TtllyClueless

I also cannot do a system restore. I can't open any executable files. Every file I try to download ends up as Corrupt. Please help so that I may get started on my first steps to remove this thing.

However, I am able to run the DDS and I have already attained my DDS and Attatch file. Gmer.exe will not run.

TtllyClueless

Nevermind. I got it to work via usb drive. :)

Ried

Kindly post the logs.

TtllyClueless

DDS (Ver_09-10-13.01) - NTFSx86
Run by Bobbie at 8:29:39.49 on Fri 10/16/2009
Internet Explorer: 8.0.6001.18828
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1617 [GMT -4:00]

SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\MSN\Toolbar\3.0.0541.0\msntask.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bobbie\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-4-20 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-4-20 365952]

=============== Created Last 30 ================

2009-10-13 22:18 213,504 a------- c:\windows\system32\msv1_0.dll
2009-10-13 22:18 3,599,960 a------- c:\windows\system32\ntkrnlpa.exe
2009-10-13 22:18 3,547,736 a------- c:\windows\system32\ntoskrnl.exe
2009-10-13 22:18 428,544 a------- c:\windows\system32\EncDec.dll
2009-10-13 22:18 217,088 a------- c:\windows\system32\psisrndr.ax
2009-10-13 22:18 293,376 a------- c:\windows\system32\psisdecd.dll
2009-10-13 22:18 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-10-13 22:18 80,896 a------- c:\windows\system32\MSNP.ax
2009-10-13 22:16 61,440 a------- c:\windows\system32\msasn1.dll
2009-10-13 22:16 144,896 a------- c:\windows\system32\drivers\srv2.sys
2009-10-13 22:16 604,672 a------- c:\windows\system32\WMSPDMOD.DLL
2009-10-08 16:07 <DIR> --d----- c:\programdata\Tarma Installer
2009-10-08 16:07 <DIR> --d----- c:\program files\Yontoo Layers Client
2009-10-08 16:07 <DIR> --d----- c:\progra~2\Tarma Installer
2009-10-02 19:11 195,440 -------- c:\windows\system32\MpSigStub.exe
2009-09-30 15:55 <DIR> --d----- c:\users\bobbie\appdata\roaming\Ludia
2009-09-30 15:55 <DIR> --d----- c:\programdata\Ludia
2009-09-30 15:55 <DIR> --d----- c:\progra~2\Ludia
2009-09-30 15:44 <DIR> --d----- c:\users\bobbie\appdata\roaming\iWin
2009-09-27 13:42 <DIR> --d----- c:\program files\Free Window Registry Repair
2009-09-26 10:25 <DIR> --d----- c:\programdata\RegCure
2009-09-26 10:25 <DIR> --d----- c:\progra~2\RegCure
2009-09-26 10:20 <DIR> --d----- c:\windows\pss
2009-09-26 07:55 <DIR> --d----- c:\users\bobbie\Program Files
2009-09-26 07:55 <DIR> --d----- c:\users\bobbie\appdata\roaming\DNA
2009-09-25 11:13 <DIR> --d----- c:\users\bobbie\.gimp-2.6
2009-09-25 11:13 <DIR> --d----- c:\program files\GIMP-2.0
2009-09-24 12:14 27,934 a------- c:\programdata\nvModes.dat
2009-09-24 12:14 27,934 a------- c:\progra~2\nvModes.dat
2009-09-24 12:12 <DIR> --d----- c:\users\bobbie\appdata\roaming\WildTangent
2009-09-21 19:29 299,067,528 a------- c:\windows\MEMORY.DMP
2009-09-21 11:53 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-09-21 11:18 <DIR> --d----- c:\programdata\WEBREG
2009-09-21 11:18 <DIR> --d----- c:\progra~2\WEBREG
2009-09-21 11:12 <DIR> --d----- c:\program files\Yahoo!
2009-09-21 11:11 <DIR> --d----- c:\program files\common files\HP
2009-09-21 11:09 <DIR> --d----- c:\programdata\HP Product Assistant
2009-09-21 11:06 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-09-21 11:04 372,736 a------- c:\windows\system32\hppldcoi.dll
2009-09-21 11:04 309,760 a------- c:\windows\system32\difxapi.dll
2009-09-21 11:04 452,408 a------- c:\windows\system32\hpzids01.dll
2009-09-21 11:04 126,976 a------- c:\windows\system32\hpfll70v.dll
2009-09-21 11:02 158,469 a------- c:\windows\hphins33.dat
2009-09-21 11:01 <DIR> --d----- c:\programdata\HP
2009-09-17 13:08 57,667 a------- c:\windows\system32\ieuinit.inf
2009-09-16 08:35 2,048 a------- c:\windows\system32\tzres.dll

