I have run malwarebytes, superantispyware, cleanup, atf cleaner, mcafee full system scan and registry cleaner that was preinstalled on my machine, all to no avail.
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:53:10 AM, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick.ph ... 3.9357&e=0
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - blank (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [EarthLink Installer] " /C
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1122154839\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLT4] E:\AOLSETUP.EXE -ACS
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\ApcMain.exe -m
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Updates] c:\windows\system\Update.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm020YYUS
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://E:\games\WebDriverFullInstall.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Service\Software Jukebox v2.0 File.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 1: Comcast Video Mail Player - http://videomail2.comcast.net/vm/vm_pla ... vmpid=1004
--
End of file - 14191 bytes
Also, ran combofix after posting this, I am still getting the re-directs and script editor pop-ups, here is the log from combofix:
ComboFix 10-02-08.01 - HP_Owner 02/08/2010 14:31:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1527.960 [GMT -5:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\$$CIHTTP.TMP
c:\docume~1\HP_Owner\LOCALS~2\Temp\IadHide5.dll
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\HP_Owner\LocalSettings\Temp\IadHide5.dll
C:\Thumbs.db
c:\windows\system32\Ijl11.dll
c:\windows\system32\ps2.bat
c:\windows\viassary-hp.reg
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.
2010-02-08 14:24 . 2010-02-08 14:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-08 14:24 . 2010-02-08 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-08 14:21 . 2010-02-08 14:21 -------- d-----w- c:\program files\AdVantage
2010-02-08 14:18 . 2010-02-08 14:18 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GameTuts
2010-02-08 13:14 . 2010-02-08 14:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Freecorder
2010-02-08 12:10 . 2010-02-08 14:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-08 12:10 . 2010-02-08 12:10 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2010-02-07 20:35 . 2010-02-07 20:35 -------- d-----w- c:\program files\TrendMicro
2010-02-05 12:11 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-02-05 12:01 . 2010-02-05 12:01 380000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-04 00:02 . 2010-02-08 13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-04 00:02 . 2010-02-04 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-31 18:29 . 2010-01-31 18:32 69 ----a-w- c:\documents and settings\Connie Anne\jagex_runescape_preferences2.dat
2010-01-28 23:29 . 2010-02-08 14:22 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 19:47 . 2010-02-08 19:47 3645 ----a-w- c:\windows\viassary-hp.reg
2010-02-08 19:45 . 2009-10-09 17:58 -------- d-----w- c:\program files\Common Files\Akamai
2010-02-08 15:34 . 2004-08-04 04:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-02-08 14:43 . 2004-11-03 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Desktop
2010-02-08 14:35 . 2005-02-08 04:26 226336 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-08 14:19 . 2005-01-03 16:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-08 14:18 . 2009-12-10 04:26 -------- d-----w- c:\program files\CleanUp!
2010-02-08 13:23 . 2009-12-31 21:39 -------- d-----w- c:\program files\Tracker Software
2010-02-08 13:23 . 2005-03-27 16:53 -------- d-----w- c:\program files\Microsoft Games
2010-02-08 12:11 . 2010-02-08 12:11 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-08 12:11 . 2010-02-08 12:11 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-08 12:10 . 2009-07-02 01:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-07 20:35 . 2010-02-07 20:35 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-06 22:12 . 2005-12-20 17:27 -------- d-----w- c:\program files\LucasArts
2010-02-06 14:21 . 2008-12-27 01:07 -------- d-----w- c:\program files\RealArcade
2010-02-05 13:26 . 2009-11-01 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2010-02-05 13:13 . 2005-01-03 16:11 -------- d-----w- c:\program files\Java
2010-02-05 13:12 . 2010-02-05 13:12 152576 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-05 13:12 . 2010-02-05 13:12 79488 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-31 18:29 . 2009-07-24 23:01 39 ----a-w- c:\documents and settings\Connie Anne\jagex_runescape_preferences.dat
2010-01-14 16:12 . 2009-10-03 04:15 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-24 20:15 . 2008-02-09 22:35 -------- d-----w- c:\program files\Datel
2009-12-22 05:21 . 2004-08-04 04:00 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 23:07 . 2005-12-20 23:10 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-18 13:06 . 2005-07-18 20:27 -------- d-----w- c:\program files\Google
