sorry I was not able to post the combofix log that you asked about I was really busy. Here is the log
ComboFix 10-09-23.01 - HP_Owner 09/23/2010 13:12:12.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1256.20.1033.18.1919.1411 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Owner\Application Data\CyberDefender
c:\documents and settings\HP_Owner\Application Data\CyberDefender\Registry Cleaner\cdrcupdate.ini
c:\documents and settings\HP_Owner\Application Data\CyberDefender\Registry Cleaner\lastresults.cdr
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-08-23 to 2010-09-23 )))))))))))))))))))))))))))))))
.
2010-09-22 22:12 . 1999-11-14 22:41 86016 ----a-w- c:\windows\unvise32.exe
2010-09-22 22:12 . 2010-09-22 22:12 -------- d-----w- C:\Q3Ademo
2010-09-22 00:51 . 2010-09-22 00:51 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\OOo-dev
2010-09-22 00:49 . 2010-09-22 01:57 -------- d-----w- c:\program files\OOo-dev 3
2010-09-21 22:52 . 2010-09-21 22:52 -------- d-----w- c:\program files\PhotoWipe
2010-09-20 04:09 . 2010-09-20 04:09 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
2010-09-19 05:35 . 2010-09-19 05:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-09-17 22:58 . 2010-09-23 03:08 -------- d-----w- c:\program files\Blubster
2010-09-17 22:26 . 2010-09-17 22:26 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Search Settings
2010-09-17 22:26 . 2010-09-17 22:26 -------- d-----w- c:\program files\Application Updater
2010-09-15 23:51 . 2010-09-09 03:45 615568 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-09-15 23:51 . 2010-09-09 03:45 640264 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-09-15 17:25 . 2004-08-04 12:00 838144 -c--a-w- c:\windows\system32\dllcache\chtbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 838144 ----a-w- c:\windows\system32\chtbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 70656 -c--a-w- c:\windows\system32\dllcache\korwbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 70656 ----a-w- c:\windows\system32\korwbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 1677824 -c--a-w- c:\windows\system32\dllcache\chsbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 1677824 ----a-w- c:\windows\system32\chsbrkr.dll
2010-09-15 17:25 . 2004-08-04 12:00 98304 -c--a-w- c:\windows\system32\dllcache\msir3jp.dll
2010-09-15 17:25 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\msir3jp.dll
2010-09-15 17:25 . 2004-08-04 12:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2010-09-13 23:49 . 2010-09-16 05:24 -------- d-----w- c:\program files\EasyCall2008
2010-09-13 01:03 . 2010-09-13 01:03 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-11 23:15 . 2010-09-11 23:15 -------- d-----w- c:\program files\Trend Micro
2010-09-11 02:02 . 2010-09-11 02:02 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-09-11 01:56 . 2010-09-11 02:15 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-11 01:56 . 2010-09-11 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-09-10 16:24 . 2010-09-07 07:37 901120 ----a-w- c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npActiveGS.dll
2010-09-10 14:23 . 2010-09-10 14:23 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-48c7b252-n\decora-sse.dll
2010-09-10 14:23 . 2010-09-10 14:23 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51f53f39-n\msvcp71.dll
2010-09-10 14:23 . 2010-09-10 14:23 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51f53f39-n\jmc.dll
2010-09-10 14:23 . 2010-09-10 14:23 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-51f53f39-n\msvcr71.dll
2010-09-10 14:23 . 2010-09-10 14:23 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-48c7b252-n\decora-d3d.dll
2010-09-10 02:44 . 2010-09-10 02:44 -------- d-----w- C:\_OTM
2010-09-08 16:32 . 2010-09-08 16:32 -------- d-----w- c:\documents and settings\HP_Owner\Packet Tracer 5.2
2010-09-08 16:31 . 2010-09-08 17:04 -------- d-----w- c:\program files\Packet Tracer 5.2
2010-09-02 01:04 . 2010-09-02 01:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Application Updater
2010-09-01 19:41 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-09-01 19:40 . 2010-09-01 19:40 -------- d-----w- c:\program files\Realtek AC97
2010-09-01 19:40 . 2006-12-08 22:20 10528768 ----a-w- c:\windows\system32\RTLCPL.exe
2010-09-01 19:40 . 2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
2010-09-01 19:40 . 2006-10-18 09:53 147456 ----a-w- c:\windows\system32\RtlCPAPI.dll
2010-09-01 19:40 . 2006-07-31 18:27 217088 ----a-w- c:\windows\Alcrmv.exe
2010-09-01 19:40 . 2006-07-31 18:19 315392 ----a-w- c:\windows\alcupd.exe
2010-09-01 14:57 . 2010-09-01 14:57 -------- d-----w- c:\program files\Microsoft Virtual PC
2010-08-30 20:06 . 2010-08-30 20:06 60696384 ----a-w- c:\documents and settings\All Users\Application Data\Sony Corporation\AutoUpdateClient\CT\ContentTransferSetup.exe
2010-08-30 20:05 . 2010-08-30 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-08-30 20:05 . 2010-08-30 20:05 -------- d-----w- c:\program files\Common Files\Sony Shared
2010-08-30 20:03 . 2010-08-30 20:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Downloaded Installations
2010-08-26 23:30 . 2010-08-26 23:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Hagel Technologies
