Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zlob, Vbe Sripts, Cpu Vy Slow, Runned Several Spyware Removal Tools


  • Please log in to reply
1 reply to this topic

#1 sweetmisslatin

sweetmisslatin

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Guatemala
  • Local time:03:12 AM

Posted 19 August 2008 - 07:09 PM

I was downloading a program when my AVG antivirus, warned me for a ZLOB and as I continued to say yes to all the warnings it became infected I tried to do what other postings did, but I had not success and that it is why I posted HJT and Combo FIX on here. First I couldn't open any forums like this, then it became infected with a desktop.ini , it crashed with a blue wndow three times, and deleted my wallpapers and then I run several spyware removal tools including AD-aware, Avir antivirus, Stinger, spyboot search and destroy which only found low priority cookies. Reading another post, I found that I could use Combo Fix which was very good and regain control of my wallppapers and it didn't crashed again after I runned this helpful item, which I am attaching too. I have been looking for an answer and still working on Safe Mode. I am posting and seeking responses, please anyone help me.
Thanks in advance for helping me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:07 PM, on 8/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIALA.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Advisor\SSDK04.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\google\googletoolbar2user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ă¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5800F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /FU "C:\Windows\TEMP\E_SE35C.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alessiaboxtoy.spaces.live.com/Photo...nPUplden-us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C31172C-92B7-4D2B-AE71-F510EF2DC520}: NameServer = 216.230.147.90,216.230.128.32
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11336 bytes


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


ComboFix 08-08-18.05 - maryluz 2008-08-19 16:01:49.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.973 [GMT -6:00]
Running from: C:\Users\maryluz\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\maryluz\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5YKS39SV\interclick.com
C:\Users\maryluz\AppData\Roaming\macromedia\Flash Player\#SharedObjects\5YKS39SV\interclick.com\ud.sol
C:\Users\maryluz\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\maryluz\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2008-07-19 to 2008-08-19 )))))))))))))))))))))))))))))))
.

