Update: Ran ComboFix. And like last time it told me ZeroAccess rootkit was on the system. And as I watched it I noticed it deleting a file "_ex-68.exe from the Temp folder, a suspicious file I saw pop up on the Task Manager process list and ended the process a few times, before re-running combofix. Also wanted to note that prior to rerunning combofix, downloading to desktop and naming it "commy.exe" as you said, I would go back and forth between Safe and Regular mode and everytime, when I went back to Regular mode, it was always the way I left it and it never froze upon start-up, just had the browser hijacking and popups and browser crashes and laggings, and that was about it.
All seems to be running smoothly as the time I was virus-free, at the moment, will continue to monitor, here is the combo fix log. =]]
ComboFix 11-12-15.02 - Compaq_Administrator 12/15/2011 15:18:27.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1600 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\commy.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Compaq_Administrator\Application Data\Caotd
c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe
c:\documents and settings\Compaq_Administrator\Recent\Thumbs.db
c:\windows\$NtUninstallKB62280$
c:\windows\$NtUninstallKB62280$\1434328181
c:\windows\$NtUninstallKB62280$\485945278\@
c:\windows\$NtUninstallKB62280$\485945278\bckfg.tmp
c:\windows\$NtUninstallKB62280$\485945278\cfg.ini
c:\windows\$NtUninstallKB62280$\485945278\Desktop.ini
c:\windows\$NtUninstallKB62280$\485945278\keywords
c:\windows\$NtUninstallKB62280$\485945278\kwrd.dll
c:\windows\$NtUninstallKB62280$\485945278\L\aqaeidou
c:\windows\$NtUninstallKB62280$\485945278\lsflt7.ver
c:\windows\$NtUninstallKB62280$\485945278\U\00000001.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000002.@
c:\windows\$NtUninstallKB62280$\485945278\U\00000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000000.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000004.@
c:\windows\$NtUninstallKB62280$\485945278\U\80000032.@
c:\windows\CSC\d6
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Temp\_ex-68.exe
.
Infected copy of c:\windows\system32\drivers\mrxsmb.sys was found and disinfected
Restored copy from - The cat found it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
.
.
2011-12-15 21:15 . 2010-02-24 12:31 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-12-15 16:14 . 2011-12-15 18:07 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Avdu
2011-12-14 21:07 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\proquota.exe
2011-12-14 21:07 . 2004-08-09 21:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-12-14 20:16 . 2011-12-14 20:16 -------- d-----w- C:\_OTL
2011-12-13 01:52 . 2009-06-30 16:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-12-13 01:50 . 2011-12-13 01:50 -------- d-----w- c:\program files\Panda Security
2011-12-12 07:08 . 2011-12-12 07:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-12-11 20:32 . 2011-12-11 20:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG2012
2011-12-11 20:26 . 2011-12-11 20:26 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:26 -------- d-----w- c:\program files\AVG Secure Search
2011-12-11 20:25 . 2011-12-11 20:25 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-12-11 20:23 . 2011-12-11 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2011-12-11 20:23 . 2011-12-11 20:24 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-11 20:22 . 2011-12-11 20:22 -------- d-----w- c:\program files\AVG
2011-12-11 20:01 . 2011-12-11 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-12-11 19:32 . 2011-12-11 19:34 -------- d-----w- C:\a39014efedd8604e4c25e763
2011-12-11 19:06 . 2011-12-11 20:33 -------- d-----w- c:\program files\Common Files\PC Tools
2011-12-11 19:03 . 2011-12-11 19:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\TestApp
2011-12-11 18:19 . 2011-12-11 18:19 -------- d-----w- c:\program files\Conduit
2011-12-11 18:19 . 2011-12-15 02:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\midicairUSA
2011-12-11 18:19 . 2011-12-11 18:19 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Conduit
2011-12-11 18:19 . 2011-12-11 18:19 -------- d-----w- c:\program files\midicairUSA
2011-12-11 17:35 . 2011-12-11 17:42 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\NPE
2011-12-11 17:35 . 2011-12-11 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-12-11 13:10 . 2001-08-17 20:06 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-12-11 12:53 . 2001-08-18 04:36 27648 ----a-w- c:\windows\system32\dllcache\cyzports.dll
2011-12-11 12:46 . 2001-08-17 18:13 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
2011-12-11 11:44 . 2011-12-14 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-11 11:44 . 2011-12-11 11:44 -------- d-----w- c:\program files\AVAST Software
2011-12-11 09:03 . 2011-12-12 03:10 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-12-11 09:03 . 2011-12-11 09:03 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-12-11 09:02 . 2011-12-11 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-12-11 07:31 . 2011-12-11 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-12-10 06:10 . 2011-12-10 06:10 -------- d-----w- c:\program files\Common Files\McAfee
2011-12-04 16:46 . 2011-12-04 16:46 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 16:45 . 2011-12-04 16:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Solid State Networks
2011-12-04 14:23 . 2011-12-04 14:23 -------- d-----w- c:\program files\McAfee
2011-12-03 06:11 . 2011-12-03 06:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2011-12-01 06:09 . 2011-12-04 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2011-12-01 06:09 . 2011-12-01 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-12-01 06:09 . 2011-12-04 18:03 -------- d-----w- c:\program files\McAfee Security Scan
2011-11-16 07:36 . 2011-12-11 20:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\QuickScan
2011-11-16 05:36 . 2011-11-16 05:36 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 12:23 . 2011-10-07 12:23 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 12:21 . 2011-10-04 12:21 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-11-27 04:06 . 2011-05-07 00:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
<pre>
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater .exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc .exe
c:\program files\iTunes\iTunesHelper .exe
c:\windows\system32\RunDll32 .exe
</pre>
.
((((((((((((((((((((((((((((( SnapShot@2011-12-14_21.15.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-15 21:34 . 2011-12-15 21:34 16384 c:\windows\temp\Perflib_Perfdata_784.dat
+ 2011-12-15 21:34 . 2011-12-15 21:34 16384 c:\windows\temp\Perflib_Perfdata_668.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}"= "c:\program files\Dogpile Bundle Toolbar\Helper.dll" [2011-05-08 357376]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{C766F9AD-E91E-43DE-91DC-D007680ED4AF}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-11 20:25 1451336 ----a-w- c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}]
2011-05-08 19:54 1543168 ----a-w- c:\program files\Dogpile Bundle Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f3902028-4a21-4793-8e05-793e183d51c2}]
2011-05-09 08:49 176936 ----a-w- c:\program files\midicairUSA\prxtbmidi.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{f3902028-4a21-4793-8e05-793e183d51c2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-12-11 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"= "c:\program files\Dogpile Bundle Toolbar\Toolbar.dll" [2011-05-08 1543168]
"{F3902028-4A21-4793-8E05-793E183D51C2}"= "c:\program files\midicairUSA\prxtbmidi.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{c80bdeb2-8735-44c6-bd55-a1ccd555667a}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{CCBDEEA9-517A-4862-B0A1-862AE9532228}]
[HKEY_CLASSES_ROOT\FCTB000060231.IEToolbar]
.
[HKEY_CLASSES_ROOT\clsid\{f3902028-4a21-4793-8e05-793e183d51c2}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{A830B3A0-7E01-AD7C-8227-6CA295624FB0}"="c:\documents and settings\Compaq_Administrator\Application Data\Caotd\higy.exe" [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ifaje.exe [2011-12-15 194560]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-11-10 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-11-10 27136]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
ujqi.exe [2011-12-15 194560]
.
c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\AutorunsDisabled
Antimalware Doctor.lnk - c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfgebc]
khfgebc.dll [BU]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WhiteSmoke Translator.lnk
backup=c:\windows\pss\WhiteSmoke Translator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Free Music Zilla.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\Free Music Zilla.lnk
backup=c:\windows\pss\Free Music Zilla.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^ZooskMessenger.lnk]
path=c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk
backup=c:\windows\pss\ZooskMessenger.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2011-05-03 15:43 4321112 ----a-w- c:\program files\AIM\aim.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Akamai\netsession_win.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirus AntiSpyware 2011]
c:\documents and settings\Compaq_Administrator\Application Data\AntiVirus AntiSpyware 2011\AntiVirus AntiSpyware.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 -c--a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
c:\program files\AVAST Software\Avast\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast5]
c:\progra~1\ALWILS~1\Avast5\avastUI.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
c:\progra~1\Grisoft\AVG7\avgcc.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2011-10-25 02:29 2415456 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
2009-09-19 13:04 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
c:\program files\BitComet\BitComet.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClickPotatoLiteSA]
c:\program files\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSA.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
2007-10-31 02:57 1095256 ----a-w- c:\program files\DISC\DISCover.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
2011-06-08 15:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E-Set 2011]
c:\program files\E-Set 2011\e-set.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\frlhavwk]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\qdmnov\pklssftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxvjhtup]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\tpnwfbyar\kxyxqcgtssd.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gamevance]
c:\program files\Gamevance Games\gamevance32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-05-18 19:00 136176 ----atw- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2011-12-11 09:00 6480192 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38 241664 -c--a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34 249856 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2004-03-04 15:46 172032 -c--a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICS5R7Y0OS]
c:\windows\Fqugac.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jahovosuz]
c:\windows\system32\gebojele.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
2005-08-24 12:51 442455 -c--a-w- c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 04:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
c:\windows\system32\NvCpl.dll [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
c:\windows\nvsvc32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50 1519616 -c--a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCFixSpeed]
2011-02-11 08:10 312440 ----a-w- c:\program files\PCFixSpeed\PCFixTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pcsafedoctor.exe]
2011-11-01 22:22 2052608 ----a-w- c:\program files\PCSafeDoctor\pcsafedoctor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Play Pickle]
c:\program files\Play Pickle\playpickle32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qowhgiom]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\ftssqe\oqicsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\R8388QA8U8]
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Fpt.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14 237568 -c--a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 14:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sorttp700.exe]
c:\documents and settings\Compaq_Administrator\Application Data\DBF4505D2E0503B99DD8E1D3DBBBD72D\sorttp700.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-04-26 07:35 148888 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-11-07 18:04 4617600 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 -c--a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysfbtray]
c:\windows\freddy67.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\system tool]
c:\windows\sysguard.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vgkjwjqs]
c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\nfljrr\habvsftav.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2011-12-11 20:25 218464 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
2006-07-21 21:19 129536 -c--a-w- c:\progra~1\Yahoo!\browser\ybrwicon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
c:\program files\Yahoo!\Search Protection\SearchProtection.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RSVP"=3 (0x3)
"fioo32"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\SecondLifeViewer2\\SLVoice.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"2155:TCP"= 2155:TCP:Services
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10432:UDP"= 10432:UDP:UDP 10432
"23624:TCP"= 23624:TCP:TCP 23624
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [12/12/2011 7:52 PM 28552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/9/2004 3:00 PM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-BOPEEP-Compaq_Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-04 09:44]
.
2011-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007Core.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
2011-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3122169640-262842125-2451393388-1007UA.job
- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-18 19:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.sweetim.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://home.sweetim.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
Trusted Zone: babynamescentral.com\www
Trusted Zone: trymedia.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\uqjfirve.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://aol.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3070524&SearchSource=2&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Compaq_Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-12-15 15:35
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_b427739.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\msacm32.drv
.
- - - - - - - > 'explorer.exe'(3992)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ARPWRMSG.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2011-12-15 15:38:41 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-15 21:38
ComboFix2.txt 2011-12-14 21:20
ComboFix3.txt 2008-11-16 16:58
.
Pre-Run: 91,037,110,272 bytes free
Post-Run: 91,356,209,152 bytes free
.
- - End Of File - - 0D9AA94C56A499CA91BA03DC30DA4722