combo fix log
ComboFix 10-12-08.04 - Owner 12/09/2010 8:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1214 [GMT -5:00]
Running from: c:\users\Owner\Desktop\commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 10
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\msimg32.dll
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\West .. Career Opportunities (2).url
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\West at Home - Employee Login.url
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Recent\Work Place Like Home.url
c:\windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2010-11-09 to 2010-12-09 )))))))))))))))))))))))))))))))
.
2010-12-09 13:40 . 2010-12-09 13:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-07 15:36 . 2010-12-07 15:36 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-12-07 15:36 . 2010-12-07 15:36 -------- d-----w- c:\program files\TrendMicro
2010-12-07 15:02 . 2010-11-29 22:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 15:02 . 2010-11-29 22:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 15:00 . 2010-12-07 15:00 1409 ----a-w- c:\windows\QTFont.for
2010-11-29 16:36 . 2010-11-29 16:36 -------- d-----w- c:\program files\Robinson Curriculum
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\TABLISTS
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\STUDENTS
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\SENTENCE
2010-11-29 16:32 . 2010-11-29 16:32 -------- d-----w- c:\program files\DATA
2010-11-29 16:30 . 2002-11-08 23:15 1974784 ----a-w- c:\program files\rcfiles.exe
2010-11-29 16:30 . 1997-03-28 19:55 55440 ----a-w- c:\windows\system32\lead.vbx
2010-11-29 16:30 . 1997-03-28 19:55 517104 ----a-w- c:\windows\system32\LEAD45.DLL
2010-11-29 16:30 . 1997-01-12 01:35 81920 ----a-w- c:\windows\system32\bivbx11.dll
2010-11-29 16:30 . 1997-01-12 01:35 346464 ----a-w- c:\windows\system32\vdvbx.vbx
2010-11-27 20:01 . 2010-11-27 20:01 -------- d-----r- c:\users\Owner\AppData\Roaming\Brother
2010-11-27 17:36 . 2006-12-21 16:23 176128 ------w- c:\windows\system32\BROSNMP.DLL
2010-11-27 17:36 . 2006-11-13 05:00 81920 ------w- c:\windows\system32\BRRBTOOL.EXE
2010-11-27 17:36 . 2004-09-24 05:00 24223 ------w- c:\windows\system32\brlm03a.dll
2010-11-27 17:36 . 2004-08-10 05:42 77824 ------w- c:\windows\system32\brlmw03a.dll
2010-11-27 17:36 . 2010-11-27 17:36 -------- d-----w- c:\program files\Brownie
2010-11-27 17:36 . 2010-11-27 17:36 -------- d-----w- c:\program files\Brother
2010-11-27 17:36 . 2006-08-18 18:27 192512 ------w- c:\windows\system32\Pdrvinst.dll
2010-11-27 17:35 . 2010-11-27 17:35 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2010-11-27 17:35 . 2010-11-27 17:35 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2010-11-27 17:35 . 2004-04-19 04:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2010-11-27 17:35 . 2004-04-19 04:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2010-11-27 17:35 . 2004-04-19 04:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2010-11-27 17:35 . 2004-04-19 04:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2010-11-27 17:35 . 2004-04-19 04:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2010-11-25 13:16 . 2010-11-25 13:16 -------- d-----w- c:\users\Owner\AppData\Roaming\AVG10
2010-11-25 13:14 . 2010-11-25 13:14 -------- d--h--w- c:\programdata\Common Files
2010-11-25 13:06 . 2010-12-07 20:42 -------- d-----w- c:\programdata\MFAData
2010-11-24 13:32 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 14:06 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B965FF8C-3C55-4F08-A9B7-958DA2BAD5C8}\mpengine.dll
2010-11-19 05:50 . 2010-11-19 05:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-11 13:03 . 2010-10-07 11:35 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-10 17:49 . 2010-11-10 17:49 135568 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-11-10 01:18 . 2010-11-10 01:18 -------- d-----w- c:\windows\system32\EventProviders
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-12-25 05:48 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-20 09:25 . 2010-10-15 17:19 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-09-15 09:50 . 2010-05-27 19:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-10 16:37 . 2010-10-13 23:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2002-11-08 01:54 . 2002-11-08 01:54 699584 ----a-w- c:\program files\robinson.exe
2001-11-08 19:54 . 2001-11-08 19:54 38752 ----a-w- c:\program files\leaddib.drv
1997-03-28 19:55 . 1997-03-28 19:55 55440 ----a-w- c:\program files\LEAD.VBX
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-10-01 181544]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-10 212992]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1ca779e15c63da0;Google Update Service (gupdate1ca779e15c63da0);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 133104]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 00:33]
2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-08 00:33]
2010-12-03 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-11-12 19:58]
2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{8850B951-228A-4804-B1AA-52756088F15A}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptopIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {13149882-F480-4F6B-8C6A-0764F75B99ED} -
hxxp://plug-in.reallusion.com/CrazyTalk4.cabDPF: {B7A59580-B39D-4BF9-B968-1BFA25156691} -
hxxp://www.reallusion.com/plug-in/rltts.cabFF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://webmail.aol.com/39997/aol/en-us/Suite.aspxFF - prefs.js: keyword.URL -
hxxp://search.avg.com/route/?d=4cee613b&v=6.010.023.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: Noia 2.0 (eXtreme): {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
FF - Extension: Tinseltown: {285da7e0-729d-11db-9fe1-0800200c9a66} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{285da7e0-729d-11db-9fe1-0800200c9a66}
FF - Extension: Move Media Player:
moveplayer@movenetworks.com - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Personas:
personas@christopher.beard - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\063d7ma6.default\extensions\personas@christopher.beard
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-09 08:40
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-09 08:44:33
ComboFix-quarantined-files.txt 2010-12-09 13:44
Pre-Run: 84,862,836,736 bytes free
Post-Run: 85,939,888,128 bytes free
- - End Of File - - F3E65AF554241612B232572D94911B92