help

View previous topic View next topic Go down

Re: help

Post by Dr Jay on Sat Oct 24, 2009 8:59 pm

Let's take care of that...

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Folder::
    C:\Users\Heather and Eddie\AppData\Local\Temp\{A4C0BD9F-384A-4277-B77C-579FCCF19D36}
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: help

Post by owense1 on Sat Oct 24, 2009 10:05 pm

ComboFix 09-10-23.01 - ADMIN 10/24/2009 17:46.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2494.1550 [GMT -4:00]
Running from: c:\users\Heather and Eddie\Desktop\commy.exe
Command switches used :: c:\users\Heather and Eddie\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\PADMAN\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\heather\AppData\Local\temp
2009-10-24 21:58 . 2009-10-24 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-23 05:29 . 2009-10-24 16:47 -------- d-----w- c:\programdata\fssg
2009-10-23 05:28 . 2009-10-23 05:28 -------- d-----w- c:\programdata\f-secure
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 01:32 . 2009-10-22 01:32 -------- d-----w- c:\programdata\Malwarebytes
2009-10-22 01:32 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 10:07 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-21 10:07 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-21 10:07 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-21 10:07 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-21 10:06 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-21 10:06 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-21 10:06 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-21 10:06 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-21 10:06 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-18 03:34 . 2009-10-18 11:49 -------- d-----w- c:\users\Heather and Eddie\DoctorWeb
2009-10-17 05:20 . 2009-10-17 05:20 -------- d-----w- c:\program files\Trend Micro
2009-10-17 05:15 . 2009-10-17 05:15 -------- d-----w- C:\Rooter$
2009-10-17 05:10 . 2004-08-04 12:00 506368 ----a-w- c:\windows\system32\msxml.dll
2009-10-17 05:10 . 2009-10-17 05:10 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-16 23:26 . 2009-10-16 23:27 -------- d-----w- c:\windows\system32\config\systemprofile\{a393c4b5-0955-4a8b-afb4-ff66266c964c}
2009-10-16 22:40 . 2009-10-16 22:40 680 ----a-w- c:\users\ADMIN\AppData\Local\d3d9caps.dat
2009-10-16 22:03 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-16 22:03 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-16 22:03 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\ca-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\eu-ES
2009-10-16 21:05 . 2009-10-16 21:05 -------- d-----w- c:\windows\system32\vi-VN
2009-10-16 21:00 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-16 20:37 . 2009-10-16 20:37 -------- d-----w- c:\windows\system32\EventProviders
2009-10-03 20:43 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-03 20:43 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 20:42 . 2009-10-03 20:42 -------- d-----w- c:\program files\iPod
2009-10-03 20:42 . 2009-10-03 20:43 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-03 20:14 . 2009-10-03 20:15 -------- d-----w- c:\program files\QuickTime
2009-10-03 05:58 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 21:37 . 2009-03-19 00:34 114540 ----a-w- c:\programdata\nvModes.dat
2009-10-24 18:21 . 2009-07-31 01:57 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Mozilla-Cache
2009-10-24 16:31 . 2007-12-20 18:58 -------- d-----w- c:\program files\CA
2009-10-23 23:55 . 2008-12-24 15:41 -------- d-----w- c:\programdata\Google Updater
2009-10-17 20:42 . 2008-07-11 11:50 -------- d-----w- c:\users\heather\AppData\Roaming\HP
2009-10-17 05:33 . 2008-11-29 18:53 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-17 04:20 . 2007-04-30 05:46 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-17 03:35 . 2007-12-23 19:04 -------- d-----w- c:\users\ADMIN\AppData\Roaming\Hewlett-Packard
2009-10-17 03:29 . 2008-07-27 20:24 -------- d-----w- c:\program files\Winamp Remote
2009-10-17 00:19 . 2009-06-22 13:13 -------- d-----w- c:\users\PADMAN\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-21 20:35 -------- d-----w- c:\users\heather\AppData\Roaming\Memeo
2009-10-17 00:19 . 2009-06-17 00:18 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Memeo
2009-10-17 00:18 . 2008-09-19 04:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-16 22:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-16 21:38 . 2007-04-30 06:14 -------- d-----w- c:\programdata\Microsoft Help
2009-10-16 21:35 . 2007-04-30 06:13 -------- d-----w- c:\program files\Microsoft Works
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-16 21:05 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-16 20:03 . 2007-12-21 05:44 -------- d-----w- c:\users\heather\AppData\Roaming\Hewlett-Packard
2009-10-03 22:00 . 2007-12-30 11:14 -------- d-----w- c:\users\Heather and Eddie\AppData\Roaming\Apple Computer
2009-10-03 20:43 . 2009-06-04 21:29 -------- d-----w- c:\program files\iTunes
2009-10-03 20:42 . 2007-12-30 10:50 -------- d-----w- c:\program files\Common Files\Apple
2009-09-14 09:29 . 2009-10-16 21:01 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-09-04 11:41 . 2009-10-16 21:01 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 06:54 . 2009-08-31 21:33 -------- d-----w- c:\programdata\NOS
2009-08-31 21:33 . 2009-08-31 21:33 -------- d-----w- c:\program files\NOS
2009-08-29 02:51 . 2009-05-30 15:38 97592 ----a-w- c:\users\PADMAN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-29 00:27 . 2009-09-02 22:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 01:55 . 2007-04-30 05:57 -------- d-----w- c:\programdata\Roxio
