Jump Redirect Problem

[movingon]

Hi,

Here are the three logs. I haven't fixed anything from the virus scan as I'll wait to hear back from you. The Combofix I had to run a second time as I couldn't find the one I did before I ran the virus scan.

Thanks.



KASPERSKY ONLINE SCANNER 7.0 REPORT
Monday, April 20, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, April 20, 2009 04:10:41
Records in database: 2061380


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics
Files scanned 118079
Threat name 2
Infected objects 4
Suspicious objects 1
Duration of the scan 02:57:41

File name Threat name Threats count
C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Identities\{D190EE07-1887-4595-8F62-6253114299D2}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1

D:\I386\APPS\APP32164\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

D:\I386\APPS\APP32164\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 2

The selected area was scanned.


ComboFix 09-04-20.02 - Compaq_Administrator 20/04/2009 8:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1493 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.

2009-04-19 22:39 . 2009-04-19 22:39 73728 ----a-w c:\windows\system32\javacpl.cpl
2009-04-19 22:39 . 2009-04-19 22:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-19 22:28 . 2009-04-19 22:28 -------- d-----w c:\program files\Common Files\Adobe
2009-04-15 22:08 . 2009-04-15 22:08 -------- d-----w c:\program files\ERUNT
2009-04-15 22:07 . 2009-04-16 03:16 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 22:05 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 22:05 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 22:05 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 22:05 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 22:05 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 22:05 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 22:05 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 22:05 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 22:05 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 22:04 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 22:04 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-15 00:48 . 2009-04-15 00:48 -------- d-----w c:\program files\MSECache
2009-04-13 23:44 . 2009-04-15 03:05 24258 ----a-w C:\MGlogs.zip
2009-04-13 23:44 . 2009-04-15 03:05 -------- d-----w C:\MGtools
2009-04-13 23:09 . 2009-04-13 23:09 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-04-13 23:09 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-13 23:09 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-13 23:09 . 2009-04-13 23:09 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-13 23:09 . 2009-04-13 23:09 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-13 21:36 . 2009-04-13 21:36 1340797 ----a-w C:\MGtools.exe
2009-04-13 20:55 . 2009-04-13 20:55 -------- d-----w c:\program files\CCleaner
2009-04-04 17:00 . 2009-04-04 17:00 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\Uniblue
2009-04-04 14:41 . 2009-04-04 16:54 -------- d-----w c:\windows\BDOSCAN8
2009-04-04 11:19 . 2009-04-04 11:19 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-04 11:12 . 2009-04-04 11:12 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-04 11:11 . 2009-04-13 21:52 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-04 11:11 . 2009-04-13 21:52 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-03 18:04 . 2009-04-04 02:32 -------- d-----w C:\fixwareout
2009-04-03 12:11 . 2009-04-03 16:34 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-02 22:39 . 2009-04-02 22:39 -------- d-----w c:\program files\Alwil Software
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 01:39 . 2007-02-27 02:19 -------- d-----w c:\program files\Steam
2009-04-19 22:39 . 2006-08-23 11:21 -------- d-----w c:\program files\Java
2009-04-19 21:44 . 2008-05-17 01:46 -------- d-----w c:\program files\McAfee
2009-04-18 13:31 . 2009-02-22 03:42 -------- d-----w c:\program files\QuickTax 2008
2009-04-16 03:04 . 2006-08-23 11:54 84936 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-15 21:31 . 2006-12-24 03:14 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 21:31 . 2006-12-24 03:14 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 21:52 . 2008-07-09 14:25 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-13 11:34 . 2006-11-12 00:39 -------- d-----w c:\program files\remap
2009-03-25 15:06 . 2008-05-17 01:47 40552 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-03-25 15:06 . 2008-05-17 01:47 79880 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-03-25 15:06 . 2008-05-17 01:47 35272 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-03-25 15:06 . 2008-05-17 01:47 214024 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-03-25 15:05 . 2008-05-17 01:47 34216 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-03-19 14:41 . 2009-03-19 14:37 -------- d-----w c:\documents and settings\All Users\Application Data\CA-SupportBridge
2009-03-17 15:08 . 2009-03-17 15:08 -------- d-----w c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-03-06 14:22 . 2004-08-10 04:00 284160 ------w c:\windows\system32\pdh.dll
2009-03-04 12:29 . 2009-03-04 12:29 268 ---ha-w C:\sqmdata14.sqm
2009-03-04 12:29 . 2009-03-04 12:29 244 ---ha-w C:\sqmnoopt14.sqm
2009-03-03 12:37 . 2009-03-03 12:37 268 ---ha-w C:\sqmdata13.sqm
2009-03-03 12:37 . 2009-03-03 12:37 244 ---ha-w C:\sqmnoopt13.sqm
2009-03-03 11:43 . 2009-03-03 11:43 268 ---ha-w C:\sqmdata12.sqm
2009-03-03 11:43 . 2009-03-03 11:43 244 ---ha-w C:\sqmnoopt12.sqm
2009-03-03 02:12 . 2009-03-03 02:12 268 ---ha-w C:\sqmdata11.sqm
2009-03-03 02:12 . 2009-03-03 02:12 244 ---ha-w C:\sqmnoopt11.sqm
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-03 00:18 . 2004-08-10 04:00 826368 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-02 23:01 . 2009-03-02 23:01 268 ---ha-w C:\sqmdata10.sqm
2009-03-02 23:01 . 2009-03-02 23:01 244 ---ha-w C:\sqmnoopt10.sqm
2009-03-02 14:25 . 2009-03-02 14:25 268 ---ha-w C:\sqmdata09.sqm
2009-03-02 14:25 . 2009-03-02 14:25 244 ---ha-w C:\sqmnoopt09.sqm
2009-03-02 12:40 . 2009-03-02 12:40 268 ---ha-w C:\sqmdata08.sqm
2009-03-02 12:40 . 2009-03-02 12:40 244 ---ha-w C:\sqmnoopt08.sqm
