help

i had an update from windows that wiped out my wireless.....when i download the new wireless from compaq, I continue to get a message that says the file is not able to be found..any help would be appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:45:37 AM, on 10/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Heather and Eddie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ILB6R890\winlogon[1].scr
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [StarzTray] C:\Program Files\Vongo\VongoTray.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [RegisterHPDeviceDetectionDll] regsvr32.exe /s "C:\Program Files\HP\Common\HPDeviceDetection.dll"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hȋdden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: m-trip Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe
O13 - Gopher Prefix:
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\Windows\System32\MrobeService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\Windows\system32\RioMSC.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11407 bytes

Welcome to GeekPolice. We are here to save you money. Our expertise here can help you get rid of threats.

From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a Tech Staff member, administrator, or moderator. Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.

As this topic is for you only, I just need to issue a warning to outside readers:
Warning: Instructions issued in this topic are for this user only. We are not responsible for damages, so if you need help; please register for this site, and start a new topic requesting help.

---

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

everytime I try to do this a message comes up that "command center has stopped working" Help please!!!

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try to run ComboFix again.

might have found the problem. My antispyware wont shut off. i tried deleting the program and it would not let me. I tried reinstalling and it would not let me. I have CA

Go ahead and try my above post and see what happens.

i did. the command stayed open but then said it couldnot complete the process and said something about an administrator needing to approve. I did this as the administrator

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
  
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.
  If so, click it, then click the next icon right below and select Move incurable.
  (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  
• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
  

The following steps were not available to me:


•Once the short scan has finished, Click Options > Change settings

•Choose the Scan tab and UNcheck Heuristic analysis

•Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).

Thank you for your patience

found the heuristic analysis and unchecked it...

Ok. Well go ahead and run it with as many options available.

SlgClientServicesRedists.exe\data002;C:\Program Files\HP Games\Cake Mania\SlgClientServicesRedists.exe;Adware.SpywareStorm;;
SlgClientServicesRedists.exe;C:\Program Files\HP Games\Cake Mania;Archive contains infected objects;;
pdburnsdk.dll;C:\Program Files\Rhapsody\modules;Trojan.Click.origin;;
cakemania-setup.exe/data032\data002;C:\SwSetup\HPGame\games\cakemania-setup.exe/data032;Adware.SpywareStorm;;
data032;C:\SwSetup\HPGame\games;Archive contains infected objects;;
cakemania-setup.exe;C:\SwSetup\HPGame\games;Archive contains infected objects;Moved.;

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
scecli.dll
netlogon.dll
eventlog.dll
winlogon.exe
comres.dll
crypt32.dll
gpedit.dll
rundll32.exe
sfc.dll
svchost.exe
cngaudit.dll
beep.sys
wscntfy.exe
atapi.sys

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 21:08 on 20/10/2009 by ADMIN (Administrator - Elevation successful)

========== filefind ==========

Searching for "scecli.dll"
C:\Windows\System32\scecli.dll --a--- 177152 bytes [01:43 18/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll --a--- 176640 bytes [08:43 02/11/2006] [09:46 02/11/2006] 80E2839D05CA5970A86D7BE2A08BFF61
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll --a--- 177152 bytes [21:11 16/09/2008] [07:36 19/01/2008] 28B84EB538F7E8A0FE8B9299D591E0B9
C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll --a--- 177152 bytes [01:43 18/09/2009] [06:28 11/04/2009] 8FC182167381E9915651267044105EE1

Searching for "netlogon.dll"
C:\Windows\System32\netlogon.dll --a--- 592896 bytes [01:44 18/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll --a--- 559616 bytes [08:45 02/11/2006] [09:46 02/11/2006] 889A2C9F2AACCD8F64EF50AC0B3D553B
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll --a--- 592384 bytes [21:14 16/09/2008] [07:35 19/01/2008] A8EFC0B6E75B789F7FD3BA5025D4E37F
C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll --a--- 592896 bytes [01:44 18/09/2009] [06:28 11/04/2009] 95DAECF0FB120A7B5DA679CC54E37DDE

Searching for "eventlog.dll"
No files found.

