Solved They are calling it "Dangerous Trojan horses"

[Resolved] They are calling it "Dangerous Trojan horses "

When i use windows explore and start clicking on folders a "System Error" widow pops up saying,

Attention, (User Name)! Some dangerous trojan horses detected in you system. Windows Vista (TM) Home Premium files corrupted. This may lead to the destruction of important files in C:\Windows. Download protection software now! Click OK to download the antispyware. (Recommended)

then it gives the "Yes" and "No" buttons. Either one you click takes you directly to a download file.

I never downloaded the file.

I have another computer on the same network doing the same thing, so i don't know which one contracted it.

Someone help me.

here is the Deckard report:






Deckard's System Scanner v20071014.68
Run by God on 2008-06-19 12:22:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as God.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:10 PM, on 6/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\God\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\God.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: BhoApp Class - {BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56} - C:\Windows\system32\winbho32.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 13746 bytes

-- Files created between 2008-05-19 and 2008-06-19 -----------------------------

2008-06-19 12:07:40 0 d-------- C:\Program Files\Trend Micro
2008-06-18 22:11:47 0 d-------- C:\Program Files\Free Registry Cleaner for Vista
2008-06-18 15:58:55 0 d-------- C:\Program Files\Lavasoft
2008-06-18 15:58:51 0 d-------- C:\Users\All Users\Lavasoft
2008-06-17 22:26:02 13312 --a------ C:\Windows\system32\winbho32.dll
2008-06-17 17:38:48 0 d-------- C:\Users\All Users\Yellow Cup
2008-06-17 17:38:38 0 d-------- C:\Program Files\Yellow Cup
2008-06-17 14:42:31 0 d-------- C:\Program Files\RadLight Company
2008-06-09 00:04:48 0 d-------- C:\perflogs
2008-05-30 18:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 18:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 17:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 17:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 17:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2008-06-19 06:33:54 27649 --a------ C:\Users\God\AppData\Roaming\nvModes.001
2008-06-19 06:33:52 0 d-------- C:\Users\God\AppData\Roaming\WTablet
2008-06-18 23:49:47 12 --a------ C:\Windows\bthservsdp.dat
2008-06-18 15:57:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-17 14:42:37 0 d-------- C:\Users\God\AppData\Roaming\RadLight Company
2008-06-17 11:17:37 0 d-------- C:\Users\God\AppData\Roaming\Mozilla
2008-06-11 15:43:41 0 d-------- C:\Program Files\DivX
2008-06-11 03:10:14 0 d-------- C:\Program Files\Windows Mail
2008-06-10 21:40:12 27649 --a------ C:\Users\God\AppData\Roaming\nvModes.dat
2008-05-30 00:05:11 0 d-------- C:\Program Files\Trillian
2008-05-22 17:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-21 13:39:02 0 d-------- C:\Users\God\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-05-19 14:42:56 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-12 22:45:28 0 d-------- C:\Users\God\AppData\Roaming\WinRAR
2008-05-11 18:29:12 0 d-------- C:\Program Files\Memorex exPressit Label Design Studio
2008-05-11 18:29:03 0 d-------- C:\Program Files\Common Files
2008-05-11 18:29:03 0 d-------- C:\Program Files\Common Files\SureThing Shared
2008-05-11 00:32:28 0 d-------- C:\Program Files\DVD Shrink
2008-05-09 22:53:27 0 d-------- C:\Program Files\NeroInstall.bak
2008-05-08 23:01:39 0 d-------- C:\Program Files\The Weather Channel FW
2008-05-05 20:18:52 0 d-------- C:\Program Files\AskPBar
2008-05-04 21:27:28 0 d-------- C:\Program Files\Bonjour
2008-05-01 14:20:18 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2008-05-01 00:12:27 0 d-------- C:\Users\God\AppData\Roaming\acccore
2008-04-28 13:22:20 0 d-------- C:\Program Files\HP
2008-04-24 11:45:47 0 d-------- C:\Users\God\AppData\Roaming\Adobe
2008-04-21 18:38:49 0 d-------- C:\Program Files\McAfee
2008-04-20 14:10:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-20 14:10:29 0 d-------- C:\Program Files\Electronic Arts
2008-04-20 14:08:21 0 dr-h----- C:\Users\God\AppData\Roaming\SecuROM
2008-03-30 14:13:32 174 --ahs---- C:\Program Files\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBEEBE4F-3EDA-40F4-A0AB-87593EE49C56}]
06/17/2008 10:26 PM 13312 --a------ C:\Windows\system32\winbho32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
08/31/2007 02:32 PM 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [09/27/2007 07:05 PM]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [09/13/2007 07:32 PM]
"DpAgent "= "C:\Program Files\DigitalPersona\Bin\dpagent.exe" [09/20/2007 02:12 PM]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 02:38 AM]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/03/2007 06:15 PM]
"@ "=" " []
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"RtHDVCpl "= "RtHDVCpl.exe" [10/10/2007 02:59 AM C:\Windows\RtHDVCpl.exe]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [03/28/2008 08:15 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 07:31 PM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [11/07/2007 08:16 PM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [11/07/2007 08:16 PM]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [11/07/2007 08:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [01/19/2008 02:33 AM]
"ISUSPM "= "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [03/29/2007 06:41 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/19/2008 02:33 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 02:33 AM]

