Ran ERUNT & HJT. Have log file

Hi,

Turn off Webroot protection and Microsoft Security Essentials. Then run ComboFix with the script again.
 
ComboFix 10-03-13.01 - test 03/13/2010 20:00:29.6.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1045 [GMT -5:00]
Running from: c:\users\test\Desktop\Security Issues 03.2010\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 01:20 . 2010-03-14 01:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 01:20 . 2010-03-14 01:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-11 03:18 . 2010-03-12 12:38 -------- d-----w- c:\users\test\AppData\Local\Adobe
2010-03-10 10:21 . 2010-03-10 10:24 20829680 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-10 10:21 . 2010-03-10 10:21 8405312 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-10 10:20 . 2010-03-10 10:20 149000 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-10 10:19 . 2010-03-10 10:20 10309448 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-10 10:17 . 2010-03-10 10:17 181768 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-10 10:17 . 2010-03-10 10:17 283280 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-10 10:17 . 2010-03-10 10:17 79368 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-10 10:17 . 2010-03-10 10:17 64000 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-10 10:17 . 2010-03-10 10:17 52288 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-10 10:17 . 2010-03-10 10:17 50688 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-10 10:17 . 2010-03-10 10:17 118784 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-10 10:17 . 2010-03-10 10:17 49152 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-10 01:06 . 2010-03-10 01:06 439816 ----a-w- c:\users\test\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-10 01:02 . 2010-03-10 01:02 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01 . 2010-03-10 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01 . 2010-03-10 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:52 . 2010-02-24 00:52 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-24 00:51 . 2010-02-24 00:51 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 3262 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_13B08E6A0151F39DE3437C.exe
2010-02-20 15:59 . 2010-02-20 15:59 2238 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{AACD915A-A897-43FA-BC5B-00D06DFDCD2F}\_6FEFF9B68218417F98F549.exe
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-03-13 19:01 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 01:13 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-13 19:27 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-11 08:13 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 00:24 . 2006-12-18 05:26 -------- d-----w- c:\program files\Java
2010-03-01 10:32 . 2009-09-21 13:03 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-24 14:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-24 00:52 . 2009-06-02 14:50 38784 ----a-w- c:\users\test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 17:38 . 2009-06-19 04:24 389784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-05 17:38 . 2009-06-19 04:23 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-05 17:38 . 2009-06-19 04:23 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-02 02:26 . 2010-02-02 02:26 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb64AB.tmp.exe
2010-01-30 22:43 . 2010-01-30 22:43 509552 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5E1D.tmp.exe
2010-01-27 17:40 . 2009-06-19 04:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-27 17:40 . 2009-06-01 13:40 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 17:40 . 2009-06-19 04:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-27 17:40 . 2009-06-19 04:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-27 17:40 . 2009-11-07 23:38 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-27 17:40 . 2009-06-01 13:38 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-01-27 17:40 . 2009-06-19 04:24 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-27 17:40 . 2009-06-19 04:24 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-27 17:39 . 2009-06-01 13:28 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-01-27 17:39 . 2009-06-01 13:28 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-01-27 17:39 . 2009-06-19 04:24 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-27 17:39 . 2009-06-19 04:23 816784 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-27 17:39 . 2009-06-19 04:23 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-27 17:39 . 2009-06-19 04:23 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-13 20:00 . 2009-02-23 03:59 -------- d-----w- c:\program files\TurboTax
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-29 17:17 . 2009-12-29 17:17 25214 ----a-r- c:\users\test\AppData\Roaming\Microsoft\Installer\{E296E0ED-038F-4A5A-9513-642F2FA17A59}\ARPPRODUCTICON.exe
2009-12-29 17:14 . 2009-12-29 17:10 32262536 ----a-w- c:\users\test\AppData\Roaming\Smith Micro\Updates\VZAM_7.2.1_2420b_Pantech_UM150.exe
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-09_02.15.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-29 04:19 . 2010-03-09 03:51 33182 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-03-14 00:55 36312 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-30 14:13 . 2010-03-14 00:55 10372 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2613721486-2466184251-1953233058-1000_UserData.bin