Searching for "winlogon.exe"
C:\Windows\System32\winlogon.exe --a--- 314368 bytes [01:44 18/09/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe --a--- 308224 bytes [08:44 02/11/2006] [09:45 02/11/2006] 9F75392B9128A91ABAFB044EA350BAAD
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe --a--- 314880 bytes [21:13 16/09/2008] [07:33 19/01/2008] C2610B6BDBEFC053BBDAB4F1B965CB24
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe --a--- 314368 bytes [01:44 18/09/2009] [06:28 11/04/2009] 898E7C06A350D4A1A64A9EA264D55452

Searching for "comres.dll"
C:\Windows\System32\comres.dll --a--- 1291264 bytes [21:12 16/09/2008] [05:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6000.16386_none_2a7a18dbe946c84f\comres.dll --a--- 1236992 bytes [07:29 02/11/2006] [08:50 02/11/2006] 4843A1784BA6434DFF80F841DDC592C6
C:\Windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll --a--- 1291264 bytes [21:12 16/09/2008] [05:48 19/01/2008] 4211249955AF9133E2E357CC92B54DFD

Searching for "crypt32.dll"
C:\Windows\System32\crypt32.dll --a--- 978944 bytes [01:44 18/09/2009] [06:28 11/04/2009] 6659EC6006FD99A3AF1B8A6306F8BE3C
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16386_none_5938ffdfe0e8b606\crypt32.dll --a--- 974336 bytes [08:43 02/11/2006] [09:46 02/11/2006] 360191D2A50180C3E0673BAB7F5529E0
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.16425_none_5978e103e0b8f230\crypt32.dll --a--- 974336 bytes [05:53 30/04/2007] [05:53 30/04/2007] 3233F31FF7046A5C54A312B6687C5376
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6000.20523_none_5a007d3af9d85f4c\crypt32.dll --a--- 974336 bytes [05:53 30/04/2007] [05:53 30/04/2007] 6E4B8D43AABE3EC49AA925FD68F0C265
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\crypt32.dll --a--- 977408 bytes [21:14 16/09/2008] [07:34 19/01/2008] D4D86075510C02F887528207D8E0D713
C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6002.18005_none_5d5b3ae7daf59226\crypt32.dll --a--- 978944 bytes [01:44 18/09/2009] [06:28 11/04/2009] 6659EC6006FD99A3AF1B8A6306F8BE3C

Searching for "gpedit.dll"
C:\Windows\System32\gpedit.dll --a--- 950784 bytes [01:45 18/09/2009] [06:28 11/04/2009] 4E51A7052D162B2BA85612B486A68A45
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6000.16386_none_cbfb6a9967fc57b1\gpedit.dll --a--- 935936 bytes [08:46 02/11/2006] [09:46 02/11/2006] 1C2761A389791C98E8A11A1539D6BB71
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6001.18000_none_ce322c9564e76885\gpedit.dll --a--- 936960 bytes [21:12 16/09/2008] [07:34 19/01/2008] E3DDEB38C6303086F79C6B7E83C372C8
C:\Windows\winsxs\x86_microsoft-windows-g..policy-admin-gpedit_31bf3856ad364e35_6.0.6002.18005_none_d01da5a1620933d1\gpedit.dll --a--- 950784 bytes [01:45 18/09/2009] [06:28 11/04/2009] 4E51A7052D162B2BA85612B486A68A45

Searching for "rundll32.exe"
C:\Windows\System32\rundll32.exe --a--- 44544 bytes [08:48 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A
C:\Windows\winsxs\x86_microsoft-windows-rundll32_31bf3856ad364e35_6.0.6000.16386_none_d5ce8f93adff8210\rundll32.exe --a--- 44544 bytes [08:48 02/11/2006] [09:45 02/11/2006] 4B555106290BD117334E9A08761C035A