2010-08-25 17:54 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-25 17:54 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 17:54 . 2010-08-25 18:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 20:08 . 2010-04-08 21:06 -------- d-----w- c:\program files\Crawler
2010-09-23 19:24 . 2010-08-22 05:49 -------- d-----w- c:\program files\QuickTime
2010-09-23 19:24 . 2010-06-22 04:39 -------- d-----w- c:\program files\PC Inspector File Recovery
2010-09-23 19:24 . 2004-10-22 02:32 -------- d-----w- c:\program files\PC-Doctor for Windows
2010-09-23 19:23 . 2010-04-08 22:28 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-22 23:37 . 2010-04-08 20:52 112208 -c--a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-20 17:22 . 2010-08-22 04:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Skype
2010-09-20 17:21 . 2010-08-22 04:01 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\skypePM
2010-09-20 14:12 . 2010-04-09 03:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-20 04:13 . 2010-04-08 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-20 00:42 . 2010-05-02 23:00 164880 -c-ha-w- c:\documents and settings\HP_Owner\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
2010-09-18 15:43 . 2010-06-02 20:43 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\vlc
2010-09-16 05:29 . 2010-04-08 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-16 05:28 . 2010-04-08 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 03:25 . 2010-04-10 20:13 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\QuickScan
2010-09-10 18:28 . 2010-04-08 22:51 117760 -c--a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-10 14:23 . 2004-10-22 00:27 -------- d-----w- c:\program files\Common Files\Java
2010-09-10 14:22 . 2004-10-22 00:27 -------- d-----w- c:\program files\Java
2010-09-07 15:12 . 2010-06-29 17:49 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-04-25 14:22 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-04-25 14:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-04-25 14:22 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-04-25 14:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-04-25 14:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-04-25 14:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-04-25 14:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-04-25 14:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-04 04:27 . 2010-04-08 20:28 -------- d-----w- c:\program files\Common Files\AOL
2010-09-01 19:40 . 2004-10-22 01:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 15:34 . 2010-04-08 23:26 -------- d-----w- c:\program files\SpeedFan
2010-08-31 02:28 . 2010-04-08 21:10 -------- d-----w- c:\program files\SpywareBlaster
2010-08-31 02:15 . 2010-05-05 03:52 -------- d-----w- c:\program files\CCleaner
2010-08-30 20:11 . 2010-05-01 21:24 -------- d-----w- c:\program files\Sony
2010-08-30 20:05 . 2010-05-01 21:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Sony Corporation
2010-08-24 05:57 . 2010-08-24 05:57 180048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-22 04:01 . 2010-08-22 04:01 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-22 04:00 . 2010-08-22 04:00 -------- d-----r- c:\program files\Skype
2010-08-22 04:00 . 2010-08-22 04:00 -------- d-----w- c:\program files\Common Files\Skype
2010-08-22 04:00 . 2010-08-22 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-18 17:34 . 2010-08-18 17:34 -------- d-----w- c:\program files\2BrightSparks
2010-08-17 13:17 . 2010-04-08 19:17 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 04:55 . 2010-08-17 04:34 -------- d-----w- c:\program files\ZAR
2010-08-15 04:34 . 2010-04-08 20:19 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Apple Computer
2010-08-15 04:33 . 2010-08-12 20:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 06:50 . 2010-08-14 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-14 06:50 . 2010-08-14 06:49 -------- d-----w- c:\program files\iTunes
2010-08-14 06:49 . 2010-08-14 06:49 -------- d-----w- c:\program files\iPod
2010-08-14 06:49 . 2010-08-12 20:39 -------- d-----w- c:\program files\Common Files\Apple
2010-08-14 06:47 . 2010-08-12 20:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-14 06:46 . 2010-08-14 06:46 -------- d-----w- c:\program files\Apple Software Update
2010-08-12 20:50 . 2010-08-12 20:50 -------- d-----w- c:\program files\Bonjour
2010-08-05 03:36 . 2010-08-05 03:33 -------- d-----w- c:\program files\Google
2010-07-28 18:54 . 2010-07-28 18:54 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-28 18:53 . 2010-07-28 18:53 85504 -c--a-w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-07-28 18:53 . 2010-07-28 18:53 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\SystemRequirementsLab
2010-07-23 20:20 . 2010-07-23 20:20 0 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\hpq3BE.tmp
2010-07-22 15:49 . 2010-04-08 19:17 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2010-04-08 22:16 5120 -c--a-w- c:\windows\system32\xpsp4res.dll