C:\Users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [8/24/2007 4:45:42 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [12/4/2007 2:13:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "=1 (0x1)
"AllowUnhashedWebView "=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=CLKERN.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-19 12:22:46 ------------

 

Welcome to WindowsBBS RocketMan531

Download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

I would also like for you to do the same with the other computer and post those logs in a new topic here. It will be easier to keep track of which one we're working on that way.

 

I will start a new thread called "other computer" for my other computer.




ComboFix 08-06-19.1 - God 2008-06-19 17:02:46.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.947 [GMT -5:00]
Running from: C:\Users\God\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\God\AppData\Roaming\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 15:58 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 15:58 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-19 12:12 . 2008-06-19 12:12 <DIR> d-------- C:\Deckard
2008-06-19 12:07 . 2008-06-19 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 22:11 . 2008-06-18 22:13 <DIR> d-------- C:\Program Files\Free Registry Cleaner for Vista
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-18 15:58 . 2008-06-18 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 22:26 . 2008-06-17 22:26 13,312 --a------ C:\Windows\System32\winbho32.dll
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Users\All Users\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\ProgramData\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Program Files\Yellow Cup
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Users\God\AppData\Roaming\RadLight Company
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Program Files\RadLight Company
2008-06-14 03:14 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 03:14 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 03:14 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 03:14 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 00:57 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 00:57 . 2008-04-28 20:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 00:57 . 2008-04-28 22:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 00:57 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 00:57 . 2008-04-28 20:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 00:56 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 00:56 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-09 15:53 . 2008-06-09 15:53 0 --a------ C:\Windows\System32\NeroCopyGadgetData-0181.xml
2008-06-09 00:04 . 2008-06-09 00:04 <DIR> d-------- C:\perflogs
2008-05-28 07:04 . 2008-03-07 21:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:04 . 2008-03-07 23:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-22 17:22 . 2008-05-22 17:22 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-22 17:20 . 2008-05-22 17:20 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-22 17:20 . 2008-05-22 17:20 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-22 17:19 . 2008-05-22 17:19 196,608 --a------ C:\Windows\System32\dtu100.dll
2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 17:19 . 2008-05-22 17:19 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-05-22 17:18 . 2008-05-22 17:18 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:59 --------- d-----w C:\Users\God\AppData\Roaming\WTablet
2008-06-19 20:35 --------- d-----w C:\Program Files\Trillian
2008-06-19 04:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-19 04:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-18 21:07 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-06-18 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 19:48 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-11 20:43 --------- d-----w C:\Program Files\DivX
2008-06-11 08:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 02:40 27,649 ----a-w C:\Users\God\AppData\Roaming\nvModes.dat
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 15:15 --------- d-----w C:\ProgramData\CyberLink
2008-05-21 18:39 --------- d-----w C:\Users\God\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-05-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 16:03 --------- d-----w C:\ProgramData\NVIDIA
2008-05-14 08:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 23:29 --------- d-----w C:\Program Files\Memorex exPressit Label Design Studio
2008-05-11 23:29 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-11 22:27 --------- d-----w C:\ProgramData\WinZip
2008-05-11 05:32 --------- d-----w C:\Program Files\DVD Shrink
2008-05-10 03:53 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-09 04:01 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-06 01:18 --------- d-----w C:\Program Files\AskPBar
2008-05-05 02:27 --------- d-----w C:\Program Files\Bonjour
2008-05-01 19:20 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-01 05:12 --------- d-----w C:\Users\God\AppData\Roaming\acccore
2008-04-28 18:22 --------- d-----w C:\Program Files\HP
2008-04-21 23:38 --------- d-----w C:\Program Files\McAfee
2008-04-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 19:10 --------- d-----w C:\Program Files\Electronic Arts
2008-04-20 19:09 --------- d-----w C:\ProgramData\Electronic Arts
2008-04-20 19:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-20 19:08 --------- d--h--r C:\Users\God\AppData\Roaming\SecuROM
2008-03-30 19:13 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 18:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-30 18:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-11 04:15 0 ----a-w C:\Users\God\AppData\Roaming\wklnhst.dat
2008-03-09 20:16 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_16.47.42.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 11:11:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 21:56:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-19 11:11:36 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 21:56:56 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-19 11:11:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-19 21:56:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-19 21:34:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-19 22:07:16 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-19 22:07:16 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-19 21:05:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 21:52:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-19 21:05:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 21:52:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-19 21:05:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-19 21:52:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"ISUSPM "= "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 18:41 222128]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 19:05 202032]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 19:32 222504]
"DpAgent "= "C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 14:12 671744]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 18:15 480560]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-10 02:59 4702208 C:\Windows\RtHDVCpl.exe]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2008-03-28 20:15 468264]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-11-07 20:16 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-11-07 20:16 8501792]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-11-07 20:16 81920]