Searching for "sfc.dll"
C:\Windows\System32\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6000.16386_none_a4ff01505f4694a4\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8
C:\Windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.0.6001.18000_none_a735c34c5c31a578\sfc.dll --a--- 4608 bytes [08:33 02/11/2006] [09:46 02/11/2006] F4E1AA5D59C849A4AB47E895DC76B9C8

Searching for "svchost.exe"
C:\Windows\System32\svchost.exe --a--- 21504 bytes [21:10 16/09/2008] [07:33 19/01/2008] 3794B461C45882E06856F282EEF025AF
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe --a--- 22016 bytes [08:35 02/11/2006] [09:45 02/11/2006] 10DA15933D582D2FEDCF705EFE394B09
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe --a--- 21504 bytes [21:10 16/09/2008] [07:33 19/01/2008] 3794B461C45882E06856F282EEF025AF

Searching for "cngaudit.dll"
C:\Windows\System32\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D
C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll --a--- 11776 bytes [08:43 02/11/2006] [09:46 02/11/2006] 7F15B4953378C8B5161D65C26D5FED4D

Searching for "beep.sys"
C:\Windows\System32\drivers\beep.sys --a--- 6144 bytes [21:08 16/09/2008] [05:49 19/01/2008] 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys --a--- 6144 bytes [08:51 02/11/2006] [08:51 02/11/2006] AC3DD1708B22761EBD7CBE14DCC3B5D7
C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys --a--- 6144 bytes [21:08 16/09/2008] [05:49 19/01/2008] 67E506B75BD5326A3EC7B70BD014DFB6

Searching for "wscntfy.exe"
No files found.

Searching for "atapi.sys"
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys --a--- 21560 bytes [08:06 13/02/2008] [08:06 13/02/2008] B35CFCEF838382AB6490B321C87EDF17
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys --a--- 19944 bytes [01:44 18/09/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys --a--- 19048 bytes [10:25 02/11/2006] [09:49 02/11/2006] 4F4FCB8B6EA06784FB6D475B7EC7300F
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys --a--- 21560 bytes [21:11 16/09/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\System32\drivers\atapi.sys --a--- 19944 bytes [01:44 18/09/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys --a--- 21560 bytes [08:06 13/02/2008] [08:06 13/02/2008] B35CFCEF838382AB6490B321C87EDF17
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys --a--- 21560 bytes [08:06 13/02/2008] [08:06 13/02/2008] E03E8C99D15D0381E02743C36AFC7C6F
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys --a--- 21560 bytes [21:11 16/09/2008] [07:41 19/01/2008] 2D9C903DC76A66813D350A562DE40ED9
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys --a--- 19944 bytes [01:44 18/09/2009] [06:32 11/04/2009] 1F05B78AB91C9075565A9D8A4B880BC4

-=End Of File=-

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

I will do this right now...as an aside i have an external drive. should that be involved also?

Not at all. Just run ComboFix.