2008-08-18 18:16 . 2008-08-18 20:20 <DIR> d-------- C:\Users\All Users\Avira
2008-08-18 18:16 . 2008-08-18 20:20 <DIR> d-------- C:\ProgramData\Avira
2008-08-18 12:13 . 2008-08-18 12:13 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\Microsoft Corporation
2008-08-18 12:03 . 2008-08-18 12:03 <DIR> d-------- C:\Program Files\Standard User Analyzer
2008-08-17 18:25 . 2008-08-17 18:25 <DIR> d--h----- C:\Windows\PIF
2008-08-17 08:52 . 2008-07-15 19:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-16 13:34 . 2008-08-16 13:34 <DIR> d-------- C:\!KillBox
2008-08-16 11:40 . 2008-06-26 19:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-16 11:40 . 2008-06-26 22:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-16 11:40 . 2008-06-18 21:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-16 11:40 . 2008-04-17 23:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-16 11:39 . 2008-04-09 23:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-15 19:06 . 2008-08-15 19:06 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\WildTangent
2008-08-12 20:05 . 2008-07-30 20:07 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-11 22:04 . 2008-08-17 08:57 <DIR> d-------- C:\Archivos de programa
2008-08-11 21:13 . 2008-08-11 21:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-11 21:11 . 2008-08-11 21:12 <DIR> d-------- C:\Program Files\iTunes
2008-08-11 21:11 . 2008-08-11 21:11 <DIR> d-------- C:\Program Files\iPod
2008-08-09 07:29 . 2008-08-09 07:29 <DIR> d-------- C:\Program Files\Sony
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\Users\All Users\CanonBJ
2008-08-08 10:43 . 2008-08-08 10:43 <DIR> d--h----- C:\ProgramData\CanonBJ
2008-08-08 10:42 . 2006-09-12 20:00 197,632 --a------ C:\Windows\System32\CNMLM86.DLL
2008-08-03 22:42 . 2008-08-03 22:42 <DIR> d-------- C:\Windows\System32\Adobe
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\Users\All Users\WindowsSearch
2008-08-03 20:22 . 2008-08-03 20:22 <DIR> d-------- C:\ProgramData\WindowsSearch
2008-08-03 19:20 . 2008-08-03 21:16 <DIR> d-------- C:\Temp
2008-08-02 00:24 . 2008-08-16 16:25 <DIR> d-------- C:\IPPVR
2008-07-28 08:19 . 2008-05-26 23:21 1,582,592 --a------ C:\Windows\System32\tquery.dll
2008-07-28 08:19 . 2008-05-26 23:21 1,418,240 --a------ C:\Windows\System32\mssrch.dll
2008-07-28 08:19 . 2008-05-26 23:18 670,208 --a------ C:\Windows\System32\mssvp.dll
2008-07-28 08:19 . 2008-05-26 23:18 350,208 --a------ C:\Windows\System32\mssph.dll
2008-07-28 08:19 . 2008-05-26 23:18 203,776 --a------ C:\Windows\System32\mssphtb.dll
2008-07-27 17:15 . 2008-08-17 17:56 1,883 --a------ C:\Windows\System32\responseBody.xml
2008-07-27 17:15 . 2008-08-17 17:56 1,232 --a------ C:\Windows\System32\requestBody.xml
2008-07-27 17:15 . 2008-08-17 17:56 601 --a------ C:\Windows\System32\request.gzip
2008-07-22 00:02 . 2008-07-22 00:03 <DIR> d-------- C:\Program Files\QuickTime
2008-07-21 10:56 . 2008-07-21 10:56 <DIR> d-------- C:\Users\maryluz\AppData\Roaming\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-19 22:02 --------- d-----w C:\Users\maryluz\AppData\Roaming\skypePM
2008-08-19 21:58 --------- d-----w C:\Users\maryluz\AppData\Roaming\Skype
2008-08-19 21:57 --------- d-----w C:\Users\maryluz\AppData\Roaming\AVG7
2008-08-18 15:49 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-08-18 15:28 --------- d-----w C:\Program Files\Microsoft Works
2008-08-17 16:06 --------- d-----w C:\Program Files\Windows Mail
2008-08-17 14:57 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-16 16:35 --------- d-----w C:\ProgramData\WildTangent
2008-08-16 16:35 --------- d-----w C:\ProgramData\avg7
2008-08-16 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-16 01:17 --------- d-----w C:\Program Files\HPQ
2008-08-16 00:03 --------- d-----w C:\Users\maryluz\AppData\Roaming\Apple Computer
2008-08-13 15:53 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 03:11 --------- d-----w C:\ProgramData\Apple Computer
2008-08-11 18:38 13,119 ----a-w C:\Users\maryluz\AppData\Roaming\nvModes.dat
2008-08-11 14:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-04 02:59 --------- d-----w C:\Users\maryluz\AppData\Roaming\Hewlett-Packard
2008-08-04 02:58 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-31 02:07 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-07-30 15:46 --------- d-----w C:\Users\maryluz\AppData\Roaming\Yahoo!
2008-07-18 18:34 586,240 ----a-w C:\Windows\WLXPGSS.SCR
2008-07-15 02:41 --------- d-----w C:\Program Files\Sun
2008-07-15 02:41 --------- d-----w C:\Program Files\Java
2008-07-12 14:59 16,732,450 ------w C:\avg7qt.dat
2008-07-05 19:05 --------- d-----w C:\Program Files\Common Files\Skype
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-14 18:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 18:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-11 20:41 21,248 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-05-27 05:18 71,680 ----a-w C:\Windows\System32\propdefs.dll
2008-05-27 05:18 56,320 ----a-w C:\Windows\System32\xmlfilter.dll
2008-05-27 05:18 44,032 ----a-w C:\Windows\System32\msstrc.dll
2008-05-27 05:18 439,808 ----a-w C:\Windows\System32\SearchIndexer.exe
2008-05-27 05:18 40,448 ----a-w C:\Windows\System32\mimefilt.dll
2008-05-27 05:18 38,400 ----a-w C:\Windows\System32\rtffilt.dll
2008-05-27 05:18 29,184 ----a-w C:\Windows\System32\wsepno.dll
2008-05-27 05:18 231,936 ----a-w C:\Windows\System32\msshsq.dll
2008-05-27 05:18 184,832 ----a-w C:\Windows\System32\SearchProtocolHost.exe
2008-05-27 05:18 136,704 ----a-w C:\Windows\System32\nlhtml.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-04-28 17:48 201,728 ----a-w C:\Program Files\A-Patch140rc2b17_WLM.exe
.