2010-07-21 23:30 . 2010-07-21 23:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-17 12:00 . 2010-05-24 02:13 423656 -c--a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2010-04-08 19:17 149504 ----a-w- c:\windows\system32\schannel.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2010-03-23 29520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HostManager"="c:\program files\Common Files\AOL\1270768886\ee\AOLSoftware.exe" [2010-02-10 41800]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-13 202256]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launch Softros Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launch Softros Messenger.lnk
backup=c:\windows\pss\Launch Softros Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\HP Organize.lnk
backup=c:\windows\pss\HP Organize.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wifi]
C: [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 -c--a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 -c--a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 21:54 2343120 -c--a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2010-03-23 14:54 29520 -c--a-w- c:\program files\AOL 9.5\aol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42 79448 -c--a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 -c--a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
2009-07-30 23:05 497000 ----a-w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-02-10 13:19 41800 ----a-w- c:\program files\Common Files\AOL\1270768886\EE\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-08 01:42 659456 -c--a-w- c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2004-06-08 01:53 49152 -c--a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
1998-05-07 23:04 52736 -c--a-w- c:\windows\system\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2004-08-21 05:55 155648 -c--a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:32 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-04-17 19:41 196608 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 13:07 69632 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-07-21 22:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2003-02-12 03:02 61440 -c--a-w- c:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-15 04:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 05:31 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 05:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 05:32 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
2002-10-16 23:57 81920 -c--a-w- c:\windows\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 12:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2004-04-15 03:43 233472 -c--a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2003-12-18 07:31 118784 -c--a-w- c:\windows\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
c:\program files\Search Settings\SearchSettings.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 22:28 577536 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 -c----w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-04-01 19:28 2010864 -c--a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
2010-04-08 20:33 111840 -c--a-w- c:\progra~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-13 19:40 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 15872 -c--a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 15:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1270768886\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\AOL\\1270768886\\EE\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Packet Tracer 5.2\\bin\\PacketTracer5.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\rmid.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\tnameserv.exe"=
"c:\\Program Files\\Java\\j2re1.4.2_03\\bin\\rmiregistry.exe"=
"c:\\Q3Ademo\\quake3.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"41170:UDP"= 41170:UDP:blubster
"4117:UDP"= 4117:UDP:Blubster
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 7:22 AM 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 12:51 AM 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 7:22 AM 17744]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [4/8/2010 12:17 PM 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/4/2010 8:33 PM 136176]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/8/2010 12:17 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\CA\PCPitstopScheduleService.exe [6/10/2010 12:47 PM 90296]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/16/2010 7:51 PM 691696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
2010-09-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 03:33]
2010-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 03:33]
2010-09-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-92828259-3849547123-319332961-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
2010-09-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-92828259-3849547123-319332961-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
www.google.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npActiveGS.dll
FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\86fn9883.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npletssyncpublisher.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-23 13:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-23 13:19:22
ComboFix-quarantined-files.txt 2010-09-23 20:19
ComboFix2.txt 2010-09-11 22:19
Pre-Run: 76,431,089,664 bytes free
Post-Run: 76,589,592,576 bytes free
- - End Of File - - CBDA3B54351753FE9AFC64F909271250