ok. here it is:
ComboFix 11-06-22.02 - Veronica 06/24/2011 15:00:28.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1978.1127 [GMT -4:00]
Running from: c:\users\Veronica\Desktop\ComboFix.exe
Command switches used :: c:\users\Veronica\Desktop\CFScript.txt,.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Veronica\Desktop\IMG_0566.JPG"
"c:\users\Veronica\Desktop\IMG_0567.JPG"
"c:\users\Veronica\Desktop\IMG_0568.JPG"
"c:\users\Veronica\Desktop\IMG_0569.JPG"
"c:\users\Veronica\Desktop\IMG_0570.JPG"
"c:\users\Veronica\Desktop\IMG_0571.JPG"
"c:\users\Veronica\Desktop\IMG_0572.JPG"
"c:\users\Veronica\Desktop\IMG_0573.JPG"
"c:\users\Veronica\Desktop\IMG_0574.JPG"
"c:\users\Veronica\Desktop\IMG_0575.JPG"
"c:\users\Veronica\Desktop\IMG_0576.JPG"
"c:\users\Veronica\Desktop\IMG_0577.JPG"
"c:\users\Veronica\Desktop\IMG_0578.JPG"
"c:\users\Veronica\Desktop\IMG_0579.JPG"
"c:\users\Veronica\Desktop\IMG_0580.JPG"
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 19:07 . 2011-06-24 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-24 19:07 . 2011-06-24 19:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-06-24 18:56 . 2011-06-24 18:57 -------- d-----w- C:\32788R22FWJFW
2011-06-24 17:50 . 2011-06-24 17:50 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDC58F4F-97EE-484C-B13F-ABD35B5F6F8B}\MpKsl8db17a9e.sys
2011-06-24 17:50 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FDC58F4F-97EE-484C-B13F-ABD35B5F6F8B}\mpengine.dll
2011-06-23 21:20 . 2011-06-23 21:20 -------- d-----w- c:\users\Veronica\DoctorWeb
2011-06-23 20:55 . 2011-06-24 19:08 -------- d-----w- c:\users\Veronica\AppData\Local\temp
2011-06-22 22:38 . 2011-06-22 22:38 -------- d-----w- C:\_OTL
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western_Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Roaming\Western Digital
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\users\Guest\AppData\Local\Western Digital
2011-06-04 00:05 . 2011-06-04 00:05 -------- d-----w- c:\users\Veronica\AppData\Local\Western_Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\users\Veronica\AppData\Roaming\Western Digital
2011-06-01 02:09 . 2011-06-01 02:09 -------- d-----w- c:\programdata\Western Digital
2011-06-01 02:08 . 2011-06-01 02:08 -------- d-----w- c:\program files\Western Digital
2011-06-01 02:07 . 2011-06-01 02:07 -------- d-----w- c:\users\Veronica\AppData\Local\Western Digital
2011-05-31 21:52 . 2011-05-31 21:52 -------- d-----w- c:\users\Guest\AppData\Local\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2010-11-19 08:15 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2011-04-21 01:05 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-04-21 01:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-03-14 67456]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-23 149280]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DLBXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2007-02-22 73728]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\users\Veronica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 MpKsl00608dee;MpKsl00608dee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CF1F8BF-D447-47E2-BE96-5C07E270D106}\MpKsl00608dee.sys [x]
R1 MpKsl0909484c;MpKsl0909484c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsl0909484c.sys [x]
R1 MpKsl0960289c;MpKsl0960289c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{194E9C2A-569A-4BEA-BE6B-D1AFB9F40E1F}\MpKsl0960289c.sys [x]
R1 MpKsl19bbb742;MpKsl19bbb742;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A0A44BC-031D-427E-89BF-86B61AA7C7EA}\MpKsl19bbb742.sys [x]
R1 MpKsl331eb652;MpKsl331eb652;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKsl331eb652.sys [x]
R1 MpKsl39456dc4;MpKsl39456dc4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl39456dc4.sys [x]
R1 MpKsl3d441665;MpKsl3d441665;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsl3d441665.sys [x]
R1 MpKsl4b2e47a2;MpKsl4b2e47a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B3A7D507-EB24-4A58-B9BB-67F7C4191FD6}\MpKsl4b2e47a2.sys [x]