C:\Users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 14:13:34 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"VIDC.dvh1 "= smdvCodec.dll
"VIDC.dv25 "= smdvCodec.dll
"VIDC.dv50 "= smdvCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME> "=
"C:\\Program Files\\Vongo\\VongoService.exe "= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F19CA2F5-3D5B-43D1-9A6D-FA85B8A1F0D7} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FA709E39-946F-4C33-8807-E1656E17A2E3} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{92D76965-A678-4273-B2E8-AD77BD8175BB} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{20E4305F-D43B-4E66-A205-A6F6C03F049D} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC42F47B-30F6-4911-B648-576707380B60} "= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{80C01801-8190-4F30-900C-EFE1F65273A8} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4DAC7F93-67BD-4B33-872B-66F6C69699DE} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BCEBBCF9-6540-4BAC-BBBC-349ECC472FEB} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23751CDD-6BDE-4E0A-BD14-0861CAA0D4D0} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3C43376B-4EDA-4741-993B-BECF54C04D55} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A03DDBD4-AEFD-4A5E-9253-18669217541D} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BF714C3A-8759-489D-A5DE-193CADF0D732} "= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{D7D3CD70-2E67-45D0-9021-3380F5564089} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4173D266-9497-4656-8160-7A1C2224CB2C} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{65462DA0-A4C9-4256-89AB-F5952C62BE20} "= UDP:3703:Adobe Version Cue CS3 Server
"{5113C73B-A6C8-4B25-9664-D46FD2C6E5AE} "= UDP:3704:Adobe Version Cue CS3 Server
"{B9440562-6F1E-4236-8599-6EC0B1ABFA89} "= UDP:50900:Adobe Version Cue CS3 Server
"{DFB03819-BE41-4B90-A3F7-DD7F863C30AA} "= UDP:50901:Adobe Version Cue CS3 Server
"{2523A441-39CA-4DAD-8F4F-39E9FFCD54BE} "= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E6DAFA3D-26DC-466A-BB6B-57D0F2D1454B} "= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6C650F2A-0CF9-4E3E-9EE2-A04A82AF3541} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98C9804A-5FBC-41BE-A659-EF7C31A44612} "= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B1F2B3CE-725E-4B5E-BE23-DC8B145B2BC1} "= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{77B224CF-7D7B-4097-8676-02FCF83F648B} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{006BFFEB-7325-468E-8E5A-0EEF474FF610} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{73EBB3B4-47C1-4C76-8698-BF8EA46C5780} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F7F80810-5167-4094-A0D3-030992B1C979} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2008-03-28 20:16]
R2 QPSched;QuickPlay Task Scheduler (QTS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2008-03-28 20:16]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-11-08 06:37]
R2 WacomTouchService;Wacom Touch Service;C:\Windows\system32\WacomTouchService.exe [2007-10-16 08:55]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-10-03 18:14]
R3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-10-03 18:13]
R3 Wacomhidfilter;Wacom HID Filter;C:\Windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10:39]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 05:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-10-06 04:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 10:11]
R3 WacomVTHid;Virtual Touch Driver;C:\Windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 08:55]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 13:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 13:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 13:12]
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 06:59:04 C:\Windows\Tasks\McDefragTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:11 C:\Windows\Tasks\McQcTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-19 18:15:12 C:\Windows\Tasks\User_Feed_Synchronization-{DFC309B6-3FD9-405F-91D7-F57A156CF9ED}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 17:07:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 17:10:16
ComboFix-quarantined-files.txt 2008-06-19 22:09:50
ComboFix2.txt 2008-06-19 21:48:17

Pre-Run: 42,291,187,712 bytes free
Post-Run: 42,257,801,216 bytes free

265 --- E O F --- 2008-06-18 04:43:10











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:23:09 PM, on 6/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 13309 bytes

 

You ran ComboFix twice, and I need to see the first log. It is located at C:\Qoobox\ComboFix2.txt

 

1st run:




ComboFix 08-06-19.1 - God 2008-06-19 16:22:50.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1042 [GMT -5:00]
Running from: C:\Users\God\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\KBL.LOG

.
((((((((((((((((((((((((( Files Created from 2008-05-19 to 2008-06-19 )))))))))))))))))))))))))))))))
.