2009-12-17 20:29 . 2009-06-13 23:34 226336 ----a-w- c:\documents and settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 19:42 . 2009-12-22 00:42 872960 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y5zu48dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 19:42 . 2009-12-22 00:42 43008 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y5zu48dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 19:42 . 2009-12-22 00:42 340480 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y5zu48dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 19:41 . 2009-12-22 00:42 346624 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y5zu48dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-29 22:43 . 2009-11-29 22:41 2717810 ----a-w- c:\windows\system32\Flowers.scr
2009-11-21 15:51 . 2004-08-04 04:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 02:29 . 2009-11-21 02:29 57344 ----a-w- c:\documents and settings\HP_Owner\Application Data\Autodesk\ACA 2010\enu\ContextualTabSelectorRules.dll
2009-11-20 23:34 . 2009-11-20 23:34 61224 ----a-w- c:\documents and settings\Connie Anne\GoToAssistDownloadHelper.exe
2007-11-30 17:31 . 2007-11-30 17:31 519 ----a-w- c:\program files\Shortcut to Microsoft Works.lnk
2006-07-04 04:10 . 2006-07-04 04:11 774144 ----a-w- c:\program files\RngInterstitial.dll
2005-03-19 22:15 . 2005-03-19 22:15 0 --sha-w- c:\windows\SMINST\HPCD.sys
2008-04-14 00:12 . 2004-08-04 04:00 57344 --sha-w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12 . 2004-08-04 04:00 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12 . 2004-08-04 04:00 11776 --sha-w- c:\windows\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-08-18 01:04 . 2005-02-02 20:44 61440 c:\hp\KBD\bak\KBD.EXE
2005-06-07 03:46 . 2005-06-07 03:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
2004-11-19 17:54 . 2005-07-12 11:17 50776 c:\program files\America Online 9.0\bak\AOL.EXE
2007-10-23 00:35 . 2007-12-06 17:48 24 c:\program files\America Online 9.0\bak\shellmon.ph
2005-07-23 22:51 . 2007-10-06 22:02 24 c:\program files\America Online 9.0\shellmon.ph
2006-09-26 00:52 . 2006-09-26 00:52 50736 c:\program files\Common Files\AOL\1122154839\EE\bak\AOLSoftware.exe
2006-10-23 12:50 . 2006-10-23 12:50 71216 c:\program files\Common Files\AOL\ACS\bak\AOLDial.exe
2005-01-03 17:11 . 2005-02-16 21:15 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2005-01-03 17:11 . 2004-04-17 20:41 196608 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
2005-01-03 16:34 . 2005-01-03 16:34 180269 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2005-02-07 05:22 . 2000-08-14 22:48 32768 c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\bak\Hpi_Monitor.exe
2005-05-12 04:12 . 2005-05-12 04:12 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2007-05-08 21:24 . 2007-05-08 21:24 54840 c:\program files\HP\HP Software Update\hpwuSchd2.exe
2004-06-07 11:53 . 2004-06-07 11:53 49152 c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe
2004-06-04 20:38 . 2004-06-04 20:38 286720 c:\program files\iTunes\bak\iTunesHelper.exe
2009-04-02 20:11 . 2009-04-02 20:11 342312 c:\program files\iTunes\iTunesHelper.exe
2007-06-10 17:43 . 2007-03-14 07:43 83608 c:\program files\Java\jre1.6.0_01\bin\bak\jusched.exe
2004-06-03 05:51 . 2004-06-03 05:51 172032 c:\program files\Microsoft IntelliType Pro\bak\type32.exe
2004-06-03 05:51 . 2004-06-03 05:51 172032 c:\program files\Microsoft IntelliType Pro\type32.exe
2005-01-03 16:40 . 2005-01-03 16:40 98304 c:\program files\QuickTime\bak\qttask.exe
2009-01-05 20:18 . 2009-01-05 20:18 413696 c:\program files\QuickTime\QTTask.exe
2002-04-24 19:55 . 2002-04-25 01:37 1544192 c:\program files\support.com\bin\bak\tgcmd.exe
2004-04-14 13:43 . 2004-04-14 13:43 233472 c:\windows\SMINST\bak\RECGUARD.EXE
2005-01-03 16:14 . 1998-05-07 09:04 52736 c:\windows\system\bak\hpsysdrv.exe
2004-08-04 04:00 . 2004-08-04 04:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 04:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe
2005-01-03 16:15 . 2004-08-20 15:51 118784 c:\windows\system32\bak\hkcmd.exe
2004-06-07 11:42 . 2004-06-07 11:42 659456 c:\windows\system32\bak\hphmon06.exe
2005-05-21 13:54 . 2004-04-06 10:28 172032 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb11.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"Performance Center"="c:\program files\Ascentive\Performance Center\ApcMain.exe" [N/A]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [N/A]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [N/A]
"Windows Updates"="c:\windows\system\Update.exe" [N/A]
"Eraser"="c:\program files\Eraser\eraser.exe" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [N/A]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [N/A]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [N/A]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [N/A]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [N/A]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [N/A]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [N/A]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"EarthLink Installer"="" [N/A]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [N/A]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [N/A]