ComboFix 09-10-20.03 - ADMIN 10/21/2009 17:10.1.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2494.1480 [GMT -4:00]
Running from: c:\users\Heather and Eddie\Desktop\commy.exe
Command switches used :: /stepdel
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1856941148-2225634861-2241160836-500
c:\$recycle.bin\S-1-5-21-3476589880-2846545486-3996084828-500
c:\windows\Installer\42a50.msi
c:\windows\system32\oem30.inf
c:\$recycle.bin\S-1-5-21-1856941148-2225634861-2241160836-500\desktop.ini
c:\$recycle.bin\S-1-5-21-3476589880-2846545486-3996084828-500\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 21:21 . 2009-10-21 21:24 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2009-10-21 21:21 . 2009-10-21 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-21 21:20 . 2009-10-21 21:20 -------- d-----w- c:\users\PADMAN\AppData\Local\temp
2009-10-21 21:20 . 2009-10-21 21:20 -------- d-----w- c:\users\heather\AppData\Local\temp
2009-10-21 10:07 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 10:07 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 10:07 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 10:07 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 10:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 10:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:06 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 10:06 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 03:34 . 2009-10-18 11:49 -------- d-----w- c:\users\Heather and Eddie\DoctorWeb
2009-10-17 22:44 . 2009-10-18 17:01 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-17 22:44 . 2009-10-18 17:01 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-17 22:43 . 2007-08-20 17:42 99592 ----a-w- c:\windows\system32\isafeif.dll
2009-10-17 22:43 . 2007-08-20 17:42 79424 ----a-w- c:\windows\system32\vetredir.dll
2009-10-17 22:43 . 2007-08-20 17:42 75016 ----a-w- c:\windows\system32\isafprod.dll
2009-10-17 22:43 . 2007-08-20 17:42 21512 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-10-17 22:43 . 2007-08-20 17:42 21128 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-10-17 22:43 . 2007-08-20 17:42 32264 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-10-17 22:43 . 2007-08-20 17:42 26376 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-10-17 05:20 . 2009-10-17 05:20 -------- d-----w- c:\program files\Trend Micro
2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- C:\Rooter$
2009-10-17 05:10 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-17 05:10 . 2009-10-17 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 23:26 . 2009-10-16 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\{a393c4b5-0955-4a8b-afb4-ff66266c964c}
2009-10-16 22:40 . 2009-10-16 22:40 680 ----a-w- c:\users\ADMIN\AppData\Local\d3d9caps.dat
2009-10-16 22:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 22:03 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:03 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\ca-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\eu-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\vi-VN
2009-10-16 21:00 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- c:\windows\system32\EventProviders
2009-10-03 20:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 20:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 20:42 . 2009-10-03 20:42 -------- d-----w- c:\program files\iPod
2009-10-03 20:42 . 2009-10-03 20:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 20:14 . 2009-10-03 20:15 -------- d-----w- c:\program files\QuickTime
2009-10-03 05:58 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 21:00 . 2009-03-19 00:34 114540 ----a-w- c:\programdata\nvModes.dat
2009-10-20 20:52 . 2008-12-24 15:41 -------- d-----w- c:\programdata\Google Updater
2009-10-17 20:42 . 2008-07-11 11:50 -------- d-----w- c:\users\heather\AppData\Roaming\HP
2009-10-17 05:33 . 2008-11-29 18:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 04:20 . 2007-04-30 05:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-17 03:35 . 2007-12-23 19:04 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Hewlett-Packard
2009-10-17 03:29 . 2008-07-27 20:24 -------- d-----w- c:\program files\Winamp Remote
2009-10-17 00:19 . 2009-06-22 13:13 -------- d-----w- c:\users\PADMAN\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-21 20:35 -------- d-----w- c:\users\heather\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-17 00:18 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Memeo
2009-10-17 00:18 . 2008-09-19 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 22:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 21:38 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 21:35 . 2007-04-30 06:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-16 20:03 . 2007-12-21 05:44 -------- d-----w- c:\users\heather\AppData\Roaming\Hewlett-Packard
2009-10-03 22:00 . 2007-12-30 11:14 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Apple Computer
2009-10-03 20:43 . 2009-06-04 21:29 -------- d-----w- c:\program files\iTunes
2009-10-03 20:42 . 2007-12-30 10:50 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 09:29 . 2009-10-16 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 11:41 . 2009-10-16 21:01 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 06:54 . 2009-08-31 21:33 -------- d-----w- c:\programdata\NOS
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\NOS
2009-08-29 02:51 . 2009-05-30 15:38 97592 ----a-w- c:\users\PADMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 00:27 . 2009-09-02 22:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 01:55 . 2007-04-30 05:57 -------- d-----w- c:\programdata\Roxio
2009-08-27 23:15 . 2007-12-20 07:40 97592 ----a-w- c:\users\Heather and Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 21:01 . 2007-12-21 05:42 97592 ----a-w- c:\users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:53 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-27 20:48 . 2007-12-23 18:46 97592 ----a-w- c:\users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:47 . 2009-08-27 20:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 21:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 21:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 21:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-16 03:41 . 2008-11-16 03:41 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-10-17 230664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Heather and Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2008-9-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):63,92,ba,7c,a5,4e,ca,01

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/17/2009 1:10 AM 583640]
R3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [8/17/2007 1:10 AM 189704]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/16/2008 5:10 PM 21504]
S3 ndsdatamax;ndsdatamax;c:\windows\System32\drivers\ndsdatamax.sys [5/12/2008 6:37 PM 29184]
S3 TucbDriverV32;TucbDriverV32;c:\windows\System32\drivers\TucbDriverV32.sys [5/11/2008 5:07 PM 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\System32\drivers\TucbVideo32.sys [5/11/2008 5:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-17 c:\windows\Tasks\CAAntiSpywareScan_Daily as ADMIN at 6 42 PM.job
- c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe [2007-08-17 05:10]

2009-10-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 03:02]

2009-10-17 c:\windows\Tasks\HPCeeScheduleForADMIN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\HPCeeScheduleForHeather and Eddie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-03 c:\windows\Tasks\HPCeeScheduleForheather.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForPADMAN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{2A13004B-6FE0-4817-BB79-9A466D703659}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-10-21 c:\windows\Tasks\User_Feed_Synchronization-{756F0A98-2880-4030-99A6-47135E7B52EE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 17:24
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
.
Completion time: 2009-10-21 17:26
ComboFix-quarantined-files.txt 2009-10-21 21:26

Pre-Run: 19,797,499,904 bytes free
Post-Run: 24,302,723,072 bytes free

- - End Of File - - 0BAFDEB2E675CCF8B388879794225AA6





32 Bit HP CIO Components Installer
6300
6300_Help
6300Trb
Action Replay Code Manager
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.5
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CA Anti-Spyware
CA Anti-Virus
CA Internet Security Suite
CoffeeCup Free Zip Wizard
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink MediaShow
Data Lifeguard Diagnostic for Windows
Destinations
DeviceManagementQFolder
Disney Pirates of the Caribbean Online
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Fax
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Driver Diagnostics
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Product Detection
HP Quick Launch Buttons 6.20 D3
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0041
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPProductAssistant
HPSSupply
InstallMgr
iTunes
Java(TM) 6 Update 16
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
KB408682
LightScribe System Software 1.10.19.1
m:trip
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MSCU for Microsoft Vista
MSN
MSN Toolbar
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
My HP Games
NVIDIA Drivers
OGA Notifier 2.0.0048.0
PartyPoker
PSSWCORE
QuickPlay SlingPlayer 0.4.6
QuickTime
Recover My Files
Registry Mechanic 9.0
Rhapsody
Rhapsody Player Engine
Rio Internet Update
Rio Music Manager
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
TWC Customer Controls
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vongo
WebReg
Winamp
Winamp Remote
Wizard101

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

my antivirus is running in the background and picking up viruses is that ok or should i shut it down?

I just need a malwarebytes logs. The antivirus is fine.

Malwarebytes' Anti-Malware 1.41
Database version: 3008
Windows 6.0.6002 Service Pack 2

10/22/2009 5:33:32 AM
mbam-log-2009-10-22 (05-33-32).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 365427
Time elapsed: 3 hour(s), 35 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

it keeps attempting to delete my antivirus and it cannot. i attempted to manually delete it and it would not let me

Every time it reboots I get a window intaller that says the feature you are trying to use is on a network resource that is unavailable. the source is listed below



C:\Users\Heather and Eddie\AppData\Local\Temp\{A4C0BD9F-384A-4277-B77C-579FCCF19D36}

Let's take care of that...