2009-03-01 21:54 . 2009-03-01 21:54 268 ---ha-w C:\sqmdata07.sqm
2009-03-01 21:54 . 2009-03-01 21:54 244 ---ha-w C:\sqmnoopt07.sqm
2009-03-01 19:16 . 2009-03-01 19:16 268 ---ha-w C:\sqmdata06.sqm
2009-03-01 19:16 . 2009-03-01 19:16 244 ---ha-w C:\sqmnoopt06.sqm
2009-03-01 13:21 . 2009-03-01 13:21 268 ---ha-w C:\sqmdata05.sqm
2009-03-01 13:21 . 2009-03-01 13:21 244 ---ha-w C:\sqmnoopt05.sqm
2009-03-01 01:43 . 2009-03-01 01:43 244 ---ha-w C:\sqmnoopt04.sqm
2009-03-01 01:43 . 2009-03-01 01:43 232 ---ha-w C:\sqmdata04.sqm
2009-02-28 04:54 . 2004-08-10 04:00 636072 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-02-22 03:42 . 2008-04-01 19:06 -------- d-----w c:\documents and settings\All Users\Application Data\Intuit Canada
2009-02-20 10:20 . 2007-05-09 19:29 13824 ------w c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2004-08-10 04:00 70656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2004-08-10 04:00 161792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-02-14 00:14 . 2009-02-14 00:14 170584 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-02-09 12:10 . 2004-08-10 04:00 729088 ------w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-10 11:00 714752 ------w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-10 04:00 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-10 04:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2008-10-16 11:42 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-08-10 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 23:02 . 2008-10-16 11:41 2066048 ------w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-08-10 04:00 110592 ------w c:\windows\system32\services.exe
2009-02-06 11:08 . 2008-10-16 11:41 2189056 ------w c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-16 11:42 2145280 ------w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-08-10 11:00 2145280 ------w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\sc.exe
2009-02-06 10:39 . 2004-08-10 04:00 35328 ------w c:\windows\system32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-16 11:41 2023936 ------w c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-08-10 11:00 2023936 ------w c:\windows\system32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\system32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-08-10 04:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-16 23:35 . 2008-05-16 23:35 61224 -c--a-w c:\documents and settings\Compaq_Administrator\GoToAssistDownloadHelper.exe
2007-03-16 18:56 . 2006-11-05 21:02 143 -c--a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\fusioncache.dat
2006-08-23 12:03 . 2006-11-05 21:02 43680 -c--a-w c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-08-23 11:16 . 2006-08-23 11:16 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2008-09-08 11:24 . 2008-09-08 11:24 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080909\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-19_13.33.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-19 22:39 . 2009-04-19 22:39 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2005-08-31 04:02 . 2009-04-20 11:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-31 04:02 . 2009-04-19 12:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-30 20:51 . 2009-04-20 11:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-08-30 20:51 . 2009-04-19 12:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-30 20:51 . 2009-04-20 11:31 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-30 20:51 . 2009-04-19 12:22 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-11-17 23:35 . 2009-04-19 20:37 69120 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 69120 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\xlicons.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 35328 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 35328 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\wordicon.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 30208 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 30208 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\pptico.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 11264 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 11264 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\PEicons.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 28160 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 28160 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\misc.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 73216 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 73216 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\fpicon.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 22528 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\bindico.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 22528 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\bindico.exe
+ 2009-04-19 22:39 . 2009-04-19 22:39 148888 c:\windows\system32\javaws.exe
+ 2009-04-19 22:39 . 2009-04-19 22:39 144792 c:\windows\system32\javaw.exe
+ 2009-04-19 22:39 . 2009-04-19 22:39 144792 c:\windows\system32\java.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 104960 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\outicon.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 104960 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\outicon.exe
- 2006-11-17 23:35 . 2009-04-14 12:09 155136 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\accicons.exe
+ 2006-11-17 23:35 . 2009-04-19 20:37 155136 c:\windows\Installer\{00010409-78E1-11D2-B60F-006097C998E7}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-09 645328]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-26 8523776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-19 148888]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-8-23 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-8-23 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Games\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Games\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R3 87c2fd37-f369-4655-904a-40bac7f20527;87c2fd37-f369-4655-904a-40bac7f20527; [x]
R3 dump_wmimmc;dump_wmimmc; [x]
R3 PciCon;PciCon; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-17 14:53]