==================== Find3M ====================

2009-10-15 21:20 350,192 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-09-21 11:04 86,016 a------- c:\windows\inf\infstrng.dat
2009-09-21 11:04 86,016 a------- c:\windows\inf\infstor.dat
2009-09-21 11:04 51,200 a------- c:\windows\inf\infpub.dat
2009-09-14 11:34 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE927V2RC_E508241-002_4A_I303C_SWistron_V08.60_F.3E_T090623_WV3-1_L409_M2814_J320_7AMD_8F31_92.10_#090713_N168C001C;10DE0760_(NM345UA#ABA)_XMOBILE_CN10_Z_2F.3E_G10DE0845.MRK
2009-08-28 08:39 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-08-28 08:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 08:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 08:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 08:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 06:15 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 01:22 916,480 a------- c:\windows\system32\wininet.dll
2009-08-27 01:17 109,056 a------- c:\windows\system32\iesysprep.dll
2009-08-27 01:17 71,680 a------- c:\windows\system32\iesetup.dll
2009-08-26 23:42 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-08-17 23:33 1,193,832 a------- c:\windows\system32\FM20.DLL
2009-08-14 12:29 104,960 a------- c:\windows\system32\netiohlp.dll
2009-08-14 12:29 17,920 a------- c:\windows\system32\netevent.dll
2009-08-14 12:23 438,272 a------- c:\windows\system32\IKEEXT.DLL
2009-08-14 12:22 595,456 a------- c:\windows\system32\FWPUCLNT.DLL
2009-08-14 12:21 328,704 a------- c:\windows\system32\BFE.DLL
2009-08-14 10:16 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-08-14 10:16 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-08-14 10:16 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-08-14 10:16 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-08-14 10:16 19,968 a------- c:\windows\system32\ARP.EXE
2009-08-14 10:16 10,240 a------- c:\windows\system32\finger.exe
2009-08-14 10:16 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-04-20 13:15 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 22:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:30:07.70 ===============

Attached Files

Attach.zip (3.9 KB, 2 views)

Ried

Hello TtllyClueless,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

If you have trouble downloading it, use another computer and download it to a flash drive. Return to the infected machine and run it from the flash drive

TtllyClueless

ComboFix 09-10-20.03 - Bobbie 10/21/2009 11:04.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1140 [GMT -4:00]
Running from: c:\users\Bobbie\Documents\Downloads\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *disabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2146173273-4049869502-368252511-500
c:\$recycle.bin\S-1-5-21-29046685-1735998096-3113563136-500
c:\windows\Installer\1f1ae.msi
c:\windows\Installer\1f1b2.msi
c:\windows\Installer\1f1b6.msi
c:\windows\Installer\1f1ba.msi
c:\windows\Installer\1f1be.msi
c:\windows\Installer\2bbb21.msi

.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.