+ 2009-10-28 17:36 . 2010-03-14 00:53 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-28 17:36 . 2010-03-08 23:09 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-28 17:36 . 2010-03-14 00:53 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 17:36 . 2010-03-08 23:09 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-03-14 00:53 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-03-08 23:09 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2010-03-13 03:24 78752 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-28 22:13 . 2010-03-09 02:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-28 22:13 . 2010-03-14 01:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-19 04:29 . 2010-02-21 12:54 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 35088 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 18704 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 20240 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.20655_none_0ca29ea86ca54783\AcRes.dll
+ 2009-07-13 23:26 . 2009-07-14 01:03 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.1.7600.16539_none_0c32a2dd5373d533\AcRes.dll
+ 2010-03-09 03:46 . 2010-03-09 03:46 3584 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4F5248D4-2B2E-11DF-A8BE-001B245685E9}.dat
+ 2010-03-09 03:46 . 2010-03-09 03:46 4096 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F5248D5-2B2E-11DF-A8BE-001B245685E9}.dat
- 2010-03-06 16:55 . 2010-03-08 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-03-13 12:05 . 2010-03-14 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-03-06 16:55 . 2010-03-08 23:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-13 12:05 . 2010-03-14 00:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20655_none_0ca69fd06ca1acdf\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.20655_none_0ca69fd06ca1acdf\AcLayers.dll
+ 2009-07-13 23:26 . 2009-07-14 01:14 211968 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16539_none_0c36a40553703a8f\AcXtrnal.dll
+ 2009-07-13 23:27 . 2009-07-14 01:14 559616 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.1.7600.16539_none_0c36a40553703a8f\AcLayers.dll
+ 2009-10-28 20:02 . 2010-03-11 19:06 291656 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:05 . 2010-03-08 23:17 617036 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-03-14 01:00 617036 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-03-14 01:00 104418 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2010-03-08 23:17 104418 c:\windows\System32\perfc009.dat
- 2009-12-01 22:15 . 2009-10-11 11:17 149280 c:\windows\System32\javaws.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 149280 c:\windows\System32\javaws.exe
- 2009-12-01 22:15 . 2009-10-11 11:17 145184 c:\windows\System32\javaw.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 145184 c:\windows\System32\javaw.exe
+ 2010-03-11 00:23 . 2009-10-11 11:17 145184 c:\windows\System32\java.exe
- 2009-12-01 22:15 . 2009-10-11 11:17 145184 c:\windows\System32\java.exe
+ 2010-03-10 23:15 . 2010-03-10 23:15 295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 239376 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\pj11icon.exe
- 2010-02-19 04:29 . 2010-02-21 12:54 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
+ 2010-02-19 04:29 . 2010-03-11 08:13 217864 c:\windows\Installer\{91120000-003B-0000-0000-0000000FF1CE}\misc.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
+ 2006-12-18 04:53 . 2010-03-11 08:12 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-04-10 14:20 . 2008-04-10 14:20 638976 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0\AdobeLinguistic.dll
+ 2010-03-13 12:07 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-13-2010\ERDNT.EXE
+ 2010-03-13 03:14 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-12-2010\ERDNT.EXE
+ 2010-03-11 10:16 . 2005-10-20 19:02 163328 c:\windows\ERDNT\AutoBackup\3-11-2010\ERDNT.EXE
- 2009-07-14 02:03 . 2010-03-08 23:31 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:03 . 2010-03-13 14:12 6815744 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 04:34 . 2010-02-24 10:28 3843942 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-03-11 08:39 . 2010-03-11 08:39 3843942 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-02-04 22:24 . 2010-02-04 22:24 9122304 c:\windows\Installer\b3336c1.msp
+ 2010-02-21 06:00 . 2010-02-21 06:00 8480768 c:\windows\Installer\b333667.msp
+ 2010-02-24 10:16 . 2010-02-24 10:16 5527040 c:\windows\Installer\9515f9e.msp
+ 2006-12-18 04:53 . 2010-03-11 08:12 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
- 2006-12-18 04:53 . 2010-02-05 18:03 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-10-28 03:34 . 2009-10-28 03:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2010-03-13 12:07 . 2010-03-13 12:07 4653056 c:\windows\ERDNT\AutoBackup\3-13-2010\Users\00000002\UsrClass.dat
+ 2010-03-13 12:07 . 2010-03-13 12:07 4562944 c:\windows\ERDNT\AutoBackup\3-13-2010\Users\00000001\NTUSER.DAT
+ 2010-03-13 03:14 . 2010-03-13 03:14 4653056 c:\windows\ERDNT\AutoBackup\3-12-2010\Users\00000002\UsrClass.dat
+ 2010-03-13 03:14 . 2010-03-13 03:14 4562944 c:\windows\ERDNT\AutoBackup\3-12-2010\Users\00000001\NTUSER.DAT
+ 2010-03-11 10:16 . 2010-03-11 10:16 4653056 c:\windows\ERDNT\AutoBackup\3-11-2010\Users\00000002\UsrClass.dat
+ 2010-03-11 10:16 . 2010-03-11 10:16 4562944 c:\windows\ERDNT\AutoBackup\3-11-2010\Users\00000001\NTUSER.DAT
+ 2009-07-14 07:18 . 2010-03-10 10:28 63061549 c:\windows\winsxs\ManifestCache\e4e8be02b8fae2a7_blobs.bin
+ 2009-11-11 14:35 . 2010-03-02 05:30 31648712 c:\windows\System32\MRT.exe
+ 2009-11-21 04:46 . 2009-11-21 04:46 11524608 c:\windows\Installer\b3336d4.msp
+ 2010-03-10 23:14 . 2010-03-10 23:14 20672000 c:\windows\Installer\9516051.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-03-13 20:26:45
ComboFix-quarantined-files.txt 2010-03-14 01:26
ComboFix2.txt 2010-03-13 12:53
ComboFix3.txt 2010-03-09 02:20

