ComboFix 10-04-28.01 - Compaq_Owner 04/28/2010  13:49:16.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.958.396 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100428-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll

.
(((((((((((((((((((((((((   Files Created from 2010-03-28 to 2010-04-28  )))))))))))))))))))))))))))))))
.

2010-04-17 14:10 . 2010-04-17 14:10	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-17 03:31 . 2010-04-17 03:30	389120	----a-w-	c:\windows\system32\CF3735.exe
2010-03-30 18:27 . 2010-03-30 18:27	--------	d-----w-	c:\program files\Common Files\Java

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 22:50 . 2010-04-25 22:50	8704	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Thinstall\CSDATA\300000003400002i\dwwin.exe
2010-04-17 14:10 . 2006-06-19 14:18	--------	d-----w-	c:\program files\Java
2010-04-17 13:48 . 2010-04-17 13:48	79488	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-04-17 13:48 . 2010-04-17 13:48	152576	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-04-14 08:07 . 2010-01-17 18:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-11 00:51 . 2009-05-29 16:11	--------	d-----w-	c:\program files\FriendBlasterPro
2010-03-30 18:27 . 2010-03-30 18:27	503808	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59797832-n\msvcp71.dll
2010-03-30 18:27 . 2010-03-30 18:27	499712	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59797832-n\jmc.dll
2010-03-30 18:27 . 2010-03-30 18:27	348160	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-59797832-n\msvcr71.dll
2010-03-30 18:27 . 2010-03-30 18:27	61440	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c544267-n\decora-sse.dll
2010-03-30 18:27 . 2010-03-30 18:27	12800	----a-w-	c:\documents and settings\Compaq_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2c544267-n\decora-d3d.dll
2010-03-17 12:22 . 2010-02-07 13:46	--------	d-----w-	c:\program files\TI Education
2010-03-10 06:15 . 2004-08-04 11:00	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-03-04 21:55 . 2006-06-19 15:07	--------	d-----w-	c:\program files\Google
2010-02-25 06:24 . 2004-08-04 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-04 11:00	455680	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:10 . 2004-08-04 11:00	2189952	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 11:00	2066816	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-04 11:00	100864	----a-w-	c:\windows\system32\6to4svc.dll
2010-02-12 00:08 . 2009-05-28 23:21	82712	----a-w-	c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-11 17:03 . 2009-06-06 18:08	171552	----a-w-	c:\windows\system32\guard32.dll
2010-02-11 17:03 . 2009-06-06 18:08	134344	----a-w-	c:\windows\system32\drivers\cmdguard.sys
2010-02-11 12:02 . 2004-08-04 11:00	226880	----a-w-	c:\windows\system32\drivers\tcpip6.sys
2010-01-28 22:56 . 2009-06-06 18:08	87104	----a-w-	c:\windows\system32\drivers\inspect.sys
2010-01-28 22:56 . 2009-06-06 18:08	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-29 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-28 1800464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-21 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-6-19 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/6/2009 11:14 AM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/6/2009 1:08 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/6/2009 1:08 PM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2009 11:14 AM 20560]
S2 gupdate1c9e9d654dcffd4;Google Update Service (gupdate1c9e9d654dcffd4);c:\program files\Google\Update\GoogleUpdate.exe [6/10/2009 9:18 AM 133104]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/3/2009 5:49 PM 40160]
.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 14:18]

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 14:18]

2010-04-28 c:\windows\Tasks\User_Feed_Synchronization-{16A277BB-F55B-419A-AC32-F60EB41211A8}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3kq2lt8.default\
FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google)
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.4.9&src=ab&aid=PW%2B7a1a5fu00GO&q=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.5.1\Plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 14:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
.
**************************************************************************
.
Completion time: 2010-04-28  14:13:21 - machine was rebooted
ComboFix-quarantined-files.txt  2010-04-28 19:13
ComboFix2.txt  2010-04-17 03:54

Pre-Run: 74,642,690,048 bytes free
Post-Run: 74,766,544,896 bytes free

- - End Of File - - A4B575AA87B79E4039F85F1FB6C7788D