OK, finally got things done...here are the logs...Combo first then HiJack...
ComboFix:
ComboFix 08-09-01.03 - owner 2008-09-03 8:10:57.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1323 [GMT -4:00]
Running from: C:\Users\owner\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8TXAG8RQ\bin.clearspring.com
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8TXAG8RQ\bin.clearspring.com\clearspring.sol
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8TXAG8RQ\bin.clearspring.com\ws\wan\wanLib.swf\478548f4bc55e3db.sol
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8TXAG8RQ\interclick.com
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\#SharedObjects\8TXAG8RQ\interclick.com\ud.sol
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Users\owner\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][2].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.
2008-09-02 00:29 . 2008-08-29 04:05 <DIR> d-------- C:\SDFix
2008-08-31 23:48 . 2008-08-31 23:48 <DIR> d-------- C:\Program Files\Panda Security
2008-08-31 23:48 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-30 03:54 . 2008-09-02 12:08 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-29 22:44 . 2008-09-02 18:38 <DIR> d-------- C:\Windows\System32\drivers\Avg
2008-08-29 22:44 . 2008-08-29 22:44 <DIR> d-------- C:\Users\All Users\avg8
2008-08-29 22:44 . 2008-08-29 22:44 <DIR> d-------- C:\ProgramData\avg8
2008-08-29 22:44 . 2008-08-29 22:44 <DIR> d-------- C:\Program Files\AVG
2008-08-29 22:44 . 2008-08-29 22:44 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys
2008-08-29 22:44 . 2008-08-29 22:44 69,128 --a------ C:\Windows\System32\drivers\avgwfpx.sys
2008-08-29 22:44 . 2008-08-29 22:44 12,936 --a------ C:\Windows\System32\drivers\avgrkx86.sys
2008-08-29 22:44 . 2008-08-29 22:44 10,520 --a------ C:\Windows\System32\avgrsstx.dll
2008-08-29 22:21 . 2008-08-29 22:21 <DIR> d-------- C:\escwsa
2008-08-29 20:17 . 2008-08-29 20:17 <DIR> d-------- C:\Program Files\Sophos
2008-08-26 21:35 . 2008-08-26 21:35 <DIR> d-------- C:\Program Files\Sun
2008-08-26 21:26 . 2008-08-26 21:29 <DIR> d-------- C:\Users\owner\.SunDownloadManager
2008-08-21 16:50 . 2008-08-21 16:50 <DIR> d-------- C:\Users\owner\AppData\Roaming\Malwarebytes
2008-08-21 16:50 . 2008-08-21 16:50 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-21 16:50 . 2008-08-21 16:50 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-21 16:50 . 2008-08-21 16:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-21 16:50 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-21 16:50 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-20 00:34 . 2008-08-20 00:34 <DIR> d-------- C:\Users\owner\AppData\Roaming\Snapfish
2008-08-19 17:51 . 2008-08-19 17:50 838,094 --a------ C:\Windows\System32\oem47.inf
2008-08-19 08:19 . 2008-08-19 08:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-19 08:09 . 2008-08-19 08:18 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-08-19 08:09 . 2008-08-19 08:18 <DIR> d-------- C:\ProgramData\Lavasoft
2008-08-19 08:09 . 2008-08-19 08:09 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-19 08:07 . 2008-08-19 08:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 18:10 . 2008-08-31 23:47 <DIR> d-------- C:\Users\owner\.housecall6.6
2008-08-18 16:14 . 2008-08-18 17:04 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-18 16:14 . 2008-08-18 17:04 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-18 14:36 . 2008-08-18 14:53 <DIR> d-------- C:\Program Files\PCPitstop
2008-08-16 21:53 . 2008-08-18 01:16 <DIR> d--h----- C:\MRI_PE_TEMP
2008-08-16 17:58 . 2008-08-16 17:58 <DIR> d-------- C:\Users\All Users\Geek Squad
2008-08-16 17:58 . 2008-08-16 17:58 <DIR> d-------- C:\ProgramData\Geek Squad
2008-08-15 09:37 . 2008-08-15 09:37 <DIR> d-------- C:\Users\owner\AppData\Roaming\Webroot
2008-08-14 16:27 . 2008-08-14 16:27 <DIR> d-------- C:\Program Files\Western Digital
2008-08-14 16:26 . 2008-08-14 16:26 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-08-13 20:08 . 2008-06-18 23:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 20:08 . 2008-04-18 01:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 20:06 . 2008-06-26 21:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 20:05 . 2008-06-27 00:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 20:04 . 2008-04-10 01:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-13 19:59 . 2008-07-15 21:32 2,048 --a------ C:\Windows\System32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 10:17 25,183 ----a-w C:\Users\owner\AppData\Roaming\nvModes.dat
2008-08-31 02:43 164 ----a-w C:\install.dat
2008-08-29 17:43 --------- d---a-w C:\ProgramData\TEMP
2008-08-27 01:35 --------- d-----w C:\Program Files\Java
2008-08-24 13:20 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 12:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-18 20:14 --------- d-----w C:\Program Files\spybot - search & destroy
2008-08-18 19:06 --------- d-----w C:\Program Files\Trend Micro
2008-08-14 19:43 --------- d-----w C:\Program Files\Group Publishing
2008-08-14 04:08 --------- d-----w C:\Program Files\Microsoft Works
2008-08-14 00:35 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 22:07 --------- d-----w C:\Program Files\Hewlett-Packard
2008-08-10 12:47 --------- d-----w C:\ProgramData\Roxio
2008-07-23 11:56 --------- d-----w C:\Program Files\Picasa2
2008-07-23 11:55 --------- d-----w C:\Program Files\Google
2008-07-20 11:14 --------- d-----w C:\Program Files\quicktime