Pre-Run: 95,168,356,352 bytes free
Post-Run: 95,117,672,448 bytes free

- - End Of File - - C0355E651C54379380B76E04A27CB21E
 
Hi,

Please try to run ComboFix with that script in safe mode.
 
ComboFix 10-03-14.03 - test 03/14/2010 16:55:55.9.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2038.1488 [GMT -4:00]
Running from: c:\users\test\Desktop\Security Issues 03.2010\ComboFix.exe
Command switches used :: c:\users\test\Desktop\Security Issues 03.2010\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 21:03 . 2010-03-14 21:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 21:03 . 2010-03-14 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 20:54 . 2010-03-14 20:54 -------- d-----w- C:\32788R22FWJFW
2010-03-11 03:18 . 2010-03-12 12:38 -------- d-----w- c:\users\test\AppData\Local\Adobe
2010-03-10 01:02 . 2010-03-10 01:02 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-10 01:01 . 2010-03-10 01:01 -------- d-----w- c:\programdata\Malwarebytes
2010-03-10 01:01 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 01:01 . 2010-03-10 01:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-07 14:02 . 2010-03-07 14:02 -------- d-----w- c:\program files\IKEA HomePlanner
2010-03-06 22:41 . 2010-03-06 22:41 -------- d-----w- C:\7ffedab50166b21aa56df2d5d6f345fc
2010-03-06 12:33 . 2010-03-06 12:33 -------- d-----w- c:\programdata\WinZip
2010-03-05 04:10 . 2010-03-07 14:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-02 08:11 . 2010-03-02 08:11 -------- d-----w- c:\windows\Sun
2010-03-01 01:28 . 2010-03-01 01:28 -------- d-----w- c:\users\test\.jmf
2010-03-01 01:27 . 2010-03-01 01:30 -------- d-----w- c:\users\test\Spark
2010-03-01 01:27 . 2010-03-01 01:27 -------- d-----w- c:\program files\Spark
2010-02-24 19:12 . 2010-02-24 19:12 -------- d-----w- c:\program files\ERUNT
2010-02-24 14:29 . 2010-02-24 14:29 -------- d-----w- c:\users\test\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-24 06:49 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 06:49 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-24 06:49 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-24 06:48 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 00:51 . 2010-02-24 13:19 -------- d-----w- c:\programdata\NOS
2010-02-20 17:48 . 2010-02-23 04:36 -------- d-----w- c:\program files\Windows Live Safety Center
2010-02-20 15:59 . 2010-02-20 15:59 -------- d-----w- c:\program files\Microsoft Office SharePoint Server 2007 Training (Standalone Edition)
2010-02-20 14:29 . 2010-03-13 19:01 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-16 20:23 . 2010-02-19 04:34 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 19:53 . 2009-12-18 20:07 -------- d-----w- c:\programdata\Webroot
2010-03-14 17:32 . 2009-03-18 06:30 -------- d-----w- c:\users\test\AppData\Roaming\Skype
2010-03-11 08:13 . 2006-12-18 04:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 00:24 . 2006-12-18 05:26 -------- d-----w- c:\program files\Java
2010-02-24 13:16 . 2009-10-03 13:11 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 00:55 . 2006-12-18 04:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-24 00:52 . 2009-06-02 14:56 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-11 15:04 . 2010-02-11 15:04 -------- d-----w- c:\programdata\McAfee
2010-02-11 14:42 . 2009-02-15 05:31 -------- d-----w- c:\program files\Google
2010-02-05 18:17 . 2009-10-28 18:34 106648 ----a-w- c:\users\test\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-27 17:40 . 2009-04-13 14:34 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 00:14 . 2009-06-23 01:48 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 23:29 . 2010-02-10 00:03 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 00:03 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 00:03 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 00:03 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 00:03 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 00:03 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18 . 2010-02-10 00:03 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 00:03 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-19 09:02 . 2010-01-22 00:19 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-10 00:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-10 00:03 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-10 00:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-10 00:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-10 00:03 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-10 00:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-10 00:03 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 20:10 . 2009-12-18 20:10 4991352 ----a-w- c:\program files\Common Files\wruninstall.exe
2009-12-18 20:10 . 2009-12-18 20:10 712072 ----a-w- c:\program files\Common Files\GenericSB.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2009-12-10 21:26 145648 ----a-w- c:\program files\Webroot\Security\Current\plugins\sync\WebRootShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-06 39408]
"Spark"="c:\program files\Spark\Spark.exe" [2007-11-14 434176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF27041.cfxxe" [X]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-08-10 27184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2009-12-10 1034616]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-12 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-12 150552]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-27 198160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF27041.cfxxe" [X]
"GrpConv"="grpconv -o" [X]