((((((((((((((((((((((((((((( snapshot@2008-08-18_10.54.09.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-18 18:03:48 2,862 ----a-r C:\Windows\Installer\{A7334879-EC5E-41EF-AA96-11562E5E9FA4}\SUAnalyzerIcon.exe
- 2008-08-18 05:23:11 1,000,288 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-08-19 21:28:51 1,000,288 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-08-18 15:13:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-08-19 21:55:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-18 15:13:07 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-08-19 21:55:51 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-08-18 15:14:51 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-19 21:57:36 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-18 15:14:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-19 21:57:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-08-18 15:18:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-19 16:18:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-18 15:18:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-19 16:18:41 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-18 15:18:30 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-19 16:18:41 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-18 16:45:51 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
+ 2008-08-19 22:01:44 262,144 ----a-w C:\Windows\System32\config\systemprofile\ntuser.dat
- 2008-08-18 15:19:41 102,194 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-19 22:02:56 102,194 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-18 15:19:41 598,588 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-19 22:02:56 598,588 ----a-w C:\Windows\System32\perfh009.dat
+ 2006-09-17 08:27:30 146,008 ----a-w C:\Windows\System32\vfLuaPriv2.dll
- 2008-08-18 15:15:36 13,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2337875944-2734999778-3046413750-1000_UserData.bin
+ 2008-08-19 21:58:07 13,122 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2337875944-2734999778-3046413750-1000_UserData.bin
- 2008-08-18 15:15:34 71,206 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-19 21:58:06 71,230 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-18 15:15:29 59,042 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-08-19 21:58:01 59,202 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-08-18 01:57:00 231,722 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-08-19 20:37:00 233,080 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 01:33 1233920]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"EPSON Stylus CX5800F Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE" [2006-12-20 05:00 177664]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 14:54 21718312]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2008-04-28 11:45 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-17 08:32 171448]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 01:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 01:05 1045800]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 18:45 176128]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 09:41 579584]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 13:42 70912]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 03:27 144784]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 15:15 480560]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 10:47 289064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-13 08:25 219136]