2008-05-17 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-17 14:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PRESARIO&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=64&bd=PRESARIO&pf=desktop
uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: athabascau.ca\www
Trusted Zone: internet
Trusted Zone: mcafee.com
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-20 08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3084977504-1679163009-488042437-1007\Software\SecuROM\License information*]
"datasecu"=hex:54,09,d6,26,e3,6b,3e,e7,52,33,49,ed,d4,50,c9,ab,70,f6,fb,2d,23,
0f,bc,ff,07,cc,89,42,1a,4d,01,b2,a4,79,e8,de,40,4c,dc,85,c7,6b,5b,ad,53,ab,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6180)
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-04-20 8:49
ComboFix-quarantined-files.txt 2009-04-20 12:49
ComboFix2.txt 2009-04-19 22:21
ComboFix3.txt 2009-04-19 13:35

Pre-Run: 194,406,436,864 bytes free
Post-Run: 194,480,885,760 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
252 --- E O F --- 2009-04-16 03:16


Logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Administrator at 2009-04-20 09:13:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 185 GB (81%) free of 230 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:49 AM, on 20/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\RSIT.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\Compaq_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...RIO&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8632 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-03-25 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2008-09-07 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-24 737776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-19 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-01-08 645328]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-26 8523776]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-19 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-04-05 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Games\Mass Effect\MassEffectLauncher.exe"="C:\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-04-20 08:49:14 ----A---- C:\ComboFix.txt
2009-04-19 18:39:57 ----A---- C:\WINDOWS\system32\javaws.exe
2009-04-19 18:39:57 ----A---- C:\WINDOWS\system32\javaw.exe
2009-04-19 18:39:57 ----A---- C:\WINDOWS\system32\java.exe
2009-04-19 18:39:57 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-04-19 18:28:28 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-04-19 18:28:21 ----D---- C:\Program Files\Common Files\Adobe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\zip.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\vFind.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\SWSC.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\SWREG.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\sed.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-19 09:29:48 ----A---- C:\WINDOWS\grep.exe
2009-04-19 09:00:57 ----AD---- C:\Qoobox
2009-04-18 13:46:35 ----D---- C:\rsit
2009-04-15 23:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 23:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 23:13:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 23:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 23:13:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 18:51:49 ----HD---- C:\WINDOWS\PIF
2009-04-15 18:10:52 ----D---- C:\WINDOWS\ERDNT
2009-04-15 18:08:44 ----D---- C:\Program Files\ERUNT
2009-04-15 18:07:21 ----A---- C:\WINDOWS\imsins.BAK
2009-04-15 18:07:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-15 18:04:39 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-14 20:48:15 ----D---- C:\Program Files\MSECache
2009-04-13 19:44:23 ----D---- C:\MGtools
2009-04-13 19:09:53 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Malwarebytes
2009-04-13 19:09:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-13 19:09:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-13 17:36:27 ----A---- C:\MGtools.exe
2009-04-13 16:55:37 ----D---- C:\Program Files\CCleaner
2009-04-04 13:00:29 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\Uniblue
2009-04-04 10:41:23 ----D---- C:\WINDOWS\BDOSCAN8
2009-04-04 07:12:17 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-04 07:11:45 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-04 07:11:45 ----D---- C:\Documents and Settings\Compaq_Administrator\Application Data\SUPERAntiSpyware.com
2009-04-03 14:04:41 ----D---- C:\fixwareout
2009-04-03 08:11:57 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-02 18:39:44 ----D---- C:\Program Files\Alwil Software