2008-07-20 11:13 --------- d-----w C:\ProgramData\Apple Computer
2008-07-20 11:12 --------- d-----w C:\ProgramData\Apple
2008-07-20 11:12 --------- d-----w C:\Program Files\Apple Software Update
2008-07-07 11:13 --------- d-----w C:\Program Files\Quicken
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-01 21:00 174 --sha-w C:\Program Files\desktop.ini
2007-10-26 23:34 123,800 ----a-w C:\Users\owner\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-05-24 03:05 316 ----a-w C:\Users\owner\AppData\Roaming\wklnhst.dat
2007-01-27 01:05 32 ----a-r C:\Users\All Users\hash.dat
2007-01-27 01:05 32 ----a-r C:\ProgramData\hash.dat
2008-04-20 01:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-20 01:05 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-20 01:05 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-02-01 11:31 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 81920]
"QuickTime Task"="C:\Program Files\quicktime\QTTask.exe" [2008-05-27 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-29 1235736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-07 44128]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2007-01-08 34520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C992185-5D6E-44ED-9F98-C31F9BF9852D}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{3ACC661B-F789-435F-8A7A-E0101CA25F46}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2DEFE7A0-6549-47D4-BA8D-915D57553FBE}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{1582B464-3D60-4D55-9FE9-480DCB471C63}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{3C5C3E18-B552-43A4-AE87-4B028FEA98A6}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{67268AFF-8519-496C-B652-39D25DC3AF34}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{8081FFC9-15FC-44B0-882D-3CCD67033626}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C0675D90-8287-4F17-94E4-75FA05321750}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{DBE0B740-D34A-4327-94F9-01F67885643D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BDA8BCA6-AF06-4D5C-AE48-A913B8DA82D1}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2A4D1A12-55E1-443F-94AF-AE75ABF01EE6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{11D2151D-F182-4624-AB0D-82AD7CBB2DAD}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{54C2E4BA-B39D-4B29-B38D-52B47AEB3D80}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1E7CF3D2-A2E1-4ED0-93E0-13412A238271}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7E413958-46A6-49F5-84C8-14A20DF9CDF3}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DA8FD9FE-5A61-40F2-B57C-F65D902DAF3E}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{18A6D6E6-E89E-43C2-8EBF-7FDC9503E99A}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E5FCAC47-7DE1-4AF5-9E2C-867C009997B5}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{894E7B1B-4C8C-4C8A-B887-609889FC2871}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1521A18D-4FF7-45E4-9DC9-60A3A6F0EE60}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2DE9FFA5-BD6E-454C-AE84-82AE29ADF578}"= UDP:C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:TurboTax
"{7ED95E5B-A7B4-405D-B01A-394F5F1E370F}"= TCP:C:\Program Files\TurboTax\Home & Business 2006\32bit\ttax.exe:TurboTax
"{91B5AAC3-4FB3-4903-AF92-5475188FD44D}"= UDP:C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{165FC085-45DF-44FE-8E41-7C3BAD3CD42D}"= TCP:C:\Program Files\TurboTax\Home & Business 2006\32bit\updatemgr.exe:TurboTax Update Manager
"{0FFE8AEA-EBB5-4899-A8BD-D375C7B7750D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{6555B63F-00F3-4199-9CBD-B5332C47D0AE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{39312E12-5D22-4DE2-AE3B-AF267E3E614B}"= UDP:C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:TurboTax
"{12E803E7-0068-4582-9257-B3EDFC1EA314}"= TCP:C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:TurboTax
"{19169CB5-609C-402C-8A3F-C5BE01A5F026}"= UDP:C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{767DF474-2FCE-4281-AE0F-FACE24A44BE4}"= TCP:C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{52091AE2-9324-4C11-A268-DB1D614D791D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{74CDEE9B-006E-4962-AC7B-53231F5C1B94}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{E74F72BC-E1A0-4089-8E8B-EB4EE181E74C}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 AvgRkx86;avgrkx86.sys;C:\Windows\system32\Drivers\avgrkx86.sys [2008-08-29 12936]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-08-29 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-29 1220888]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R3 AvgWfpX;AVG8 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfpx.sys [2008-08-29 69128]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
S3 Flash1;Flash1;C:\SwSetup\SP38062\winphlash\Flash1.sys [2006-03-01 3456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87f9a413-6a05-11dd-885e-0016d31a65cb}]
\shell\AutoRun\command - F:\wd_windows_tools\WDSetup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.buffalostate.edu/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O16 -: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
C:\WINDOWS\Downloaded Program Files\HPeServicesLocalPrint.inf
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-03 08:15:06
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-03 8:16:26
ComboFix-quarantined-files.txt 2008-09-03 12:16:13
Pre-Run: 65,708,773,376 bytes free
Post-Run: 65,787,633,664 bytes free
220 --- E O F --- 2008-09-02 21:12:17