Alright, thanks for re-opening, here is the combofix log first:
ComboFix 08-04-14.2 - Your dead face 2008-04-15 3:23:35.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.541 [GMT -4:00]
Running from: C:\Documents and Settings\Your dead face\My Documents\halp\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Starware316
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\starware_toolbar_icon.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\_000218_.tmp.dll
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\asks~1\?asks\
C:\WINDOWS\system32\asks~1\winword.exe
C:\WINDOWS\system32\WinAvXX.exe
C:\WINDOWS\system32\wsnpoem
C:\WINDOWS\system32\wsnpoem\video.dll
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://80.93.59.108
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-12 20:13 . 2008-04-12 20:13 7,680 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-12 15:40 . 2008-04-12 15:40 <DIR> d-------- C:\WINDOWS\system32\quar
2008-04-11 22:25 . 2008-04-11 22:25 <DIR> d-------- C:\Documents and Settings\Your dead face\Application Data\Motive
2008-04-10 20:27 . 2008-04-10 20:27 <DIR> d-------- C:\Program Files\APC
2008-04-10 20:27 . 2004-08-10 15:35 4,142,592 --a------ C:\WINDOWS\system32\qtintf.dll
2008-04-10 20:21 . 2001-08-17 13:58 19,200 --a------ C:\WINDOWS\system32\drivers\hidbatt.sys
2008-04-10 20:21 . 2001-08-17 13:58 19,200 --a--c--- C:\WINDOWS\system32\dllcache\hidbatt.sys
2008-04-10 20:21 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-04-10 20:21 . 2001-08-17 13:57 14,080 --a--c--- C:\WINDOWS\system32\dllcache\battc.sys
2008-04-10 20:21 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-04-10 20:21 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-04-10 20:21 . 2001-08-17 13:58 9,344 --a------ C:\WINDOWS\system32\drivers\compbatt.sys
2008-04-10 20:21 . 2001-08-17 13:58 9,344 --a--c--- C:\WINDOWS\system32\dllcache\compbatt.sys
2008-04-07 00:53 . 2008-04-07 00:53 <DIR> d-------- C:\Program Files\Macromedia
2008-04-05 14:35 . 2008-04-05 14:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Grisoft
2008-04-01 02:43 . 2008-04-01 02:43 <DIR> d-------- C:\Documents and Settings\Chokolate\Contacts
2008-04-01 02:42 . 2008-04-01 02:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-01 02:41 . 2008-04-01 13:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-30 16:41 . 2008-03-30 16:41 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-03-29 18:09 . 2008-04-12 10:50 2,274 ---hs---- C:\WINDOWS\system32\prlandxf.ini
2008-03-26 21:49 . 2008-03-26 21:49 <DIR> d-------- C:\Documents and Settings\Your dead face\Application Data\acccore
2008-03-26 05:08 . 2008-03-26 05:08 <DIR> d-------- C:\Documents and Settings\Chokolate\Application Data\Grisoft
2008-03-25 20:45 . 1999-04-28 02:01 659,456 --a------ C:\WINDOWS\system32\ipeistor12.dll
2008-03-25 20:45 . 1999-04-28 02:01 331,776 --a------ C:\WINDOWS\system32\ipebase12.dll
2008-03-25 20:45 . 1999-06-21 03:03 106,496 --a------ C:\WINDOWS\system32\hpsjvset.dll
2008-03-25 20:45 . 1999-06-08 07:08 81,920 --a------ C:\WINDOWS\system32\Hp3300t.dll
2008-03-25 20:45 . 1999-04-28 02:02 77,824 --a------ C:\WINDOWS\system32\ipeapi12.dll
2008-03-25 20:45 . 1999-06-21 04:31 57,344 --a------ C:\WINDOWS\system32\Hp3300u.dll
2008-03-25 20:45 . 1999-06-21 06:00 36,864 --a------ C:\WINDOWS\system32\hpsjrreg.exe
2008-03-25 20:45 . 1999-06-21 05:12 32,768 --a------ C:\WINDOWS\system32\reg32.dll
2008-03-25 20:45 . 1998-06-11 21:08 32,768 --a------ C:\WINDOWS\system32\lfgif70n.dll
2008-03-25 20:45 . 2008-03-25 20:48 1,080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-03-24 06:47 . 2008-03-24 06:47 <DIR> d-------- C:\Documents and Settings\Your dead face\Application Data\Grisoft
2008-03-24 06:47 . 2008-03-24 06:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-24 06:47 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-24 05:16 . 2008-03-24 05:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-24 05:03 . 2008-04-10 20:21 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 07:32 --------- d-----w C:\Documents and Settings\Your dead face\Application Data\StarOffice8
2008-04-14 03:28 --------- d-----w C:\Documents and Settings\Chokolate\Application Data\IMVU
2008-04-14 00:57 --------- d-----w C:\Documents and Settings\Chokolate\Application Data\StarOffice8
2008-04-12 03:42 --------- d-----w C:\Program Files\LimeWire
2008-04-11 00:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-06 23:17 --------- d-----w C:\Program Files\Angels Online
2008-04-06 00:04 --------- d-----w C:\Documents and Settings\Chokolate\Application Data\gtk-2.0
2008-04-05 18:35 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\StarOffice8
2008-04-01 02:05 --------- d-----w C:\Documents and Settings\Your dead face\Application Data\LimeWire
2008-03-25 16:33 --------- d-----w C:\Program Files\Microsoft Works