2009-08-27 23:15 . 2007-12-20 07:40 97592 ----a-w- c:\users\Heather and Eddie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 21:01 . 2007-12-21 05:42 97592 ----a-w- c:\users\heather\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:53 . 2009-06-16 12:35 -------- d-----w- c:\program files\Common Files\eSellerate
2009-08-27 20:48 . 2007-12-23 18:46 97592 ----a-w- c:\users\ADMIN\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-27 20:47 . 2009-08-27 20:47 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-27 05:22 . 2009-10-16 21:01 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-16 21:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-16 21:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-16 21:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:27 . 2009-09-10 02:41 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 02:41 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 02:41 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 02:41 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 02:41 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 02:41 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 02:41 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 02:41 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 02:41 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 02:41 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-11-16 03:41 . 2008-11-16 03:41 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-04-30 05:46 . 2009-10-24 21:39 57274 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-10-24 21:39 61298 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-12-20 07:34 . 2009-10-24 21:39 10382 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1856941148-2225634861-2241160836-1000_UserData.bin
+ 2009-10-24 16:53 . 2009-10-24 16:53 79424 c:\windows\System32\vetredir.dll
- 2009-10-17 22:43 . 2007-08-20 17:42 79424 c:\windows\System32\vetredir.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 11280 c:\windows\System32\vetntmsg.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 75280 c:\windows\System32\isafprod.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 99904 c:\windows\System32\isafeif.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 32528 c:\windows\System32\drivers\vetmonnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21648 c:\windows\System32\drivers\vetfddnt.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 21392 c:\windows\System32\drivers\vet-rec.sys
+ 2009-10-24 16:53 . 2009-10-24 16:53 26640 c:\windows\System32\drivers\vet-filt.sys
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-20 07:22 . 2009-10-21 21:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-12-20 07:22 . 2009-10-24 21:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 79376 c:\windows\System32\caavresource.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 95496 c:\windows\System32\avshlext.dll
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-21 20:40 . 2009-10-21 21:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-12-21 20:40 . 2009-10-17 21:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 8720 c:\windows\System32\caavproduct.dll
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-21 20:54 . 2009-10-21 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 21:37 . 2009-10-24 21:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 233472 c:\windows\System32\vetmsg.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 120072 c:\windows\System32\unvet32.exe
+ 2006-11-02 10:33 . 2009-10-24 21:43 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-10-24 21:43 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-10-21 21:02 101350 c:\windows\System32\perfc009.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 218688 c:\windows\System32\isafserv.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 108096 c:\windows\System32\isafinst.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 144960 c:\windows\System32\isafe.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 222472 c:\windows\System32\driverif.dll
+ 2009-08-27 20:46 . 2009-10-24 17:40 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-08-27 20:46 . 2009-10-17 00:06 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-24 16:53 . 2009-10-24 16:53 230664 c:\windows\System32\cavrid.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 365832 c:\windows\System32\cavrep.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 214256 c:\windows\System32\caavscan.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 321040 c:\windows\System32\caavimages.dll
+ 2009-10-24 16:53 . 2009-10-24 16:53 222448 c:\windows\System32\caavguiscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 152816 c:\windows\System32\caavcmdscan.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 360448 c:\windows\System32\caav.exe
+ 2009-10-24 16:53 . 2009-10-24 16:53 337192 c:\windows\System32\arclib.dll
+ 2009-10-23 05:29 . 2009-10-23 05:29 135680 c:\windows\Installer\60bcf25.msi
- 2007-12-20 17:40 . 2009-10-21 20:51 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2007-12-20 17:40 . 2009-10-24 21:35 1092160 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2009-10-14 292824]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2009-04-11 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"StarzTray"="c:\program files\Vongo\VongoTray.exe" [2007-12-12 385024]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-10-14 104408]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-17 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Heather and Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
m-trip Launcher.lnk - c:\program files\OLYMPUS\m-trip\Bin\m-tripLauncher.exe [2008-9-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):63,92,ba,7c,a5,4e,ca,01