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Folder::
   C:\Users\Heather and Eddie\AppData\Local\Temp\{A4C0BD9F-384A-4277-B77C-579FCCF19D36}
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 09-10-23.01 - ADMIN 10/24/2009 17:46.3.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.2494.1550 [GMT -4:00]
Running from: c:\users\Heather and Eddie\Desktop\commy.exe
Command switches used :: c:\users\Heather and Eddie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\PADMAN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\heather\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-23 05:29 . 2009-10-24 16:47 -------- d-----w- c:\programdata\fssg
2009-10-23 05:28 . 2009-10-23 05:28 -------- d-----w- c:\programdata\f-secure
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\programdata\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 10:07 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 10:07 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 10:07 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 10:07 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 10:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 10:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:06 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 10:06 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 03:34 . 2009-10-18 11:49 -------- d-----w- c:\users\Heather and Eddie\DoctorWeb
2009-10-17 05:20 . 2009-10-17 05:20 -------- d-----w- c:\program files\Trend Micro
2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- C:\Rooter$
2009-10-17 05:10 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-17 05:10 . 2009-10-17 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 23:26 . 2009-10-16 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\{a393c4b5-0955-4a8b-afb4-ff66266c964c}
2009-10-16 22:40 . 2009-10-16 22:40 680 ----a-w- c:\users\ADMIN\AppData\Local\d3d9caps.dat
2009-10-16 22:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 22:03 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:03 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\ca-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\eu-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\vi-VN
2009-10-16 21:00 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- c:\windows\system32\EventProviders
2009-10-03 20:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 20:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 20:42 . 2009-10-03 20:42 -------- d-----w- c:\program files\iPod
2009-10-03 20:42 . 2009-10-03 20:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 20:14 . 2009-10-03 20:15 -------- d-----w- c:\program files\QuickTime
2009-10-03 05:58 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 21:37 . 2009-03-19 00:34 114540 ----a-w- c:\programdata\nvModes.dat
2009-10-24 18:21 . 2009-07-31 01:57 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Mozilla-Cache
2009-10-24 16:31 . 2007-12-20 18:58 -------- d-----w- c:\program files\CA
2009-10-23 23:55 . 2008-12-24 15:41 -------- d-----w- c:\programdata\Google Updater
2009-10-17 20:42 . 2008-07-11 11:50 -------- d-----w- c:\users\heather\AppData\Roaming\HP
2009-10-17 05:33 . 2008-11-29 18:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 04:20 . 2007-04-30 05:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-17 03:35 . 2007-12-23 19:04 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Hewlett-Packard
2009-10-17 03:29 . 2008-07-27 20:24 -------- d-----w- c:\program files\Winamp Remote
2009-10-17 00:19 . 2009-06-22 13:13 -------- d-----w- c:\users\PADMAN\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-21 20:35 -------- d-----w- c:\users\heather\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-17 00:18 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Memeo
2009-10-17 00:18 . 2008-09-19 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 22:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 21:38 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 21:35 . 2007-04-30 06:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-16 20:03 . 2007-12-21 05:44 -------- d-----w- c:\users\heather\AppData\Roaming\Hewlett-Packard
2009-10-03 22:00 . 2007-12-30 11:14 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Apple Computer
2009-10-03 20:43 . 2009-06-04 21:29 -------- d-----w- c:\program files\iTunes
2009-10-03 20:42 . 2007-12-30 10:50 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 09:29 . 2009-10-16 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 11:41 . 2009-10-16 21:01 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 06:54 . 2009-08-31 21:33 -------- d-----w- c:\programdata\NOS
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\NOS
2009-08-29 02:51 . 2009-05-30 15:38 97592 ----a-w- c:\users\PADMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 00:27 . 2009-09-02 22:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 01:55 . 2007-04-30 05:57 -------- d-----w- c:\programdata\Roxio
2009-08-27 23:15 . 2007-12-20 07:40 97592 ----a-w- c:\users\Heather and Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 21:01 . 2007-12-21 05:42 97592 ----a-w- c:\users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:53 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-27 20:48 . 2007-12-23 18:46 97592 ----a-w- c:\users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:47 . 2009-08-27 20:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 21:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 21:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 21:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-16 03:41 . 2008-11-16 03:41 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-10-21_21.24.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-30 05:46 . 2009-10-24 21:39 57274 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-24 21:39 61298 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-20 07:34 . 2009-10-24 21:39 10382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856941148-2225634861-2241160836-1000_UserData.bin
+ 2009-10-24 16:53 . 2009-10-24 16:53 79424 c:\windows\System32\vetredir.dll
- 2009-10-17 22:43 . 2007-08-20 17:42 79424 c:\windows\System32\vetredir.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 11280 c:\windows\System32\vetntmsg.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 75280 c:\windows\System32\isafprod.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 99904 c:\windows\System32\isafeif.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 32528 c:\windows\System32\drivers\vetmonnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21648 c:\windows\System32\drivers\vetfddnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21392 c:\windows\System32\drivers\vet-rec.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 26640 c:\windows\System32\drivers\vet-filt.sys
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 79376 c:\windows\System32\caavresource.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 95496 c:\windows\System32\avshlext.dll
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 8720 c:\windows\System32\caavproduct.dll
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 233472 c:\windows\System32\vetmsg.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 120072 c:\windows\System32\unvet32.exe
+ 2006-11-02 10:33 . 2009-10-24 21:43 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-24 21:43 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 101350 c:\windows\System32\perfc009.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 218688 c:\windows\System32\isafserv.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 108096 c:\windows\System32\isafinst.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 144960 c:\windows\System32\isafe.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 222472 c:\windows\System32\driverif.dll
+ 2009-08-27 20:46 . 2009-10-24 17:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-27 20:46 . 2009-10-17 00:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 230664 c:\windows\System32\cavrid.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 365832 c:\windows\System32\cavrep.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 214256 c:\windows\System32\caavscan.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 321040 c:\windows\System32\caavimages.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 222448 c:\windows\System32\caavguiscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 152816 c:\windows\System32\caavcmdscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 360448 c:\windows\System32\caav.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 337192 c:\windows\System32\arclib.dll
+ 2009-10-23 05:29 . 2009-10-23 05:29 135680 c:\windows\Installer\60bcf25.msi
- 2007-12-20 17:40 . 2009-10-21 20:51 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-12-20 17:40 . 2009-10-24 21:35 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Heather and Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2008-9-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):63,92,ba,7c,a5,4e,ca,01