======List of files/folders modified in the last 1 months======

2009-04-20 09:13:44 ----D---- C:\WINDOWS\Prefetch
2009-04-20 08:55:25 ----D---- C:\WINDOWS\Temp
2009-04-20 08:49:17 ----D---- C:\WINDOWS\system32
2009-04-20 08:49:15 ----AD---- C:\WINDOWS
2009-04-20 08:47:25 ----A---- C:\WINDOWS\system.ini
2009-04-20 08:46:35 ----D---- C:\WINDOWS\system32\drivers
2009-04-20 08:46:35 ----D---- C:\WINDOWS\AppPatch
2009-04-20 08:46:31 ----D---- C:\Program Files\Common Files
2009-04-20 08:44:36 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 08:44:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-19 21:39:27 ----D---- C:\Program Files\Steam
2009-04-19 18:40:01 ----SHD---- C:\WINDOWS\Installer
2009-04-19 18:40:00 ----D---- C:\Config.Msi
2009-04-19 18:39:32 ----D---- C:\Program Files\Java
2009-04-19 18:38:40 ----D---- C:\WINDOWS\Registration
2009-04-19 18:29:49 ----D---- C:\Program Files
2009-04-19 18:28:21 ----D---- C:\Program Files\Adobe
2009-04-19 17:44:48 ----D---- C:\Program Files\McAfee
2009-04-19 16:48:42 ----A---- C:\WINDOWS\lexstat.ini
2009-04-19 10:10:23 ----HD---- C:\WINDOWS\inf
2009-04-18 09:31:52 ----D---- C:\Program Files\QuickTax 2008
2009-04-17 21:41:05 ----AC---- C:\WINDOWS\dellstat.ini
2009-04-16 07:22:38 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-16 07:18:02 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 23:16:50 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-04-15 23:16:16 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 23:16:16 ----D---- C:\Program Files\Internet Explorer
2009-04-15 23:14:24 ----D---- C:\WINDOWS\Debug
2009-04-15 23:13:51 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 17:31:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-15 17:31:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-14 20:48:31 ----RSD---- C:\WINDOWS\Fonts
2009-04-14 20:48:27 ----D---- C:\Program Files\Microsoft Office
2009-04-14 20:48:26 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-13 23:16:32 ----D---- C:\WINDOWS\Help
2009-04-13 17:52:14 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-13 16:57:24 ----D---- C:\WINDOWS\Minidump
2009-04-13 07:34:04 ----D---- C:\Program Files\remap
2009-04-06 10:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-04-04 18:46:25 ----D---- C:\temp
2009-04-04 10:41:26 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-02 20:11:31 ----D---- C:\WINDOWS\system32\config
2009-03-21 10:06:58 ----N---- C:\WINDOWS\system32\kernel32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-10-23 120136]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sdcplh;sdcplh; C:\WINDOWS\System32\drivers\sdcplh.sys [2005-08-22 40576]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-06 4968448]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-26 7435392]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-12-06 10368]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2007-08-21 21760]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 87c2fd37-f369-4655-904a-40bac7f20527;87c2fd37-f369-4655-904a-40bac7f20527; \??\E:\CDS300\cds300.dll []
S3 ardvddkt;ardvddkt; C:\WINDOWS\system32\drivers\ardvddkt.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-04-04 1536000]
S3 catchme;catchme; \??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 dump_wmimmc;dump_wmimmc; \??\C:\Documents and Settings\Compaq_Administrator\Desktop\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Compaq_Administrator\Desktop\Lineage II\system\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 PciCon;PciCon; \??\E:\PciCon.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-19 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-01-08 797864]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-01-09 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-01-09 359952]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-03-25 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-03-19 884360]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-26 155716]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-04-05 405504]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-25 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-04-01 365072]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-03-24 606736]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[Blade81]

Hi

Please empty your deleted items mailbox in Outlook Express. Those other two findings can be ignored

How's the system running now?

[movingon]

Hi,

Everything seems to be running perfectly. Thanks so much for all your help - I really appreciate it.

Movingon

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.