C:\Users\maryluz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
2008-03-13 08:25 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
--a------ 2008-02-20 08:33 963072 C:\Program Files\Ares\Ares.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"EarthLink2"= TCP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"EarthLink1"= UDP:Profile=Private|Profile=Public|C:\Program Files\earthlink totalaccess\taskpanl.exe:taskpanl
"TCP Query User{A99EBAA7-22FA-429F-B8A3-8D22A84CD85D}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{BB86CC73-7F82-4EDD-8266-BECC51106AAC}C:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:C:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"TCP Query User{36029472-CD4E-427C-9FF4-0382AFA5DAFE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{12EA6198-E69E-4091-8BB7-BBC5AB687E02}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{2CCE272F-0D71-4579-BFB0-EB1F8EB2E115}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{8EB97B50-99A2-4CE8-83BC-03974BD1D1A3}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{7513D8A4-F9D5-4C37-85A9-1946EAE7EB53}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{1E564005-FB17-4F84-9D03-7199690626A0}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{5880329F-EB52-46D5-B5B4-D1749717C465}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{C3F41459-BD02-4B4B-A3E8-050AA823AD48}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"TCP Query User{22F65797-F506-4C6E-A263-0D9A166073E6}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{15A9BD4F-ECE4-477C-91F3-29A7203F7582}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{4F07E334-A6A7-4FB2-B666-19B956ADC828}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{A5DA0216-9D58-4559-9C15-006A54D58130}C:\\program files\\myspace\\im\\myspaceim.exe"= UDP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{413CD007-0279-4F33-A691-5FD14F0F4D49}C:\\program files\\myspace\\im\\myspaceim.exe"= TCP:C:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{6EF59342-BFCF-4B0C-A4C8-065E24971F08}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{770822E0-F3CD-419C-8A7C-A8DEF7F5828B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A78C0BD6-47A0-42E2-BD24-EB55A18B3287}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{006BAC89-4A8C-4B36-93F6-CA4B0C875775}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0F4A233C-4232-478C-B922-8508CFA6B455}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{F0FA3A52-4321-4B15-837E-6D724F2F822C}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E328D928-3A1E-4AF7-BB8B-10757B20827E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A4D444E7-04BE-4F71-940D-C09B755073A1}C:\\users\\maryluz\\music\\emule\\emule.exe"= UDP:C:\users\maryluz\music\emule\emule.exe:emule.exe
"UDP Query User{C16BDE07-5405-4365-B60E-0BA1ABAFB666}C:\\users\\maryluz\\music\\emule\\emule.exe"= TCP:C:\users\maryluz\music\emule\emule.exe:emule.exe
"TCP Query User{28016DAA-129C-4C9F-90AD-A95CCA5DC9DE}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{1B6FA53C-7897-4A22-99DB-8E4891337911}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{61D78354-429E-4FF9-B7A5-457DD148CB0E}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{AA2BCC20-C9BE-437D-8157-4F3183B620A4}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{AB324F9B-EE04-4B80-BDE5-416DF667F366}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= UDP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"UDP Query User{A88D639E-22F6-477C-A1F2-4FC9D82E4CDB}C:\\programdata\\kaspersky lab setup files\\kaspersky internet security 7.0.1.325\\english\\setup.exe"= TCP:C:\programdata\kaspersky lab setup files\kaspersky internet security 7.0.1.325\english\setup.exe:Kaspersky Internet Security 7.0 Setup
"{5D237D09-23E3-4AAF-B902-08AD78B2E2F9}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B6076B21-A273-425B-AA5E-EB850A2DC824}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{64E594EF-9682-4014-BD92-FA34D0B7EAE8}"= UDP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{0898E914-0CBA-4D44-AB04-D73541BC60AD}"= TCP:C:\Program Files\Online Services\Aolca\InstallAol.exe:AOL
"{314E3A00-9A23-4DD9-A6F2-5593D96C356C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{47523335-A1FA-4936-9A08-0B002FC225FF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{934F8C0A-5F79-416A-A4D0-DA8606FB58D5}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{23BAB454-40EE-4094-974F-A75AEF86B2F4}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E52DD35D-0D49-405C-9C2A-B2225A20965F}"= UDP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"{AE1AF81A-3204-4704-8E4B-3DF9245F04A7}"= TCP:C:\Windows\SMINST\CD Creator.exe:Recovery Disc Creation
"TCP Query User{EC31F36F-44A7-4E0B-8A59-DA6CCC0FFE84}E:\\ippvr.exe"= UDP:E:\ippvr.exe:IPPVR
"UDP Query User{1888CB5F-F570-4F59-A37E-ADAAFCB88EA4}E:\\ippvr.exe"= TCP:E:\ippvr.exe:IPPVR
"TCP Query User{3B1FB490-AED5-4137-A600-B73187C765D3}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{B5062483-8D29-4E94-B9C8-43102C7339D6}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR
"{5EAB13D6-5A06-4509-90A0-DE8983192452}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{69208EC6-3ECC-4562-B786-B230B4F19C2A}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{4D269514-63B0-4F3D-BAD5-BCB83E6EE4A9}C:\\ippvr\\ippvr.exe"= UDP:C:\ippvr\ippvr.exe:IPPVR
"UDP Query User{A6259C83-7BD7-40B4-8278-D6B56E18E447}C:\\ippvr\\ippvr.exe"= TCP:C:\ippvr\ippvr.exe:IPPVR

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 08:25]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73e8ae91-c45a-11dc-84a8-001b2485b8a6}]
\shell\AutoRun\command - E:\d.com
\shell\explore\Command - E:\d.com
\shell\open\Command - E:\d.com
.
Contents of the 'Scheduled Tasks' folder

2008-04-26 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2008-08-18 C:\Windows\Tasks\HPCeeScheduleFormaryluz.job
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-03-23 15:23]

2008-08-19 C:\Windows\Tasks\User_Feed_Synchronization-{44CB0ACF-B851-41B8-B013-B249CF05A0EB}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 01:33]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\maryluz\AppData\Roaming\Mozilla\Firefox\Profiles\15b1k73q.default\
.
.
------- File Associations (Beta) -------
.
VBEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
VBSFile="%SystemRoot%\System32\WScript.exe" "%1" %*
vbefile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
vbsfile\shell\open\command="%SystemRoot%\System32\WScript.exe" "%1" %*
jsefile\shell\open\command=%SystemRoot%\System32\WScript.exe "%1" %*
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-19 16:09:02
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-19 16:11:56
ComboFix-quarantined-files.txt 2008-08-19 22:11:37
ComboFix2.txt 2008-08-18 16:55:06

Pre-Run: 90,805,342,208 bytes free
Post-Run: 90,774,302,720 bytes free

284 --- E O F --- 2008-08-18 15:28:31

Edited by sweetmisslatin, 19 August 2008 - 07:21 PM.


BC AdBot (Login to Remove)

 


#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:10:12 AM

Posted 01 September 2008 - 04:33 PM

Hello sweetmisslatin and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users box
  • In the File Age drop down box select 90 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.
Thanks,

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users