2009-10-21 15:15 . 2009-10-21 15:16 -------- d-----w- c:\users\Bobbie\AppData\Local\temp
2009-10-21 15:15 . 2009-10-21 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-18 17:49 . 2009-10-18 17:49 -------- d-----w- c:\users\Bobbie\AppData\Roaming\FastStone
2009-10-18 17:49 . 2009-10-18 17:49 -------- d-----w- c:\program files\FastStone Image Viewer
2009-10-18 17:43 . 2009-10-18 17:43 -------- d-----w- c:\users\Bobbie\.thumbnails
2009-10-17 14:26 . 2009-10-17 14:26 -------- d-----w- C:\AeriaGames
2009-10-17 14:23 . 2009-10-17 14:23 -------- d-----w- c:\users\Bobbie\AppData\Roaming\InstallShield
2009-10-16 18:57 . 2009-10-16 18:57 -------- d-----w- c:\programdata\WindowsSearch
2009-10-14 02:18 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 02:18 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 02:18 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 02:18 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-14 02:18 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-14 02:16 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 02:16 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 02:16 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-08 20:07 . 2009-10-08 20:07 -------- d-----w- c:\programdata\Tarma Installer
2009-10-08 20:07 . 2009-10-08 20:07 -------- d-----w- c:\program files\Yontoo Layers Client
2009-10-02 23:11 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-30 19:55 . 2009-09-30 19:55 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Ludia
2009-09-30 19:55 . 2009-09-30 19:55 -------- d-----w- c:\programdata\Ludia
2009-09-30 19:44 . 2009-09-30 19:44 -------- d-----w- c:\users\Bobbie\AppData\Roaming\iWin
2009-09-27 17:42 . 2009-09-27 17:54 -------- d-----w- c:\program files\Free Window Registry Repair
2009-09-26 14:25 . 2009-09-26 14:25 -------- d-----w- c:\programdata\RegCure
2009-09-26 14:25 . 2009-09-26 14:35 -------- d-----w- c:\program files\RegCure
2009-09-26 11:55 . 2009-10-16 01:18 -------- d-----w- c:\users\Bobbie\Program Files
2009-09-26 11:55 . 2009-10-16 01:18 -------- d-----w- c:\users\Bobbie\AppData\Roaming\DNA
2009-09-26 11:53 . 2009-09-26 11:54 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-25 15:13 . 2009-10-18 17:46 -------- d-----w- c:\users\Bobbie\.gimp-2.6
2009-09-25 15:13 . 2009-09-25 15:13 -------- d-----w- c:\program files\GIMP-2.0
2009-09-24 16:12 . 2009-09-24 16:12 -------- d-----w- c:\users\Bobbie\AppData\Roaming\WildTangent
2009-09-24 00:58 . 2009-09-26 11:33 -------- d-----w- c:\users\Bobbie\AppData\Roaming\CyberLink
2009-09-24 00:58 . 2009-09-24 17:52 -------- d-----w- c:\users\Bobbie\AppData\Local\QuickPlay
2009-09-21 15:56 . 2009-09-21 15:56 -------- d-----w- c:\program files\Microsoft.NET
2009-09-21 15:53 . 2009-09-21 15:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-21 15:51 . 2009-09-21 15:51 -------- d-----w- c:\users\Bobbie\AppData\Local\Microsoft Help
2009-09-21 15:51 . 2009-09-21 15:51 -------- d-----r- C:\MSOCache
2009-09-21 15:18 . 2009-09-21 15:18 -------- d-----w- c:\programdata\WEBREG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 15:00 . 2009-09-15 04:00 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-10-17 14:26 . 2009-04-20 17:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 07:14 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-14 07:04 . 2009-04-20 18:02 -------- d-----w- c:\programdata\Microsoft Help
2009-10-08 11:03 . 2009-09-14 15:41 107328 ----a-w- c:\users\Bobbie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-30 20:08 . 2009-04-20 17:19 -------- d-----w- c:\programdata\WildTangent
2009-09-24 17:13 . 2009-09-24 16:14 27934 ----a-w- c:\programdata\nvModes.dat
2009-09-22 20:02 . 2009-04-20 18:09 -------- d-----w- c:\programdata\CyberLink
2009-09-21 15:58 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-09-21 15:37 . 2009-09-21 15:12 -------- d-----w- c:\program files\Yahoo!
2009-09-21 15:18 . 2009-09-21 15:14 -------- d-----w- c:\users\Bobbie\AppData\Roaming\HP
2009-09-21 15:17 . 2009-09-21 15:02 158469 ----a-w- c:\windows\hphins33.dat
2009-09-21 15:14 . 2009-09-21 15:01 -------- d-----w- c:\programdata\HP
2009-09-21 15:12 . 2009-09-21 15:12 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Yahoo!
2009-09-21 15:11 . 2009-04-20 18:26 -------- d-----w- c:\program files\HP
2009-09-21 15:11 . 2009-09-21 15:11 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 15:09 . 2009-09-21 15:09 -------- d-----w- c:\programdata\HP Product Assistant
2009-09-21 15:06 . 2009-09-21 15:06 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-16 12:44 . 2009-04-20 18:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-16 12:28 . 2009-04-20 17:50 -------- d-----w- c:\program files\Microsoft Works