2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\God\AppData\Roaming\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 15:58 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 15:58 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-19 12:12 . 2008-06-19 12:12 <DIR> d-------- C:\Deckard
2008-06-19 12:07 . 2008-06-19 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 22:11 . 2008-06-18 22:13 <DIR> d-------- C:\Program Files\Free Registry Cleaner for Vista
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-18 15:58 . 2008-06-18 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 22:26 . 2008-06-17 22:26 13,312 --a------ C:\Windows\System32\winbho32.dll
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Users\All Users\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\ProgramData\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Program Files\Yellow Cup
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Users\God\AppData\Roaming\RadLight Company
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Program Files\RadLight Company
2008-06-14 03:14 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 03:14 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 03:14 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 03:14 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 00:57 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 00:57 . 2008-04-28 20:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 00:57 . 2008-04-28 22:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 00:57 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 00:57 . 2008-04-28 20:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 00:56 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 00:56 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-09 15:53 . 2008-06-09 15:53 0 --a------ C:\Windows\System32\NeroCopyGadgetData-0181.xml
2008-06-09 00:04 . 2008-06-09 00:04 <DIR> d-------- C:\perflogs
2008-05-28 07:04 . 2008-03-07 21:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:04 . 2008-03-07 23:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-22 17:22 . 2008-05-22 17:22 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-22 17:20 . 2008-05-22 17:20 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-22 17:20 . 2008-05-22 17:20 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-22 17:19 . 2008-05-22 17:19 196,608 --a------ C:\Windows\System32\dtu100.dll
2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 17:19 . 2008-05-22 17:19 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-05-22 17:18 . 2008-05-22 17:18 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 21:33 --------- d-----w C:\Users\God\AppData\Roaming\WTablet
2008-06-19 20:35 --------- d-----w C:\Program Files\Trillian
2008-06-19 04:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-19 04:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-18 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 19:48 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-11 20:43 --------- d-----w C:\Program Files\DivX
2008-06-11 08:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 02:40 27,649 ----a-w C:\Users\God\AppData\Roaming\nvModes.dat
2008-05-22 15:15 --------- d-----w C:\ProgramData\CyberLink
2008-05-21 18:39 --------- d-----w C:\Users\God\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-05-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 16:03 --------- d-----w C:\ProgramData\NVIDIA
2008-05-14 08:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 23:29 --------- d-----w C:\Program Files\Memorex exPressit Label Design Studio
2008-05-11 23:29 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-11 22:27 --------- d-----w C:\ProgramData\WinZip
2008-05-11 05:32 --------- d-----w C:\Program Files\DVD Shrink
2008-05-10 03:53 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-09 04:01 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-06 01:18 --------- d-----w C:\Program Files\AskPBar
2008-05-05 02:27 --------- d-----w C:\Program Files\Bonjour
2008-05-01 19:20 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-01 05:12 --------- d-----w C:\Users\God\AppData\Roaming\acccore
2008-04-28 18:22 --------- d-----w C:\Program Files\HP
2008-04-21 23:38 --------- d-----w C:\Program Files\McAfee
2008-04-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 19:10 --------- d-----w C:\Program Files\Electronic Arts
2008-04-20 19:09 --------- d-----w C:\ProgramData\Electronic Arts
2008-04-20 19:08 --------- d--h--r C:\Users\God\AppData\Roaming\SecuROM
2008-03-30 19:13 174 --sha-w C:\Program Files\desktop.ini
2008-03-11 04:15 0 ----a-w C:\Users\God\AppData\Roaming\wklnhst.dat
2008-03-09 20:16 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"ISUSPM "= "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 18:41 222128]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 19:05 202032]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 19:32 222504]
"DpAgent "= "C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 14:12 671744]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 02:38 1008184]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 18:15 480560]
"@ "=" " []
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-10 02:59 4702208 C:\Windows\RtHDVCpl.exe]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2008-03-28 20:15 468264]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-11-07 20:16 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-11-07 20:16 8501792]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-11-07 20:16 81920]
"combofix "= "C:\Windows\system32\CF12009.exe" [2008-01-19 02:33 318976]

