I really hope I did this right
ComboFix 10-02-24.01 - Cynthia 02/24/2010 19:18:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1805 [GMT -8:00]
Running from: c:\users\Cynthia\Downloads\ComboFix.exe
AV: ResolutionsMSP *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2819002435-850761837-2018973860-500
c:\$recycle.bin\S-1-5-21-506404324-59653650-1567083677-500
c:\users\Cynthia\AppData\Local\av.exe
.
((((((((((((((((((((((((( Files Created from 2010-01-25 to 2010-02-25 )))))))))))))))))))))))))))))))
.
2010-02-25 03:28 . 2010-02-25 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-25 03:28 . 2010-02-25 03:28 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-02-25 01:56 . 2010-02-13 01:41 558448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-02-25 01:34 . 2010-02-03 09:00 1324720 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\NAVEX15.SYS
2010-02-25 01:34 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\NAVENG32.DLL
2010-02-25 01:34 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\NAVEX32A.DLL
2010-02-25 01:34 . 2010-02-03 09:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\NAVENG.SYS
2010-02-25 01:34 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\ERASER.SYS
2010-02-25 01:34 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\ECMSVR32.DLL
2010-02-25 01:34 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\EECTRL.SYS
2010-02-25 01:34 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100224.035\CCERASER.DLL
2010-02-25 01:30 . 2010-02-25 01:30 -------- d-----r- c:\program files\Norton Support
2010-02-20 01:35 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\Scxpx86.dll
2010-02-20 01:35 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSXpx86.sys
2010-02-20 01:35 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys
2010-02-20 01:35 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSxpx86.dll
2010-02-20 01:35 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys
2010-02-18 08:22 . 2010-02-18 08:22 -------- d-----w- c:\program files\iPod
2010-02-18 08:10 . 2010-02-18 08:10 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-10 15:09 . 2009-12-11 12:07 301568 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 15:09 . 2009-12-11 12:07 98304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 15:08 . 2009-12-08 20:52 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 15:08 . 2009-12-08 20:52 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 15:08 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 15:06 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 15:06 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 15:06 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 15:06 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 15:06 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 15:06 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 15:06 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 15:06 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-02-10 15:06 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 15:06 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 15:05 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 15:05 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-03 03:01 . 2010-02-03 03:01 -------- d-----w- c:\programdata\EA Core
2010-02-03 03:00 . 2010-02-03 03:00 -------- d-----w- c:\programdata\Electronic Arts
2010-01-28 00:36 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSXpx86.sys
2010-01-28 00:36 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\Scxpx86.dll
2010-01-28 00:36 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSxpx86.dll
2010-01-28 00:36 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSvix86.sys
2010-01-28 00:36 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100125.001\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 07:56 . 2009-08-15 06:26 -------- d-----w- c:\users\Cynthia\AppData\Roaming\LimeWire
2010-02-23 07:00 . 2009-10-12 02:54 -------- d-----w- c:\users\Cynthia\AppData\Roaming\Corel
2010-02-23 06:58 . 2009-10-12 02:54 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-23 02:35 . 2009-08-11 10:25 6080 ----a-w- c:\users\Cynthia\AppData\Local\d3d9caps.dat
2010-02-18 08:23 . 2009-06-26 09:20 -------- d-----w- c:\program files\iTunes
2010-02-18 08:22 . 2009-06-26 09:16 -------- d-----w- c:\program files\Common Files\Apple
2010-02-14 08:21 . 2010-01-22 23:21 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-14 08:20 . 2010-01-22 23:22 38784 ----a-w- c:\users\Cynthia\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-11 15:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-03 02:59 . 2009-06-09 22:48 -------- d-----w- c:\program files\Electronic Arts
2010-02-02 06:33 . 2009-06-24 00:23 -------- d-----w- c:\program files\Flock
2010-01-21 23:48 . 2008-10-23 10:52 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 06:06 . 2009-06-26 09:21 -------- d-----w- c:\users\Cynthia\AppData\Roaming\Apple Computer
2010-01-17 06:04 . 2009-06-26 09:16 -------- d-----w- c:\programdata\Apple
2010-01-02 06:38 . 2010-01-22 00:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 00:09 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 06:32 . 2010-01-22 00:09 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 04:57 . 2010-01-22 00:09 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-10-23 10:05 . 2008-10-23 09:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-21 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 153112]
"AMTDeviceService"="c:\program files\AMT Media Manager\AMTDeviceService.exe" [2009-01-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-20 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1008000.029\SymEFA.sys [2/2/2010 2:25 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys [2/2/2010 2:25 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1008000.029\cchpx86.sys [2/2/2010 2:24 PM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSvix86.sys [2/19/2010 5:35 PM 343088]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2/2/2010 2:24 PM 117640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/23/2008 2:56 AM 365952]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/31/2009 12:22 AM 24652]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2008 1:55 AM 193840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/29/2009 11:09 PM 102448]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [12/5/2008 1:25 AM 112640]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NIS\1008000.029\symndisv.sys [2/2/2010 2:25 PM 48688]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-02-24 c:\windows\Tasks\HPCeeScheduleForCynthia.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
2010-02-25 c:\windows\Tasks\User_Feed_Synchronization-{6585B70F-EAFB-4C96-9643-B24DA9996293}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Aim6 - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-SR Splash - c:\program files\SR\SRSplash.exe
HKLM-Run-SRLogon - c:\program files\SR\srlogon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-24 19:29
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-02-24 19:33:40
ComboFix-quarantined-files.txt 2010-02-25 03:33
Pre-Run: 196,952,645,632 bytes free
Post-Run: 197,864,738,816 bytes free
- - End Of File - - 05ABAF7A4FBFE45B6A7DCB493E95630F