c:\users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2009-11-03 55056]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2009-11-03 160912]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2009-11-03 160912]
R3 PTDMWFLT;PTDMWWAN Filter Driver;c:\windows\system32\DRIVERS\PTDMWFLT.sys [2009-11-03 13456]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2009-11-03 118800]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-05-25 32408]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-09-23 64288]
S1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [2009-12-10 102224]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-26 189736]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-05 1181328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-27 1153368]
S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2009-12-03 39400]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2009-12-10 2397536]
S3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 17408]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:38]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:27]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: 351494E44514C435F5055524C49434 = 207.70.1.8,198.60.204.8
TCP: 3696E616 = 207.70.1.8,198.60.204.8
TCP: 6427564602D4569756270275966496 = 207.70.1.8,198.60.204.8
TCP: 8497164747 = 207.70.1.8,198.60.204.8
TCP: E45445745414250205F435 = 207.70.1.8,198.60.204.8
DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5052)
c:\program files\Webroot\Security\Current\plugins\antispam\Hooks32.dll
c:\program files\Webroot\Security\current\plugins\sync\WebRootShellExt.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
c:\program files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Webroot\Security\current\plugins\antimalware\SSU.EXE
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Completion time: 2010-03-14 17:18:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 21:18
ComboFix2.txt 2010-03-14 17:58
ComboFix3.txt 2010-03-14 01:26
ComboFix4.txt 2010-03-13 12:53
ComboFix5.txt 2010-03-14 19:23

Pre-Run: 95,016,308,736 bytes free
Post-Run: 94,976,409,600 bytes free

- - End Of File - - E9E014AE7CAA2EC226ED9D63B645B5D5
 
Hi,

Let's try with HijackThis. Make sure all your protection software is disabled.

Right-click Hijackthis icon and select 'run as administrator', do a system scan only, checkmark:
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB770838-CCE1-4690-B7C7-6B3D3E025775}: NameServer = 207.70.1.8,198.60.204.8

Close browser windows and fix checked.

Reboot and post a fresh hjt log.
 
Hi,
When I ran Hijackthis, the line number 017 didn't appear in the scan results. Here is the scan log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:40 PM, on 3/15/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\snuvcdsm.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Users\test\Desktop\Security Issues 03.2010\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Webroot Browser Helper Object - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O2 - BHO: WRCommonBHO - {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\Program Files\Webroot\Security\current\products\WISC\LPBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [snp2uvc] "C:\Windows\vsnp2uvc.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [PLFSetL] "C:\Windows\PLFSetL.exe"
O4 - HKLM\..\Run: [SNUVCDSM] "C:\Windows\snuvcdsm.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] "grpconv" -o
O4 - HKCU\..\Run: [ehTray.exe] "C:\Windows\ehome\ehTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spark] "C:\Program Files\Spark\Spark.exe"
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photogize.com/bponet/ImageUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} (Image Uploader Control) - http://www.ritzpix.com/net/Uploader/LPUploader57.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13118 bytes
 
Hi, sorry it took so long. The redirect issue seems to be gone for now. I still have the three programs that are trying to access my computer. I.NUSEEK.COM, JS.USERS.51.LA & AD.OUTERINFOADS.COM
 
Hi,

I think it's possibly your hosts file conflicting with Webroot. Let's reset the file and see if it helps.

Download the HostsXpert.

* Unzip HostsXpert to a convenient folder such as C:\HostsXpert
* Right click HostsXpert.exe and select 'run as administrator' to Run HostsXpert from its new home
* Click
Make Hosts Writable?
in the upper right corner (If available).
* Click Restore Microsoft's Hosts file and then click OK.
* Click the X to exit the program.
* Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
 
Hi,

Archive c:\windows\system32\drivers\etc\HOSTS file into a zip file and attach it to your post, please.
 
Looks ok. When Webroot makes alert about those three items you mentioned does it happen while surfing some specific sites? Could you provide a screenshot of one of those alerts?
 
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
Last edited by a moderator:
You must log in or register to reply here.
Back
Top