2008-03-24 14:18 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-24 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 21:23 --------- d-----w C:\Program Files\Common Files\Vbox
2008-03-06 06:36 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 06:08 --------- d-----w C:\Program Files\bfgclient
2008-03-06 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-03-03 01:01 --------- d-----w C:\Program Files\Electronic Piano 2.5
2008-02-24 10:32 --------- d-----w C:\Program Files\Giganology
2007-11-12 02:54 19,622,649 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-11-06 23:10 494,592 ----a-w C:\WINDOWS\Internet Logs\xDB4C.tmp
2007-11-02 01:17 425,984 ----a-w C:\WINDOWS\Internet Logs\xDB4B.tmp
2007-10-29 02:08 2,003,456 ----a-w C:\WINDOWS\Internet Logs\xDB4A.tmp
2007-10-26 20:08 41,973 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_17_47_11_small.dmp.zip
2007-10-26 20:08 41,453 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_17_43_39_small.dmp.zip
2007-10-26 20:08 39,430 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_17_46_39_small.dmp.zip
2007-10-26 20:08 39,197 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_18_54_25_small.dmp.zip
2007-10-26 20:08 38,674 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_17_43_37_small.dmp.zip
2007-10-26 20:08 36,569 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_10_25_18_53_48_small.dmp.zip
2007-10-25 21:43 287,744 ----a-w C:\WINDOWS\Internet Logs\xDB49.tmp
2007-10-21 20:35 504,832 ----a-w C:\WINDOWS\Internet Logs\xDB47.tmp
2007-10-21 20:35 1,944,576 ----a-w C:\WINDOWS\Internet Logs\xDB48.tmp
2007-10-15 01:45 420,864 ----a-w C:\WINDOWS\Internet Logs\xDB46.tmp
2007-10-10 11:00 2,836,480 ----a-w C:\WINDOWS\Internet Logs\xDB44.tmp
2007-10-10 11:00 1,995,264 ----a-w C:\WINDOWS\Internet Logs\xDB43.tmp
2007-10-10 10:58 2,836,480 ----a-w C:\WINDOWS\Internet Logs\xDB45.tmp
2007-10-06 05:36 2,758,144 ----a-w C:\WINDOWS\Internet Logs\xDB42.tmp
2007-10-02 22:14 2,724,352 ----a-w C:\WINDOWS\Internet Logs\xDB41.tmp
2007-09-18 19:21 2,505,216 ----a-w C:\WINDOWS\Internet Logs\xDB40.tmp
2007-09-12 10:19 2,460,160 ----a-w C:\WINDOWS\Internet Logs\xDB3F.tmp
2007-09-12 01:39 2,433,024 ----a-w C:\WINDOWS\Internet Logs\xDB3E.tmp
2007-09-11 22:16 2,432,000 ----a-w C:\WINDOWS\Internet Logs\xDB3D.tmp
2007-09-08 14:32 2,394,112 ----a-w C:\WINDOWS\Internet Logs\xDB3C.tmp
2007-09-08 14:32 139,264 ----a-w C:\WINDOWS\Internet Logs\xDB3B.tmp
2007-09-07 02:49 2,383,360 ----a-w C:\WINDOWS\Internet Logs\xDB3A.tmp
2007-09-07 02:49 1,634,816 ----a-w C:\WINDOWS\Internet Logs\xDB39.tmp
2007-08-22 00:10 5,459,968 ----a-w C:\WINDOWS\Internet Logs\xDB38.tmp
2007-08-22 00:10 40,960 ----a-w C:\WINDOWS\Internet Logs\xDB37.tmp
2007-08-22 00:08 586,752 ----a-w C:\WINDOWS\Internet Logs\xDB36.tmp
2007-08-20 19:32 5,450,752 ----a-w C:\WINDOWS\Internet Logs\xDB35.tmp
2007-08-20 19:32 2,846,720 ----a-w C:\WINDOWS\Internet Logs\xDB34.tmp
2007-07-26 06:46 5,090,304 ----a-w C:\WINDOWS\Internet Logs\xDB33.tmp
2007-07-18 01:09 4,895,744 ----a-w C:\WINDOWS\Internet Logs\xDB32.tmp
2007-06-20 08:23 1,395,200 ----a-w C:\WINDOWS\Internet Logs\xDB31.tmp
2007-06-02 08:29 3,172,864 ----a-w C:\WINDOWS\Internet Logs\xDB30.tmp
2007-05-30 00:45 110 ----a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
2007-05-19 18:54 2,073,600 ----a-w C:\WINDOWS\Internet Logs\xDB2F.tmp
2007-05-15 11:28 137,216 ----a-w C:\WINDOWS\Internet Logs\xDB2E.tmp
2007-05-15 04:22 422,912 ----a-w C:\WINDOWS\Internet Logs\xDB2D.tmp
2007-05-15 01:39 1,335,296 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2007-05-14 03:47 3,033,088 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2007-05-12 08:27 2,976,768 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2007-05-12 08:27 2,737,152 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2007-04-28 05:05 2,875,904 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2007-04-22 03:15 2,655,232 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2007-04-14 10:01 2,931,712 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2007-04-14 10:01 2,673,664 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2007-04-05 01:02 2,553,856 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2007-04-01 04:57 2,376,192 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2007-03-27 21:02 2,269,184 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2007-03-25 18:03 83,456 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2007-03-25 18:03 1,824,256 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2007-03-25 09:14 1,821,184 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-03-25 06:45 1,620,480 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-03-25 00:48 335,872 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-03-23 02:05 306,176 