Hello and thank you in advance.

Our PC is notgood up. We get ALOT of explorer popups (we never use explorer). It is IMPOSSIBLE to search through google. Everything redirects to tourantolayer [dot] com. Also frequently get an antivirus pop up. Options are "Activate Antivirus System Pro" and "Stay Unprotected". Pops up countless times throughout the course of a day.

Also, frequently get a "Security Warning" error popup (also countless times).

"Application cannot be executed. The file svchost.exe is infected. Do you want to activate your antivirus software now? "yes" "no".

the .exe file in this error is always different, like it just cycles through all the programs (assuming).

Any program we try to open we will get the "Security Warning" for the .exe file. If we try a program 3 or 4 times it will finally open. Sometimes only for a second or two.

Also get an "Antivirus System Pro Alert" popup on the right from the system tray.

"Infiltration Alert"
Do you want to block this attack?
"yes" "no"

Any help is much appreciated.

Could eventually open hijackthis, but never able to save the log. The log file posted below is the one saved in the TrendMicro - Hijackthis Folder. Not sure if this is the same as the notepad file that pops up after scan. Hope this is alright.

HIJACKTHIS File:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:20:13 PM, on 7/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sysguard.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\KwinzySearch\kwinzy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=tbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: BHO - {029D18CB-8632-463c-93B7-C210AE50C722} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.2.0\PriceGongIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LowRiskFileTypes] C:\WINDOWS\sysguard.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KwinzySearch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9100 bytes

Welcome to What The Tech! My name is Adam and I will be assisting you with getting the malware off of your computer. Please observe the following points before we start:

1. If at any point you don't understand something, please let me know and I will be glad to explain or go more into depth for you.
2. Please remember, I am a volunteer and I have a personal life. I go to school full time, have a part time job, and I do sports. A lot of this takes a lot of time.
3. Please keep all of your replies in this topic/thread and do not make a new topic/thread, thanks!
4. Please stick with this, don't stop responding because the symptoms are gone, the infection could still be there. Keep replying to my posts until I give you the All Clean message.
5. If you don't reply within five days after my last instructions this topic will be closed. If you will not be able to reply within five days please tell me so the topic will not be closed.
6. Please do not run other tools to remove the malware unless I ask you to until I give you the all clean. They will just mess up my fixes and make things more complicated, not fix the problem.

Download Dr.Web CureIt to the desktop:

• Doubleclick the drweb-cureit icon to start the program.
• press start
• Allow the program to run the initial express scan
• This will scan the files currently running in memory. If something is found, click the YES button when it asks you if you want to cure it. This is only a short scan.
  Note: A pop up may appear during this phase suggesting you purchase their program - click the X at the top right corner of this pop-up to close it.
  
• Once the short scan has finished, check the Complete scan box on the left side, even if nothing was found on the initial scan.
• Then click the small green arrow button on the right under the Dr.Web Antivirus picture to start the complete scan. (This scan will take several hours)
• During this complete scan - if Dr.Web finds an infection a window will pop up requesting your attention. Select the Cure button.
  Note:(If the file cannot be cured, Dr.Web will automatically delete the file)
• Once the scan is complete, on the menu bar, click file and choose report list.
• Save the report to your desktop. The report will be called DrWeb.csv
• Note:this report will need to be renamed to Dr.Web.txt in order to post it on the forum.
• Close Dr.Web Cureit.
• Please post the Dr.Web.txt report in your next reply

Download and Run ComboFix
Please visit this page to download and run Combofix - http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Save it to your desktop.

• Double click on ComboFix.exe & follow the prompts.
• As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will see the following message if Microsoft Windows Recovery Console is not installed.
  
  
  
  With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes to continue scanning for malware.

When finished, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please include:

1. DrWeb.txt
2. ComboFix log
3. A new HijackThis log

Regards,
Adam

Thank you for your time.

When I double-click the CureIt icon i get a pop up

"ATTENTION! Hundreds of new viruses appear daily and globally spread within hours. That is why CureIt with the newest definitions to the virus bases is re-built several times on a daily basis. The current package was released 8 days ago and is already outdated."