C:\Users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 14:13:34 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=CLKERN.DLL
"LoadAppInit_DLLs "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"VIDC.dvh1 "= smdvCodec.dll
"VIDC.dv25 "= smdvCodec.dll
"VIDC.dv50 "= smdvCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME> "=
"C:\\Program Files\\Vongo\\VongoService.exe "= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F19CA2F5-3D5B-43D1-9A6D-FA85B8A1F0D7} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FA709E39-946F-4C33-8807-E1656E17A2E3} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{92D76965-A678-4273-B2E8-AD77BD8175BB} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{20E4305F-D43B-4E66-A205-A6F6C03F049D} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC42F47B-30F6-4911-B648-576707380B60} "= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{80C01801-8190-4F30-900C-EFE1F65273A8} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4DAC7F93-67BD-4B33-872B-66F6C69699DE} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BCEBBCF9-6540-4BAC-BBBC-349ECC472FEB} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23751CDD-6BDE-4E0A-BD14-0861CAA0D4D0} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3C43376B-4EDA-4741-993B-BECF54C04D55} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A03DDBD4-AEFD-4A5E-9253-18669217541D} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BF714C3A-8759-489D-A5DE-193CADF0D732} "= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{D7D3CD70-2E67-45D0-9021-3380F5564089} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4173D266-9497-4656-8160-7A1C2224CB2C} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{65462DA0-A4C9-4256-89AB-F5952C62BE20} "= UDP:3703:Adobe Version Cue CS3 Server
"{5113C73B-A6C8-4B25-9664-D46FD2C6E5AE} "= UDP:3704:Adobe Version Cue CS3 Server
"{B9440562-6F1E-4236-8599-6EC0B1ABFA89} "= UDP:50900:Adobe Version Cue CS3 Server
"{DFB03819-BE41-4B90-A3F7-DD7F863C30AA} "= UDP:50901:Adobe Version Cue CS3 Server
"{2523A441-39CA-4DAD-8F4F-39E9FFCD54BE} "= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E6DAFA3D-26DC-466A-BB6B-57D0F2D1454B} "= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6C650F2A-0CF9-4E3E-9EE2-A04A82AF3541} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98C9804A-5FBC-41BE-A659-EF7C31A44612} "= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B1F2B3CE-725E-4B5E-BE23-DC8B145B2BC1} "= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{77B224CF-7D7B-4097-8676-02FCF83F648B} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{006BFFEB-7325-468E-8E5A-0EEF474FF610} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{73EBB3B4-47C1-4C76-8698-BF8EA46C5780} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F7F80810-5167-4094-A0D3-030992B1C979} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 13:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 13:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 06:59:04 C:\Windows\Tasks\McDefragTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:11 C:\Windows\Tasks\McQcTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-19 18:15:12 C:\Windows\Tasks\User_Feed_Synchronization-{DFC309B6-3FD9-405F-91D7-F57A156CF9ED}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 16:34:34
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\WacomTouchService.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\System32\Pen_Tablet.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\Pen_Tablet.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehrecvr.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2008-06-19 16:48:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-19 21:48:11

Pre-Run: 42,589,188,096 bytes free
Post-Run: 42,261,245,952 bytes free

277 --- E O F --- 2008-06-18 04:43:10

 

Please upload the following file to my submission channel for analysis. Leave a link back to this topic.

C:\Windows\System32\winbho32.dll

Thanks!

 

i have posted it

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/showthread.php?t=74437

Collect::
C:\Windows\System32\winbho32.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect the file. This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned file. Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist the author in adding the file for removal in future updates. Thanks!

 

it has been uploaded

 

Thanks! Please post the new ComboFix log at C:\combofix.txt and a fresh HijackThis log.

How's the computer behaving now?

 

I have to post two replies because it's too long for one

She is doing a lot better. there is no sign of the system error window

Is there anything else i need to do?






ComboFix 08-06-19.1 - God 2008-06-19 21:02:53.3 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1007 [GMT -5:00]
Running from: C:\Users\God\Desktop\ComboFix.exe
Command switches used :: C:\Users\God\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\winbho32.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.