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/17/2009 1:10 AM 583640]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/16/2008 5:10 PM 21504]
S3 ndsdatamax;ndsdatamax;c:\windows\System32\drivers\ndsdatamax.sys [5/12/2008 6:37 PM 29184]
S3 TucbDriverV32;TucbDriverV32;c:\windows\System32\drivers\TucbDriverV32.sys [5/11/2008 5:07 PM 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\System32\drivers\TucbVideo32.sys [5/11/2008 5:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 03:02]

2009-10-17 c:\windows\Tasks\HPCeeScheduleForADMIN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\HPCeeScheduleForHeather and Eddie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-03 c:\windows\Tasks\HPCeeScheduleForheather.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForPADMAN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{2A13004B-6FE0-4817-BB79-9A466D703659}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{756F0A98-2880-4030-99A6-47135E7B52EE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.boston.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-24 17:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-10-24 18:01
ComboFix-quarantined-files.txt 2009-10-24 22:01
ComboFix2.txt 2009-10-24 21:29
ComboFix3.txt 2009-10-21 21:30

Pre-Run: 21,131,862,016 bytes free
Post-Run: 21,094,494,208 bytes free

- - End Of File - - 6F730CA1F5C85C4A07E01C07B91D1EC2

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Malwarebytes' Anti-Malware 1.41
Database version: 3028
Windows 6.0.6002 Service Pack 2

10/25/2009 10:43:25 AM
mbam-log-2009-10-25 (10-43-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 364320
Time elapsed: 1 hour(s), 27 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

In order to get to internet explorer, I need to run as an administrator. I get the following message if I try to go online as a non adminstrator


illegal operation attempted on a registry key that has been marked for deletion