2009-09-16 11:52 . 2009-09-16 11:52 -------- d-----w- c:\program files\MSXML 4.0
2009-09-15 14:48 . 2009-09-15 14:48 -------- d-----w- c:\program files\Microsoft
2009-09-15 14:48 . 2009-09-15 14:47 -------- d-----w- c:\program files\Windows Live
2009-09-15 14:47 . 2009-09-15 14:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-15 04:02 . 2009-09-15 04:02 -------- d-----w- c:\program files\Zone Labs
2009-09-15 03:59 . 2009-09-15 03:59 -------- d-----w- c:\programdata\CheckPoint
2009-09-15 02:52 . 2009-04-20 17:03 -------- d-----w- c:\programdata\Symantec
2009-09-14 20:15 . 2009-09-14 20:15 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-14 16:08 . 2009-04-20 17:03 -------- d-----w- c:\programdata\Norton
2009-09-14 15:46 . 2009-09-14 15:43 -------- d-----w- c:\users\Bobbie\AppData\Roaming\hewlett-packard
2009-09-14 15:44 . 2009-09-14 15:44 -------- d-----w- c:\users\Bobbie\AppData\Roaming\Snapfish
2009-09-14 15:44 . 2009-04-20 18:26 -------- d-----w- c:\program files\SMINST
2009-09-14 15:35 . 2009-09-14 15:35 -------- d-----w- c:\users\Bobbie\AppData\Roaming\HP TCS
2009-09-14 15:35 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-14 15:34 . 2009-09-14 15:34 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE927V2RC_E508241-002_4A_I303C_SWistron_V08.60_F.3E_T090623_WV3-1_L409_M2814_J320_7AMD_8F31_92.10_#090713_N168C001C;10DE0760_(NM345UA#ABA)_XMOBILE_CN10_Z_2F.3E_G10DE0845.MRK
2009-08-28 12:39 . 2009-09-15 16:22 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-15 16:22 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-14 02:17 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 02:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 02:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 02:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:01 . 2009-09-15 16:25 900168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 17:01 . 2009-09-15 16:25 220232 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-14 17:01 . 2009-09-15 16:25 98376 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-08-14 16:29 . 2009-09-15 16:25 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-15 16:24 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:23 . 2009-09-15 16:25 438272 ----a-w- c:\windows\system32\IKEEXT.DLL
2009-08-14 16:22 . 2009-09-15 16:25 595456 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2009-08-14 16:21 . 2009-09-15 16:24 328704 ----a-w- c:\windows\system32\BFE.DLL
2009-08-14 14:16 . 2009-09-15 16:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-15 16:24 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-15 16:24 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-15 16:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-15 16:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-15 16:24 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-15 16:24 10240 ----a-w- c:\windows\system32\finger.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-04-20 17:15 . 2009-04-20 17:04 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-09-25 19:22 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/9/2008 3:17 PM 43040]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [4/20/2009 1:17 PM 193840]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [4/20/2009 2:26 PM 365952]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PWRYIPOG
*Deregistered* - pwryipog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29046685-1735998096-3113563136-1000Core.job
- c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 17:26]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-29046685-1735998096-3113563136-1000UA.job
- c:\users\Bobbie\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-14 17:26]

2009-10-16 c:\windows\Tasks\HPCeeScheduleForBobbie.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-20 18:34]

2009-10-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-20 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-21 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-10-21 11:18
ComboFix-quarantined-files.txt 2009-10-21 15:18

Pre-Run: 226,118,336,512 bytes free
Post-Run: 227,360,423,936 bytes free

- - End Of File - - 8F47F7E25BAF0C21B82EFC9645F20714

Ried

Is there any improvement? Please provide an update on system behavior.

TtllyClueless

Was there something in there to begin with that you saw? I don't really know what to look for or if the thing is completely gone.

Ried

Is this still the case? I am not in front of your computer so you have to tell me what's going on.