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-03-23 02:05 1,793,024 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-03-21 04:10 861,696 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-03-21 01:37 1,763,328 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-03-20 03:36 536,064 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-03-19 03:10 1,604,608 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-03-19 00:17 1,742,848 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-03-18 11:58 1,726,464 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-03-18 00:02 116,224 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-03-18 00:02 1,722,880 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-03-17 21:31 691,200 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-03-17 04:01 1,684,992 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-03-15 19:41 302,080 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-03-15 19:41 1,597,440 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-03-15 02:22 3,177,472 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-03-15 02:22 252,928 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-03-15 02:21 3,177,472 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-03-13 22:21 9,216 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-03-13 22:20 2,769,408 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-03-02 08:44 2,998,784 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-03-02 08:44 2,900,480 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-02-26 03:07 2,872,320 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-02-12 23:19 47,182 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_12_17_55_11_small.dmp.zip
2007-02-12 23:19 23,360,225 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_02_12_17_55_13_full.dmp.zip
2007-02-12 22:51 9,216 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-02-12 22:51 2,891,776 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B905ED8-C7BC-4F3B-8254-C6A5F3C76AA9}]
C:\WINDOWS\system32\jkkji.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 21:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 23:13 98304]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 23:44 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 23:44 8429568]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 23:02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-15 15:45 1115728]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38 241664]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 11:46 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-11 23:23 180269]
C:\Documents and Settings\Mom.BISCHOFFS\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\THUMB BLUBBER\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\Chokolate\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\Dad\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\Your dead face\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2006-01-25 19:42:42 122880]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-21 03:10:44 113664]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2008-04-10 20:27:01 221247]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnklm]
opnnklm.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
.
Contents of the 'Scheduled Tasks' folder
"2008-04-15 07:32:29 C:\WINDOWS\Tasks\SUPERAntiSpyware Free Edition.job"
- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"2008-04-15 07:35:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{C557B77A-B085-49F7-8B03-058A84D1567E}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-15 03:32:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.bin
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
.
**************************************************************************
.
Completion time: 2008-04-15 3:39:21 - machine was rebooted [Your dead face]
ComboFix-quarantined-files.txt 2008-04-15 07:39:18
Pre-Run: 10,767,736,832 bytes free
Post-Run: 10,701,008,896 bytes free
And secondly, here is the new hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:19 AM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.exe
C:\Program Files\Sun\StarOffice 8\program\soffice.BIN
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Your dead face\My Documents\halp\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: (no name) - {2B905ED8-C7BC-4F3B-8254-C6A5F3C76AA9} - C:\WINDOWS\system32\jkkji.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: StarOffice 8.lnk = C:\Program Files\Sun\StarOffice 8\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Chokolate\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1195153791596O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnnklm - opnnklm.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5869 bytes
I may take three days to reply.