08]
2009-12-31 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-10-27 20:48]
2009-12-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-02 04:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8mStart Page =
hxxp://www.google.comuInternet Connection Wizard,ShellNext =
hxxp://en.us.acer.yahoo.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-tmeodjdd - c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\vmayrh\ofuhsysguard.exe
HKLM-Run-eLockMonitor - c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
HKLM-Run-tmeodjdd - c:\documents and settings\Tiffany Stephens\Local Settings\Application Data\vmayrh\ofuhsysguard.exe
**************************************************************************
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:72,8a,64,75,69,46,2a,b7,f7,cd,c0,05,32,ce,82,07,21,d9,d9,d7,53,
93,03,12,82,f3,9a,b8,8c,1d,57,6a,5d,cc,37,f5,a5,51,97,75,4d,38,51,cc,4a,15,\
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:72,8a,64,75,69,46,2a,b7,f7,cd,c0,05,32,ce,82,07,21,d9,d9,d7,53,
93,03,12,82,f3,9a,b8,8c,1d,57,6a,5d,cc,37,f5,a5,51,97,75,4d,38,51,cc,4a,15,\
.
Completion time: 2009-12-30 19:40:47
ComboFix-quarantined-files.txt 2009-12-31 02:40
Pre-Run: 16,723,918,848 bytes free
Post-Run: 17,561,100,288 bytes free
- - End Of File - - 07178CF989168C5DDC59130A5E5D63EA