okay ... i think this is the full one now ...
________
ComboFix 10-10-26.01 - HP User 10/31/2010 2:06.3.2 - x86
Running from: c:\users\HP User\Desktop\Downloads\commy.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free Edition 2011 *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.
2010-10-31 06:17 . 2010-10-31 06:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-30 04:55 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-10-30 04:55 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-30 04:53 . 2010-10-30 04:53 -------- d-----w- c:\program files\iPod
2010-10-30 04:53 . 2010-10-30 04:55 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-10-30 04:53 . 2010-10-30 04:55 -------- d-----w- c:\program files\iTunes
2010-10-30 04:42 . 2010-10-30 04:42 -------- d-----w- c:\program files\Apple Software Update
2010-10-30 04:35 . 2010-10-30 04:35 -------- d-----w- c:\program files\Bonjour
2010-10-27 02:40 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{873E7F01-48DC-4950-895C-9ADCCE1D90FE}\mpengine.dll
2010-10-23 15:56 . 2010-10-23 15:56 -------- d-----w- C:\$AVG
2010-10-23 02:58 . 2010-10-23 02:58 -------- d-----w- c:\users\HP User\AppData\Roaming\SUPERAntiSpyware.com
2010-10-23 02:58 . 2010-10-23 02:58 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-23 02:58 . 2010-10-23 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-22 22:52 . 2010-10-22 22:52 -------- d-----w- c:\users\HP User\AppData\Local\AVG Security Toolbar
2010-10-22 22:48 . 2010-10-22 22:48 -------- d-----w- c:\users\HP User\AppData\Roaming\AVG10
2010-10-22 22:41 . 2010-10-22 22:41 -------- d--h--w- c:\programdata\Common Files
2010-10-22 22:40 . 2010-10-22 22:40 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-10-22 22:34 . 2010-10-24 17:21 -------- d-----w- c:\windows\system32\drivers\AVG
2010-10-22 22:34 . 2010-10-22 22:43 -------- d-----w- c:\programdata\AVG10
2010-10-22 22:31 . 2010-10-22 22:31 -------- d-----w- c:\program files\AVG
2010-10-20 04:22 . 2010-10-20 04:23 -------- d-----w- c:\program files\CCleaner
2010-10-19 01:14 . 2010-10-19 01:14 -------- d-----w- c:\programdata\Alwil Software
2010-10-19 01:14 . 2010-10-19 01:14 -------- d-----w- c:\program files\Alwil Software
2010-10-18 18:35 . 2010-10-22 22:18 -------- d-----w- c:\programdata\MFAData
2010-10-17 05:01 . 2010-10-17 05:01 -------- d-----w- c:\users\HP User\AppData\Roaming\Malwarebytes
2010-10-17 04:08 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 04:08 . 2010-10-17 04:08 -------- d-----w- c:\programdata\Malwarebytes
2010-10-17 04:08 . 2010-10-17 05:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 04:08 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2010-02-12 03:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-13 20:27 . 2010-09-13 20:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 07:49 . 2010-09-07 07:49 298448 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-09-07 07:48 . 2010-09-07 07:48 34384 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 249424 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-09-07 07:48 . 2010-09-07 07:48 26064 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-09-02 02:43 . 2010-09-02 01:22 155487976 ----a-w- c:\users\HP User\HP-QuickPlay.exe
2010-08-20 01:42 . 2010-08-20 01:42 27216 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-20 01:42 . 2010-08-20 01:42 123472 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-20 01:42 . 2010-08-20 01:42 30288 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27 252416 ----a-w- c:\program files\oovootb\auxi\oovooAu.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35 87512 ----a-w- c:\program files\oovootb\oovoodx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-10-06 15:31 2475336 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-10-06 2475336]
[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-01-12 1232896]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-04-19 484904]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"CyberDefender Registry Cleaner"="c:\program files\cyberdefender\registry cleaner\Startcdrc.exe" [2009-05-14 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-07-25 1006264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-19 8462336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-19 81920]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-06-13 554552]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-16 71176]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-13 180269]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware2\mbam.exe" [2010-04-29 1090952]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\HP User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Vongo Tray.lnk - c:\windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-7-25 53248]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-10-06 517448]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2010-09-13 25680]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2010-09-07 26064]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2010-09-07 249424]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2010-09-07 298448]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-09-03 6104144]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2010-09-10 265400]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2010-08-20 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2010-08-20 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2010-08-20 27216]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 01:14]
2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-19 01:14]
2010-10-28 c:\windows\Tasks\HPCeeScheduleForHP User.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-07-25 19:36]
2010-10-31 c:\windows\Tasks\User_Feed_Synchronization-{A313BD6C-8C90-4A06-BE7D-B43556B0857D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_0
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:29775
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query=
FF - component: c:\program files\AVG\AVG10\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.5.dll
FF - component: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.6.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Musicnotes\npmusicn.dll
FF - plugin: c:\program files\Musicnotes\NPSibelius.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\HP User\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\users\HP User\AppData\Roaming\Mozilla\Firefox\Profiles\5p7aor47.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false.
- - - - ORPHANS REMOVED - - - -
BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
HKLM-Run-CyberDefender Registry Cleaner - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-10-31 02:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\HPUSER~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-31 02:25:46
ComboFix-quarantined-files.txt 2010-10-31 06:25
Pre-Run: 79,486,631,936 bytes free
Post-Run: 79,456,133,120 bytes free
- - End Of File - - 5F37EEEF5BC7DAB1CA71A2004FE97177