2008-06-19 17:51 . 2008-06-19 17:51 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-19 17:51 . 2008-06-19 17:51 1,409 --a------ C:\Windows\QTFont.for
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\God\AppData\Roaming\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-19 15:58 . 2008-06-19 15:58 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 15:58 . 2008-06-10 19:02 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-19 15:58 . 2008-06-10 19:02 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-19 12:12 . 2008-06-19 12:12 <DIR> d-------- C:\Deckard
2008-06-19 12:07 . 2008-06-19 12:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-18 22:11 . 2008-06-18 22:13 <DIR> d-------- C:\Program Files\Free Registry Cleaner for Vista
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-06-18 15:58 . 2008-06-18 16:08 <DIR> d-------- C:\ProgramData\Lavasoft
2008-06-18 15:58 . 2008-06-18 15:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Users\All Users\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\ProgramData\Yellow Cup
2008-06-17 17:38 . 2008-06-17 17:38 <DIR> d-------- C:\Program Files\Yellow Cup
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Users\God\AppData\Roaming\RadLight Company
2008-06-17 14:42 . 2008-06-17 14:42 <DIR> d-------- C:\Program Files\RadLight Company
2008-06-14 03:14 . 2008-04-22 23:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-14 03:14 . 2008-04-22 23:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-14 03:14 . 2008-04-22 23:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-14 03:14 . 2008-04-22 23:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 00:57 . 2008-04-26 03:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 00:57 . 2008-04-28 20:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 00:57 . 2008-04-28 22:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 00:57 . 2008-05-09 20:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 00:57 . 2008-04-28 20:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 00:56 . 2008-04-24 21:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 00:56 . 2008-04-24 23:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-09 15:53 . 2008-06-09 15:53 0 --a------ C:\Windows\System32\NeroCopyGadgetData-0181.xml
2008-06-09 00:04 . 2008-06-09 00:04 <DIR> d-------- C:\perflogs
2008-05-28 07:04 . 2008-03-07 21:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 07:04 . 2008-03-07 23:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-22 17:22 . 2008-05-22 17:22 4,816 --a------ C:\Windows\System32\divxsm.tlb
2008-05-22 17:20 . 2008-05-22 17:20 1,044,480 --a------ C:\Windows\System32\libdivx.dll
2008-05-22 17:20 . 2008-05-22 17:20 200,704 --a------ C:\Windows\System32\ssldivx.dll
2008-05-22 17:19 . 2008-05-22 17:19 196,608 --a------ C:\Windows\System32\dtu100.dll
2008-05-22 17:19 . 2008-05-22 17:19 161,096 --a------ C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 17:19 . 2008-05-22 17:19 81,920 --a------ C:\Windows\System32\dpl100.dll
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dtu100.dll.manifest
2008-05-22 17:19 . 2008-05-22 17:19 416 --a------ C:\Windows\System32\dpl100.dll.manifest
2008-05-22 17:18 . 2008-05-22 17:18 12,288 --a------ C:\Windows\System32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-19 22:15 --------- d-----w C:\Users\God\AppData\Roaming\WTablet
2008-06-19 20:35 --------- d-----w C:\Program Files\Trillian
2008-06-19 04:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-19 04:48 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-06-18 21:07 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2008-06-18 20:57 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-16 19:48 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-11 20:43 --------- d-----w C:\Program Files\DivX
2008-06-11 08:10 --------- d-----w C:\Program Files\Windows Mail
2008-06-11 02:40 27,649 ----a-w C:\Users\God\AppData\Roaming\nvModes.dat
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 15:15 --------- d-----w C:\ProgramData\CyberLink
2008-05-21 18:39 --------- d-----w C:\Users\God\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2008-05-19 19:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 16:03 --------- d-----w C:\ProgramData\NVIDIA
2008-05-14 08:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 23:29 --------- d-----w C:\Program Files\Memorex exPressit Label Design Studio
2008-05-11 23:29 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-11 22:27 --------- d-----w C:\ProgramData\WinZip
2008-05-11 05:32 --------- d-----w C:\Program Files\DVD Shrink
2008-05-10 03:53 --------- d-----w C:\Program Files\NeroInstall.bak