"Download latest CureIt now?"

"Okay" "Cancel"

I should click "OKAY"?

Yes, please click OK.

when i click okay it just downloads another cureIt.exe...should I click cancel?

the green CureIt box behind it has "UPDATE" and "START"

Please update, then start it.

When i click "Start", i get a "full version FREE trial" option, this takes me to the Dr.Web antivirus download page...i should "download demo for 30 days"?

Let's just forget about that and do the ComboFix.

can not open Combofix.exe, everytime i double-click on the icon i get "Security Warning" popups...

"Application cannot be executed. The file combofix.exe is infected. Do you want to activate your antivirus software now? "yes" "no".

"Application cannot be executed. The file swreg.exe is infected. Do you want to activate your antivirus software now? "yes" "no".

"Application cannot be executed. The file n.com is infected. Do you want to activate your antivirus software now? "yes" "no".

Also of note. I had to double-click the CureIt icon 30-35 times to eventually get it to open, getting a "Security Warning" each time it didn't open.

Please boot into Safe Mode. You can do this by:

• Restart your computer.
• As the computer is starting back up, start pressing F8 until you get a menu.
• Once you get the boot menu, select Safe Mode.

Then try to run ComboFix from safe mode please.

combofix log:

ComboFix 09-07-02.03 - HP_Administrator 07/11/2009 16:42.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.284 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-06-11 to 2009-07-11 )))))))))))))))))))))))))))))))
.

2009-07-11 19:59 . 2009-07-11 19:59 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-07-11 18:40 . 2009-07-11 18:40 2 ----a-w- c:\windows\0101120101464849.dat
2009-07-10 22:38 . 2009-07-10 22:38 65536 ----a-w- c:\windows\strt_1247265486.exe
2009-07-10 00:16 . 2009-07-10 00:16 33792 ----a-w- c:\windows\strt_1247185002.exe
2009-07-09 23:46 . 2009-07-10 02:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-07-09 23:46 . 2009-07-09 23:46 -------- d-----w- c:\program files\Lavasoft
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\program files\Trend Micro
2009-07-09 02:56 . 2009-06-30 19:14 54760 ----a-w- c:\documents and settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
2009-07-09 00:57 . 2009-07-09 00:57 1 ---h--w- c:\windows\bf23567.dat
2009-07-09 00:57 . 2009-07-10 22:38 65536 ----a-w- c:\windows\freddy49.exe
2009-07-08 23:54 . 2009-07-08 23:54 28160 ---h--w- c:\windows\ld11.exe
2009-07-07 02:35 . 2009-07-07 02:37 -------- d-----w- c:\program files\Margrave Manor 2 - Lost Ship
2009-07-04 02:29 . 2009-07-04 02:33 -------- d-----w- c:\program files\Big Kahuna Reef 2 - Chain Reaction
2009-07-03 22:52 . 2009-07-03 22:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Enlightenus
2009-07-03 22:51 . 2009-07-03 22:52 -------- d-----w- c:\program files\Enlightenus
2009-07-02 15:59 . 2009-07-02 15:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\YoudaGames
2009-07-02 15:54 . 2009-07-02 15:56 -------- d-----w- c:\program files\Youda Legend - The Curse of the Amsterdam Diamond
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Purple Patch Games
2009-07-01 23:43 . 2009-07-01 23:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hidden Island Data
2009-07-01 23:41 . 2009-07-01 23:41 -------- d-----w- c:\program files\Hidden Island
2009-06-29 16:02 . 2009-06-29 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2009-06-29 03:01 . 2009-06-29 03:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Playrix Entertainment
2009-06-29 02:59 . 2009-06-29 04:06 -------- d-----w- c:\program files\Fishdom H2O - Hidden Odyssey
2009-06-28 17:41 . 2009-06-28 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GAMESHASTRA
2009-06-28 17:41 . 2009-06-28 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\GAMESHASTRA
2009-06-19 20:22 . 2009-07-09 15:10 -------- d-----w- c:\program files\KwinzySearch
2009-06-19 20:22 . 2009-07-09 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\KwinzySearch
2009-06-14 03:34 . 2009-06-14 03:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Faerie Solitaire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 19:45 . 2009-04-01 04:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ComcastToolbar
2009-07-11 19:32 . 2009-05-09 13:51 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-07-09 04:07 . 2009-03-23 03:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-09 02:21 . 2009-04-21 03:59 -------- d-----w- c:\program files\Top Ten Solitaire
2009-07-09 01:09 . 2009-03-22 21:49 -------- d-----w- c:\program files\McAfee
2009-07-09 00:50 . 2009-03-22 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-09 00:02 . 2009-04-24 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 00:00 . 2009-04-24 02:43 -------- d-----w- c:\program files\Norton Security Scan
2009-07-07 23:43 . 2009-03-23 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-30 02:39 . 2009-05-30 02:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\JewelMatch2
2009-06-30 01:42 . 2009-04-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-30 01:42 . 2009-04-27 01:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PlayFirst
2009-06-28 13:35 . 2009-05-28 23:38 -------- d-----w- c:\program files\Kwinzy
2009-06-28 05:50 . 2009-03-24 00:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-09 14:34 . 2009-06-09 14:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ERS G-Studio
2009-06-09 14:19 . 2009-06-09 14:19 -------- d-----w- c:\program files\Hidden Wonders of the Depths 2
2009-06-08 00:57 . 2009-05-09 13:44 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-06-08 00:56 . 2009-06-08 00:56 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_1f30bbc\EasyShrx.Dll
2009-06-03 00:25 . 2009-04-01 04:29 -------- d-----w- c:\program files\Oberon Media
2009-06-02 23:57 . 2009-06-02 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SpinTop Games
2009-06-02 01:20 . 2009-03-23 04:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-05-30 18:29 . 2005-08-09 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 02:35 . 2009-05-30 02:35 -------- d-----w- c:\program files\Jewel Match 2
2009-05-30 01:14 . 2009-05-28 23:39 -------- d-----w- c:\program files\Playalot Games
2009-05-30 01:13 . 2009-04-01 03:04 -------- d-----w- c:\program files\RealArcade
2009-05-29 23:36 . 2009-05-29 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-05-29 03:10 . 2009-05-29 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-05-29 03:08 . 2009-05-29 03:08 64 ----a-w- c:\windows\GPlrLanc.dat
2009-05-29 03:08 . 2009-05-29 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-05-29 03:06 . 2009-05-29 03:06 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\program files\PriceGong
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PriceGong
2009-05-29 00:31 . 2009-05-28 23:36 -------- d-----w- c:\program files\AskBarDis
2009-05-28 23:40 . 2009-05-28 23:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Titanium Gears
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Gamevance
2009-05-28 12:52 . 2009-05-28 11:58 -------- d-----w- c:\program files\Treasure Seekers - The Enchanted Canvases
2009-05-28 11:59 . 2009-05-28 11:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Artogon
2009-05-27 02:36 . 2009-05-27 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\7Wonders2
2009-05-27 02:36 . 2009-05-27 02:36 -------- d-----w- c:\program files\7 Wonders II
2009-05-27 02:35 . 2009-03-23 03:02 -------- d-----w- c:\program files\bfgclient
2009-05-26 02:00 . 2009-04-15 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-05-26 01:59 . 2009-05-26 01:59 -------- d-----w- c:\program files\Call of Atlantis
2009-05-25 22:49 . 2009-05-25 22:48 -------- d-----w- c:\program files\Hidden Mysteries - Civil War
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IronCode
2009-05-21 23:58 . 2005-08-09 16:57 -------- d-----w- c:\program files\Easy Internet signup
2009-05-21 23:36 . 2009-05-21 23:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LTOA
2009-05-21 14:32 . 2005-08-09 17:00 -------- d-----w- c:\program files\Google
2009-05-21 00:42 . 2009-05-21 00:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Angkor
2009-05-21 00:41 . 2009-04-01 03:05 -------- d-----w- c:\program files\Zylom Games
2009-05-20 06:22 . 2009-05-20 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Redrum
2009-05-16 23:37 . 2009-05-16 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Friday's games
2009-05-16 22:17 . 2009-05-16 22:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Pi Eye Games
2009-05-16 21:09 . 2009-05-16 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-16 00:58 . 2009-05-16 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Divo Games
2009-05-15 23:56 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Gold Casual Games
2009-05-15 23:56 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Gold Casual Games
2009-05-14 20:29 . 2009-05-14 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Wal-Mart
2009-05-14 20:28 . 2009-05-14 20:28 -------- d-----w- c:\program files\Wal-Mart
2009-05-14 20:28 . 2009-05-14 20:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Wal-Mart
2009-05-14 20:18 . 2009-05-14 20:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Snapfish
2009-05-14 17:22 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-14 17:21 . 2009-05-14 17:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\acccore
2009-05-14 17:21 . 2009-05-14 17:19 -------- d-----w- c:\program files\AIM6
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\program files\Viewpoint
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\program files\Common Files\AOL
2009-05-13 15:56 . 2009-05-13 15:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Orneon
2009-05-12 23:33 . 2009-05-12 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-05-09 13:44 . 2009-05-09 13:44 23766320 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-05-09 13:44 . 2009-05-09 13:44 229376 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\procheck.exe
2009-05-09 13:44 . 2009-05-09 13:44 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-05-09 13:42 . 2009-05-09 13:42 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-05-09 13:41 . 2009-05-09 13:41 30720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\netfw.exe
2009-05-09 13:41 . 2009-05-09 13:41 23510720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\dotnetfx.exe
2009-05-09 13:41 . 2009-05-09 13:41 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-05-09 13:40 . 2009-05-09 13:40 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_3c6cb0\EasyShrx.Dll
2009-05-09 13:40 . 2009-05-09 13:40 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.20.1.dll
2009-05-07 15:32 . 2004-08-10 19:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 19:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 19:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 19:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
2009-03-09 02:09 271672 ----a-w- c:\program files\PriceGong\1.2.0\PriceGongIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-09 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-05-28 104960]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-01-24 544768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

S1 sysdrv;sysdrv;\??\c:\program files\sys\sys.sys --> c:\program files\sys\sys.sys [?]
S2 KwinzySearch Service;KwinzySearch Service;c:\documents and settings\All Users\Application Data\KwinzySearch\kwinzy125.exe [7/8/2009 10:56 PM 54760]
S2 sys;sys;c:\windows\system32\svchost.exe -k sys [8/10/2004 3:00 PM 14336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/14/2009 1:20 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-03-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 18:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 18:32]

2009-07-09 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/?cid=tbar
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 16:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(220)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-11 16:49
ComboFix-quarantined-files.txt 2009-07-11 20:48
ComboFix2.txt 2009-07-11 20:36

Pre-Run: 24,546,504,704 bytes free
Post-Run: 24,532,893,696 bytes free

218 --- E O F --- 2009-06-11 06:50






NEW HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:42 PM, on 7/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Gamevance\gamevance32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\KwinzySearch\kwinzy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=tbar
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar\NetAssistant.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.62 antispy.microsoft.com
O1 - Hosts: 209.44.111.62 antiaware-pro.com
O1 - Hosts: 209.44.111.62 www.antiaware-pro.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.2.0\PriceGongIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar\freeze_us.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KwinzySearch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8223 bytes

also, just realized, google search is working and i haven't gotten a "Security Warning" pop up since i came back to normal mode

Can you please set your date to the correct one, then try running ComboFix from normal mode and post that log.

combofix in normal:



ComboFix 09-07-03.03 - HP_Administrator 07/04/2009 8:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.145 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\0101120101464849.dat
c:\windows\freddy49.exe
c:\windows\Installer\20059.msi
c:\windows\ld11.exe
c:\windows\strt_1247185002.exe
c:\windows\strt_1247265486.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYS
-------\Legacy_SYSDRV
-------\Service_sys
-------\Service_sysdrv


((((((((((((((((((((((((( Files Created from 2009-06-04 to 2009-07-04 )))))))))))))))))))))))))))))))
.

2009-07-11 20:30 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-07-11 19:59 . 2009-07-11 19:59 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-07-09 23:46 . 2009-07-10 02:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Lavasoft
2009-07-09 23:46 . 2009-07-09 23:46 -------- d-----w- c:\program files\Lavasoft
2009-07-09 23:26 . 2009-07-09 23:26 -------- d-----w- c:\program files\Trend Micro
2009-07-09 02:56 . 2009-06-30 19:14 54760 ----a-w- c:\documents and settings\All Users\Application Data\KwinzySearch\kwinzy125.exe
2009-07-09 00:57 . 2009-07-09 00:57 1 ---h--w- c:\windows\bf23567.dat
2009-07-07 02:35 . 2009-07-07 02:37 -------- d-----w- c:\program files\Margrave Manor 2 - Lost Ship
2009-07-04 02:29 . 2009-07-04 02:33 -------- d-----w- c:\program files\Big Kahuna Reef 2 - Chain Reaction
2009-07-03 22:52 . 2009-07-03 22:53 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Enlightenus
2009-07-03 22:51 . 2009-07-03 22:52 -------- d-----w- c:\program files\Enlightenus
2009-07-02 15:59 . 2009-07-02 15:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\YoudaGames
2009-07-02 15:54 . 2009-07-02 15:56 -------- d-----w- c:\program files\Youda Legend - The Curse of the Amsterdam Diamond
2009-07-02 00:46 . 2009-07-02 00:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Purple Patch Games
2009-07-01 23:43 . 2009-07-01 23:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Hidden Island Data
2009-07-01 23:41 . 2009-07-01 23:41 -------- d-----w- c:\program files\Hidden Island
2009-06-29 16:02 . 2009-06-29 16:02 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Identities
2009-06-29 03:01 . 2009-06-29 03:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Playrix Entertainment
2009-06-29 02:59 . 2009-06-29 04:06 -------- d-----w- c:\program files\Fishdom H2O - Hidden Odyssey
2009-06-28 17:41 . 2009-06-28 17:41 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\GAMESHASTRA
2009-06-28 17:41 . 2009-06-28 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\GAMESHASTRA
2009-06-19 20:22 . 2009-07-09 15:10 -------- d-----w- c:\program files\KwinzySearch
2009-06-19 20:22 . 2009-07-09 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\KwinzySearch
2009-06-14 03:34 . 2009-06-14 03:38 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Faerie Solitaire
2009-06-09 14:34 . 2009-06-09 14:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ERS G-Studio
2009-06-09 14:19 . 2009-06-09 14:19 -------- d-----w- c:\program files\Hidden Wonders of the Depths 2
2009-06-08 00:56 . 2009-06-08 00:56 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_1f30bbc\EasyShrx.Dll
2009-06-08 00:56 . 2008-10-30 11:57 2499984 ----a-r- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_1f30bbc\Setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 00:11 . 2009-03-23 03:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-11 22:57 . 2009-04-21 03:59 -------- d-----w- c:\program files\Top Ten Solitaire
2009-07-11 19:45 . 2009-04-01 04:29 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ComcastToolbar
2009-07-09 01:09 . 2009-03-22 21:49 -------- d-----w- c:\program files\McAfee
2009-07-09 00:50 . 2009-03-22 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-09 00:02 . 2009-04-24 02:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-09 00:00 . 2009-04-24 02:43 -------- d-----w- c:\program files\Norton Security Scan
2009-07-07 23:43 . 2009-03-23 03:01 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-04 12:46 . 2009-05-09 13:51 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-06-30 02:39 . 2009-05-30 02:35 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\JewelMatch2
2009-06-30 01:42 . 2009-04-27 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-30 01:42 . 2009-04-27 01:26 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PlayFirst
2009-06-28 13:35 . 2009-05-28 23:38 -------- d-----w- c:\program files\Kwinzy
2009-06-28 05:50 . 2009-03-24 00:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-06-08 00:57 . 2009-05-09 13:44 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\BindBins.exe
2009-06-03 00:25 . 2009-04-01 04:29 -------- d-----w- c:\program files\Oberon Media
2009-06-02 23:57 . 2009-06-02 20:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\SpinTop Games
2009-06-02 01:20 . 2009-03-23 04:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Apple Computer
2009-05-30 18:29 . 2005-08-09 16:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-30 02:35 . 2009-05-30 02:35 -------- d-----w- c:\program files\Jewel Match 2
2009-05-30 01:14 . 2009-05-28 23:39 -------- d-----w- c:\program files\Playalot Games
2009-05-30 01:13 . 2009-04-01 03:04 -------- d-----w- c:\program files\RealArcade
2009-05-29 23:36 . 2009-05-29 23:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AdobeUM
2009-05-29 03:10 . 2009-05-29 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Winferno
2009-05-29 03:08 . 2009-05-29 03:08 64 ----a-w- c:\windows\GPlrLanc.dat
2009-05-29 03:08 . 2009-05-29 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-05-29 03:06 . 2009-05-29 03:06 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\program files\My.Freeze.com Toolbar
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\program files\PriceGong
2009-05-29 03:05 . 2009-05-29 03:05 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\PriceGong
2009-05-29 00:31 . 2009-05-28 23:36 -------- d-----w- c:\program files\AskBarDis
2009-05-28 23:40 . 2009-05-28 23:40 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Titanium Gears
2009-05-28 23:36 . 2009-05-28 23:36 -------- d-----w- c:\program files\Gamevance
2009-05-28 12:52 . 2009-05-28 11:58 -------- d-----w- c:\program files\Treasure Seekers - The Enchanted Canvases
2009-05-28 11:59 . 2009-05-28 11:59 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Artogon
2009-05-27 02:36 . 2009-05-27 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\7Wonders2
2009-05-27 02:36 . 2009-05-27 02:36 -------- d-----w- c:\program files\7 Wonders II
2009-05-27 02:35 . 2009-03-23 03:02 -------- d-----w- c:\program files\bfgclient
2009-05-26 02:00 . 2009-04-15 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2009-05-26 01:59 . 2009-05-26 01:59 -------- d-----w- c:\program files\Call of Atlantis
2009-05-25 22:49 . 2009-05-25 22:48 -------- d-----w- c:\program files\Hidden Mysteries - Civil War
2009-05-25 00:27 . 2009-05-25 00:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IronCode
2009-05-21 23:58 . 2005-08-09 16:57 -------- d-----w- c:\program files\Easy Internet signup