R1 MpKsl4e008ecf;MpKsl4e008ecf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EF8FE95A-6C4D-489E-B16C-155DEE7FEA5C}\MpKsl4e008ecf.sys [x]
R1 MpKsl5f96d20b;MpKsl5f96d20b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsl5f96d20b.sys [x]
R1 MpKsl70eb86f1;MpKsl70eb86f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B204BD14-A422-48A7-9FB0-6116EB3682C4}\MpKsl70eb86f1.sys [x]
R1 MpKsl725c43fb;MpKsl725c43fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4DFF6AE7-34CB-4859-8292-754870B21E0F}\MpKsl725c43fb.sys [x]
R1 MpKsl77c0eb11;MpKsl77c0eb11;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6998CA14-BF33-4E18-A459-8F9D386FADF2}\MpKsl77c0eb11.sys [x]
R1 MpKsl831714da;MpKsl831714da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{89FB1A7F-D6BE-4AB4-B663-05EC49BF9B22}\MpKsl831714da.sys [x]
R1 MpKsla6e529dd;MpKsla6e529dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F34B971-36AB-4971-B1FD-D6E7F53B5AD5}\MpKsla6e529dd.sys [x]
R1 MpKslb47a9eff;MpKslb47a9eff;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21C27F91-0AEC-446C-ADA7-B208B26229CD}\MpKslb47a9eff.sys [x]
R1 MpKslbe05309e;MpKslbe05309e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslbe05309e.sys [x]
R1 MpKslc43f7ba2;MpKslc43f7ba2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKslc43f7ba2.sys [x]
R1 MpKslcac93121;MpKslcac93121;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslcac93121.sys [x]
R1 MpKslce46060e;MpKslce46060e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F72BFBBD-C39B-40A2-BA7F-2E1F8C63CE95}\MpKslce46060e.sys [x]
R1 MpKsld3e85ddc;MpKsld3e85ddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CD74E0C3-9573-4D85-BB87-F3CE0E907865}\MpKsld3e85ddc.sys [x]
R1 MpKsld45ac79f;MpKsld45ac79f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{00E5D929-C79D-4DB0-A876-59AE00971250}\MpKsld45ac79f.sys [x]
R1 MpKsle07cee06;MpKsle07cee06;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F11AB576-502D-4E1C-B58A-71FA97F9BA76}\MpKsle07cee06.sys [x]
R1 MpKslea860ce8;MpKslea860ce8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C6141F88-2BAF-4A53-B887-48AADFC1705B}\MpKslea860ce8.sys [x]
R1 MpKsleb0e88a5;MpKsleb0e88a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AAF77A2-A3C2-46D9-91ED-A856A702EEBE}\MpKsleb0e88a5.sys [x]
R1 MpKsleebcb9ba;MpKsleebcb9ba;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{681DF8A2-228F-4958-A112-36CD25BD20AE}\MpKsleebcb9ba.sys [x]
R1 MpKslf83867e5;MpKslf83867e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{118DBAFC-2403-4E53-A0E5-66520508A40D}\MpKslf83867e5.sys [x]
R1 MpKslfdf9e547;MpKslfdf9e547;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{47771F47-29C5-40A6-B40D-6838C032C19A}\MpKslfdf9e547.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-10-06 365952]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-05-29 22712]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DWPROT
*NewlyCreated* - MPKSL6A43D330
*NewlyCreated* - MPKSL8DB17A9E
*Deregistered* - Dwsh00007E95
*Deregistered* - MpKsl6a43d330
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-20 c:\windows\Tasks\HPCeeScheduleForVeronica.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
2011-06-24 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 15:31]
.
2011-06-16 c:\windows\Tasks\RegTask.job
- c:\program files\RegTask\RegTask.exe [2011-02-23 17:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Veronica\AppData\Roaming\Mozilla\Firefox\Profiles\m5wjplke.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player:
[email protected] - c:\users\Veronica\AppData\Roaming\Move Networks
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-06-24 15:08
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-24 15:09:45
ComboFix-quarantined-files.txt 2011-06-24 19:09
ComboFix2.txt 2011-06-23 20:55
ComboFix3.txt 2011-06-23 19:11
ComboFix4.txt 2011-06-23 18:46
ComboFix5.txt 2011-06-24 18:57
.
Pre-Run: 77,033,865,216 bytes free
Post-Run: 77,165,461,504 bytes free
.
- - End Of File - - 559A111C37E0078E68938C369BA83B6E