2008-05-09 04:01 --------- d-----w C:\Program Files\The Weather Channel FW
2008-05-06 01:18 --------- d-----w C:\Program Files\AskPBar
2008-05-05 02:27 --------- d-----w C:\Program Files\Bonjour
2008-05-01 19:20 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-05-01 05:12 --------- d-----w C:\Users\God\AppData\Roaming\acccore
2008-04-28 18:22 --------- d-----w C:\Program Files\HP
2008-04-21 23:38 --------- d-----w C:\Program Files\McAfee
2008-04-20 19:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-20 19:10 --------- d-----w C:\Program Files\Electronic Arts
2008-04-20 19:09 --------- d-----w C:\ProgramData\Electronic Arts
2008-04-20 19:08 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-04-20 19:08 --------- d--h--r C:\Users\God\AppData\Roaming\SecuROM
2008-03-30 19:13 174 --sha-w C:\Program Files\desktop.ini
2008-03-30 18:47 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-30 18:47 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-11 04:15 0 ----a-w C:\Users\God\AppData\Roaming\wklnhst.dat
2008-03-09 20:16 22 --sha-w C:\Windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-19_16.47.42.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-19 21:33:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-19 22:14:14 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-19 21:33:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-19 22:14:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-19 21:33:10 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-19 22:14:15 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-19 21:34:08 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-19 22:17:09 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-19 11:11:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 21:56:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-19 11:11:36 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 21:56:56 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-19 16:11:54 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2008-06-20 00:50:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2008-06-19 16:11:54 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2008-06-20 00:50:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2008-06-19 16:11:54 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-20 00:50:36 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-19 11:11:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-19 21:56:56 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-19 21:34:08 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-20 02:07:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-20 02:07:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-20 01:37:33 3,748 ----a-w C:\Windows\SoftwareDistribution\EventCache\{EE3BE3DC-0AC6-4ED0-B085-B646AEC0E49A}.bin
- 2008-06-19 21:05:52 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-19 21:52:55 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-19 21:05:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-19 21:52:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-19 21:05:52 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-19 21:52:55 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-19 21:37:54 8,974 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-579830392-824711621-814799573-1000_UserData.bin
+ 2008-06-19 22:17:40 9,150 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-579830392-824711621-814799573-1000_UserData.bin
- 2008-06-19 21:37:54 76,468 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-19 22:17:39 76,690 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-19 03:22:00 58,306 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-19 22:17:38 58,402 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "= "C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"ISUSPM "= "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 18:41 222128]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"QlbCtrl "= "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-27 19:05 202032]
"UCam_Menu "= "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 19:32 222504]
"DpAgent "= "C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 14:12 671744]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 18:15 480560]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-10 02:59 4702208 C:\Windows\RtHDVCpl.exe]
"QPService "= "C:\Program Files\HP\QuickPlay\QPService.exe" [2008-03-28 20:15 468264]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-11-07 20:16 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-11-07 20:16 8501792]
"NvMediaCenter "= "C:\Windows\system32\NvMcTray.dll" [2007-11-07 20:16 81920]