R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/17/2009 1:10 AM 583640]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [9/16/2008 5:10 PM 21504]
S3 ndsdatamax;ndsdatamax;c:\windows\System32\drivers\ndsdatamax.sys [5/12/2008 6:37 PM 29184]
S3 TucbDriverV32;TucbDriverV32;c:\windows\System32\drivers\TucbDriverV32.sys [5/11/2008 5:07 PM 23096]
S3 TucbVideo32;TucbVideo32;c:\windows\System32\drivers\TucbVideo32.sys [5/11/2008 5:07 PM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
rsmsvcs REG_MULTI_SZ ntmssvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 03:02]

2009-10-17 c:\windows\Tasks\HPCeeScheduleForADMIN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-21 c:\windows\Tasks\HPCeeScheduleForHeather and Eddie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-03 c:\windows\Tasks\HPCeeScheduleForheather.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForPADMAN.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-30 21:23]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{2A13004B-6FE0-4817-BB79-9A466D703659}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]

2009-10-24 c:\windows\Tasks\User_Feed_Synchronization-{756F0A98-2880-4030-99A6-47135E7B52EE}.job
- c:\windows\system32\msfeedssync.exe [2009-10-16 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-10-24 17:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2496)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-10-24 18:01
ComboFix-quarantined-files.txt 2009-10-24 22:01
ComboFix2.txt 2009-10-24 21:29
ComboFix3.txt 2009-10-21 21:30

Pre-Run: 21,131,862,016 bytes free
Post-Run: 21,094,494,208 bytes free

- - End Of File - - 6F730CA1F5C85C4A07E01C07B91D1EC2

owense1
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-10-17
OS : Vista

View user profile

Back to top Go down

Re: help

Post by Dr Jay on Sat Oct 24, 2009 11:47 pm

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Status :
Online
Offline

Posts : 13707
Joined : 2009-09-06
Gender : Male
OS : Windows 10 Home & Pro

View user profile

Back to top Go down

Re: help

Post by owense1 on Sun Oct 25, 2009 2:43 pm

Malwarebytes' Anti-Malware 1.41
Database version: 3028
Windows 6.0.6002 Service Pack 2

10/25/2009 10:43:25 AM
mbam-log-2009-10-25 (10-43-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 364320
Time elapsed: 1 hour(s), 27 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

owense1
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-10-17
OS : Vista

View user profile

Back to top Go down

Re: help

Post by owense1 on Sun Oct 25, 2009 4:04 pm

In order to get to internet explorer, I need to run as an administrator. I get the following message if I try to go online as a non adminstrator


illegal operation attempted on a registry key that has been marked for deletion

owense1
Novice
Novice

Status :
Online
Offline

Posts : 17
Joined : 2009-10-17
OS : Vista

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum