Thank you for the reply. I have run combofix as requested and my log is below.
Combofix Log:
ComboFix 10-07-10.01 - HP_Owner 07/10/2010 23:53:14.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.545 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HP_Owner\Application Data\alot
c:\documents and settings\HP_Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_0\Button_0.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_1\Button_1.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_10\Button_10.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_10\Button_10.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_11\Button_11.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_11\Button_11.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_2\Button_2.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_3\Button_3.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_4\Button_4.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_5\Button_5.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_6\Button_6.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_7\Button_7.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_8\Button_8.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Button_9\Button_9.xml
c:\documents and settings\HP_Owner\Application Data\alot\Button_9\Button_9.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\configurator\configurator.xml
c:\documents and settings\HP_Owner\Application Data\alot\configurator\configurator.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\ErrorSearch\ErrorSearch.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml
c:\documents and settings\HP_Owner\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\products\products.xml
c:\documents and settings\HP_Owner\Application Data\alot\products\products.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_0\images\alot_icon_35x16.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_1\images\alot_search_24x16.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_2\images\default_296_alot_hea_heasearch.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_3\images\active_default_297_alot_hea_news.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_3\images\default_297_alot_hea_news.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_4\images\default_298_alot_hea_fitness.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_firstaid.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_readers_digest3.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_5\images\default_299_alot_mrkt_readersdigestorange.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Button_6\images\default_452_alot_mrkt_180.bmp
c:\documents and settings\HP_Owner\Application Data\alot\Resources\Shared\images\alot_brand.png
c:\documents and settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml
c:\documents and settings\HP_Owner\Application Data\alot\TimerManager\TimerManager.xml.backup
c:\documents and settings\HP_Owner\Application Data\alot\toolbar.xml
c:\documents and settings\HP_Owner\Application Data\alot\ToolbarSearch\ToolbarSearch.xml
c:\documents and settings\HP_Owner\Application Data\alot\Updater\Updater.xml
c:\documents and settings\HP_Owner\Application Data\alot\Updater\Updater.xml.backup
c:\windows\uninstal.BAT
D:\Autorun.inf
Infected copy of c:\windows\system32\drivers\redbook.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.
2010-07-11 02:43 . 2010-07-11 02:43 388096 ----a-r- c:\documents and settings\HP_Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-11 02:43 . 2010-07-11 02:43 -------- d-----w- c:\program files\Trend Micro
2010-07-11 01:55 . 2010-07-11 01:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
2010-07-11 01:54 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 01:54 . 2010-07-11 01:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 01:54 . 2010-07-11 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-11 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-10 23:16 . 2010-07-10 23:16 -------- d-----w- c:\program files\CCleaner
2010-07-09 23:39 . 2010-07-11 02:00 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 15:38 . 2010-07-11 01:50 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\acauwoibc
2010-07-04 20:35 . 2010-07-04 20:35 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\PCHealth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 02:29 . 2008-01-25 19:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-11 02:27 . 2008-02-05 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-07-10 23:26 . 2010-05-09 16:07 63488 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-10 23:26 . 2010-05-01 19:52 117760 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-08 13:01 . 2007-07-15 18:16 -------- d-----w- c:\program files\Diablo II
2010-07-04 20:36 . 2009-12-25 15:06 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-04 17:42 . 2009-12-30 23:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-18 00:13 . 2010-01-02 01:29 -------- d-----w- c:\program files\Steam
2010-06-06 20:05 . 2010-03-23 13:26 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:37 . 2009-12-25 15:12 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-15 15:56 . 2008-02-05 01:43 -------- d-----w- c:\program files\Google
2010-05-06 10:41 . 2004-08-04 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 04:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-01 19:52 . 2010-05-01 19:52 52224 ----a-w- c:\documents and settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-20 05:30 . 2004-08-04 04:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 21:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-05 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-28 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-28 81920]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RealUpgradeHelper"="c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe" [2010-02-10 136744]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=c:\windows\pss\AT&T Self Support Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\forteManager.lnk
backup=c:\windows\pss\forteManager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=c:\windows\pss\VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2006-02-15 23:34 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2006-11-22 01:09 842584 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 15:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 01:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-06-01 18:53 1093208 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-05-09 15:50 7311360 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-05-09 15:50 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-07-22 23:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-06-13 20:05 16239616 ----a-w- c:\windows\RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-31 23:13 1238352 ----a-w- c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-02-05 01:44 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-02-10 00:40 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
2007-10-26 20:42 509224 ----a-w- c:\progra~1\Yahoo!\YOP\yop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebClient"=2 (0x2)
"upnphost"=3 (0x3)
"SSDPSRV"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RSVP"=3 (0x3)
"Netlogon"=3 (0x3)
"CiSvc"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"AppMgmt"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo! Games\\Bejeweled 2 Deluxe\\WinBej2.exe"=
"c:\\Program Files\\PopCap Games\\BookWorm Deluxe\\BookWorm.exe"=
"c:\\Program Files\\Yahoo! Games\\Insaniquarium Deluxe\\InsaniquariumDeluxe.exe"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Yahoo! Games\\Blackhawk Striker 2\\Blackhawk2.exe"=
"c:\\Program Files\\Yahoo! Games\\Word Whomp To Go\\WordWhompToGo.exe"=
"c:\\Program Files\\Yahoo! Games\\Blasterball 2 Remix\\bb2remix.exe"=
"c:\\Program Files\\WildTangent\\Blasterball 2\\BB2.exe"=
"c:\\Program Files\\Yahoo! Games\\Yahoo! Ten Pin Championship Bowling\\Yahoo Ten Pin Championship Bowling.exe"=
"c:\\Program Files\\Yahoo! Games\\BeTrapped!\\BeTrapped.exe"=
"c:\\Program Files\\Alphaqueue\\alphaqueue.exe"=
"c:\\Program Files\\GameHouse\\Ricochet\\Ricochet.exe"=
"c:\\Program Files\\Yahoo! Games\\FiberTwig\\FiberTwig.exe"=
"c:\\Program Files\\Yahoo! Games\\Rock N Rockets\\RocksAndRockets.exe"=
"c:\\Program Files\\Yahoo! Games\\Phoenix Assault\\Phoenix.exe"=
"c:\\Program Files\\PopCap Games\\Rocket Mania Deluxe\\RocketMania.exe"=
"c:\\Program Files\\GameHouse\\CollapseCrunch\\Collapse3.exe"=
"c:\\Program Files\\Yahoo! Games\\Shroomz\\Shroomz.exe"=
"c:\\Program Files\\GameHouse\\Combo Chaos\\ComboChaos.exe"=
"c:\\Program Files\\Yahoo! Games\\AstroPop Deluxe\\WinAP.exe"=
"c:\\Program Files\\Yahoo! Games\\Poppit To Go\\PoppitToGo.exe"=
"c:\\Program Files\\GameHouse\\FeedingFrenzy\\FeedingFrenzy.exe"=
"c:\\Program Files\\Charlie's Angels Angel X\\Charlie's Angels Angel X.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Serious Sam 2\\Bin\\Sam2.exe"=
"c:\\Program Files\\Marble Blast Gold\\MarbleBlast.exe"=
"c:\\Program Files\\GameHouse\\Glinx\\Glinx.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\deathmatch classic\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\day of defeat\\hl.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\byy230\\half-life\\hl.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/27/2010 5:30 PM 67656]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2009 2:34 PM 135664]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [11/22/2009 3:54 PM 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [11/22/2009 3:54 PM 18432]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-05 15:07]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 18:34]
2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 18:34]
2010-07-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 01:40]
2010-07-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 21:50]
2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{1F9DCC05-B308-4D50-8D57-5EF9DC013732}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.att.net
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://search.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: ccf.org\mail
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
SafeBoot-MCODS
MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-ISTray - c:\program files\Spyware Doctor\pctsTray.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
MSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-osCheck - c:\progra~1\Symantec\osCheck.exe
MSConfigStartUp-SiteAdvisor - c:\program files\SiteAdvisor\6172\SiteAdv.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Win32 LanMgr - c:\windows\system32\netspool.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
MSConfigStartUp-Windows Update - c:\program files\Common Files\System\SystemUpgrade.exe
MSConfigStartUp-WindowsSystem32 - c:\program files\Common Files\System\hs32.exe
MSConfigStartUp-YBrowser - c:\progra~1\Yahoo!\browser\ybrwicon.exe
AddRemove-HP Solution Center & Imaging Support Tools - c:\program files\HP\Digital Imaging\eSupport\hpzscr01.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-11 00:01
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-07-11 00:04:13
ComboFix-quarantined-files.txt 2010-07-11 04:04
Pre-Run: 62,592,495,616 bytes free
Post-Run: 62,626,213,888 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 4E36B903196D2326F77202D944159E7B