2009-05-21 23:36 . 2009-05-21 23:34 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LTOA
2009-05-21 14:32 . 2005-08-09 17:00 -------- d-----w- c:\program files\Google
2009-05-21 00:42 . 2009-05-21 00:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Angkor
2009-05-21 00:41 . 2009-04-01 03:05 -------- d-----w- c:\program files\Zylom Games
2009-05-20 06:22 . 2009-05-20 06:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Redrum
2009-05-16 23:37 . 2009-05-16 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Friday's games
2009-05-16 22:17 . 2009-05-16 22:17 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Pi Eye Games
2009-05-16 21:09 . 2009-05-16 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-16 00:58 . 2009-05-16 00:58 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Divo Games
2009-05-15 23:56 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Gold Casual Games
2009-05-15 23:56 . 2009-05-15 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Gold Casual Games
2009-05-14 20:29 . 2009-05-14 20:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Wal-Mart
2009-05-14 20:28 . 2009-05-14 20:28 -------- d-----w- c:\program files\Wal-Mart
2009-05-14 20:28 . 2009-05-14 20:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Wal-Mart
2009-05-14 20:18 . 2009-05-14 20:18 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Snapfish
2009-05-14 17:22 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-14 17:21 . 2009-05-14 17:21 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\acccore
2009-05-14 17:21 . 2009-05-14 17:19 -------- d-----w- c:\program files\AIM6
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\program files\Viewpoint
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-14 17:20 . 2009-05-14 17:20 -------- d-----w- c:\program files\Common Files\AOL
2009-05-13 15:56 . 2009-05-13 15:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Orneon
2009-05-12 23:33 . 2009-05-12 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Fugazo
2009-05-11 01:23 . 2009-05-11 01:22 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Bigfish 3 Days Zoo Mystery
2009-05-10 15:33 . 2009-05-09 13:51 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ArcSoft
2009-05-09 14:00 . 2009-05-09 14:00 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\KodakCredentialStore
2009-05-09 13:56 . 2009-05-09 13:56 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Skinux
2009-05-09 13:52 . 2009-05-09 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-05-09 13:52 . 2009-05-09 13:52 -------- d-----w- c:\program files\QuickTime
2009-05-09 13:52 . 2005-08-09 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-09 13:51 . 2009-05-09 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-05-09 13:51 . 2009-05-09 13:50 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-05-09 13:50 . 2009-05-09 13:50 -------- d-----w- c:\program files\ArcSoft
2009-05-09 13:50 . 2009-05-09 13:44 -------- d-----w- c:\program files\Kodak
2009-05-09 13:49 . 2009-05-09 13:48 -------- d-----w- c:\program files\Common Files\Kodak
2009-05-09 13:44 . 2009-05-09 13:44 23766320 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\QuickTimeInstaller.exe
2009-05-09 13:44 . 2009-05-09 13:44 229376 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\QUICK\procheck.exe
2009-05-09 13:44 . 2009-05-09 13:44 62976 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\content\setup.exe
2009-05-09 13:42 . 2009-05-09 13:42 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\creative\app\setup.exe
2009-05-09 13:41 . 2009-05-09 13:41 30720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\netfw.exe
2009-05-09 13:41 . 2009-05-09 13:41 23510720 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\fwork\dotnetfx.exe
2009-05-09 13:41 . 2009-05-09 13:41 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2009-05-09 13:40 . 2009-05-09 13:40 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140001_3c6cb0\EasyShrx.Dll
2009-05-09 13:40 . 2009-05-09 13:40 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.9.20.1.dll
2009-05-07 15:32 . 2004-08-10 19:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-10 19:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-10 19:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-10 19:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-10 19:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-12 02:31 . 2009-04-12 02:31 4096 ----a-w- c:\windows\d3dx.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-11_20.31.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-04 12:46 . 2009-07-04 12:46 16384 c:\windows\temp\Perflib_Perfdata_3fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 21:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
2009-03-09 02:09 271672 ----a-w- c:\program files\PriceGong\1.2.0\PriceGongIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-11 59392]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-11 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-08-09 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-23 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"Gamevance"="c:\program files\Gamevance\gamevance32.exe" [2009-05-28 104960]
"SMSERIAL"="sm56hlpr.exe" - c:\windows\sm56hlpr.exe [2005-01-24 544768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sys

R2 KwinzySearch Service;KwinzySearch Service;c:\documents and settings\All Users\Application Data\KwinzySearch\kwinzy125.exe [7/8/2009 10:56 PM 54760]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/14/2009 1:20 PM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-03-22 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 18:32]

2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-03-22 18:32]

2009-07-09 c:\windows\Tasks\Norton Security Scan for HP_Administrator.job
- c:\program files\Norton Security Scan\Nss.exe [2009-03-13 21:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/?cid=tbar
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 08:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1116)
c:\program files\KwinzySearch\kwinzy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\KwinzySearch\kwinzy.exe
.
**************************************************************************
.
Completion time: 2009-07-04 8:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-04 12:51
ComboFix2.txt 2009-07-11 20:49
ComboFix3.txt 2009-07-11 20:36

Pre-Run: 24,024,371,200 bytes free
Post-Run: 23,931,047,936 bytes free

265 --- E O F --- 2009-06-11 06:50