"SoundMan"="SOUNDMAN.EXE" [2005-04-06 90112]
"AlcWzrd"="ALCWZRD.EXE" [2005-04-06 2805248]
"HostManager"="c:\program files\Common Files\AOL\1122154839\ee\AOLSoftware.exe" [N/A]
"AOLT4"="E:\AOLSETUP.EXE" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"RegistryMechanic"="" [N/A]
"tgcmd"="c:\program files\support.com\bin\tgcmd.exe" [N/A]
"KBD"="c:\hp\KBD\KBD.EXE" [N/A]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [N/A]
"AutoTBar"="c:\program files\HP\Digital Imaging\bin\AUTOTBAR.EXE" [N/A]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [N/A]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Windows Updates"="c:\windows\system\Update.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\pmw\PMREMIND.EXE [1997-12-2 255408]
HP Organize.lnk - c:\program files\Hewlett-Packard\HP Organize\bin\displayAgent.exe [2005-1-3 36864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2006-12-25 303104]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-12 113664]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-4-3 629248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2005-1-3 45056]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Juno\\bin\\juno.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CrossLoop\\CrossLoopConnect.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1122154839\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8888:UDP"= 8888:UDP:Win2DS
"5800:TCP"= 5800:TCP:training
R0 Achernar;Achernar - SCSI Command Filters;c:\windows\system32\drivers\Achernar.sys [6/4/2006 1:02 PM 17920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/3/2004 11:00 PM 14336]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/20/2008 4:58 PM 24652]
R3 Aldebaran;Aldebaran - SCSI Command Filters;c:\windows\system32\drivers\Aldebaran.sys [6/4/2006 1:02 PM 13824]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Admvdsrv;Admvdsrv; [x]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\HP_Owner\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\HP_Owner\LOCALS~1\Temp\bDMusicb.sys [?]
S3 DSCVc;Video Capture;c:\windows\system32\drivers\CoachVc.sys [6/4/2006 1:00 PM 44256]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\CONNIE~1\LOCALS~1\Temp\VIL5E6.tmp --> c:\docume~1\CONNIE~1\LOCALS~1\Temp\VIL5E6.tmp [?]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys --> c:\windows\system32\DRIVERS\rt2870.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098246746-2308418413-2030076829-1017Core.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-13 23:44]
2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1098246746-2308418413-2030076829-1017UA.job
- c:\documents and settings\Alex\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-13 23:44]
2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-23 16:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-23 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forecast.weather.gov/MapClick.ph ... 3.9357&e=0
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm020YYUS
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\y5zu48dg.default\
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - blank
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 14:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\program files\support.com\bin\tgcmd.exe" /server?cmd.exe" /server
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A4B1856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba737852
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba62dbd4
PacketIndicateHandler -> NDIS.sys @ 0xba639a21
SendHandler -> NDIS.sys @ 0xba62dd44
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\CONNIE~1\LOCALS~1\Temp\VIL5E6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1098246746-2308418413-2030076829-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ˆ%’Ã]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1098246746-2308418413-2030076829-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*ˆ%’Ã\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\CLBCATQ.DLL
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(3400)
c:\docume~1\HP_Owner\LOCALS~2\Temp\IadHide5.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\crypserv.exe
c:\program files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\McAfee\MPF\MPFSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\ZuneBusEnum.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\Logi_MwX.Exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Completion time: 2010-02-08 14:55:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 19:55
Pre-Run: 76,765,868,032 bytes free
Post-Run: 77,263,130,624 bytes free
- - End Of File - - 4A4B42CAB3329F69B1C8A7BDDFA7EDAA