C:\Users\God\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-12-04 14:13:34 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView "= 1 (0x1)
"AllowUnhashedWebView "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=CLKERN.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp "= l3codecp.acm
"VIDC.dvh1 "= smdvCodec.dll
"VIDC.dv25 "= smdvCodec.dll
"VIDC.dv50 "= smdvCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall "= 0 (0x0)
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME> "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME> "=
"C:\\Program Files\\Vongo\\VongoService.exe "= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F19CA2F5-3D5B-43D1-9A6D-FA85B8A1F0D7} "= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FA709E39-946F-4C33-8807-E1656E17A2E3} "= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{92D76965-A678-4273-B2E8-AD77BD8175BB} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{20E4305F-D43B-4E66-A205-A6F6C03F049D} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FC42F47B-30F6-4911-B648-576707380B60} "= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{80C01801-8190-4F30-900C-EFE1F65273A8} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4DAC7F93-67BD-4B33-872B-66F6C69699DE} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BCEBBCF9-6540-4BAC-BBBC-349ECC472FEB} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{23751CDD-6BDE-4E0A-BD14-0861CAA0D4D0} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{3C43376B-4EDA-4741-993B-BECF54C04D55} "= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A03DDBD4-AEFD-4A5E-9253-18669217541D} "= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BF714C3A-8759-489D-A5DE-193CADF0D732} "= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{D7D3CD70-2E67-45D0-9021-3380F5564089} "= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4173D266-9497-4656-8160-7A1C2224CB2C} "= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{65462DA0-A4C9-4256-89AB-F5952C62BE20} "= UDP:3703:Adobe Version Cue CS3 Server
"{5113C73B-A6C8-4B25-9664-D46FD2C6E5AE} "= UDP:3704:Adobe Version Cue CS3 Server
"{B9440562-6F1E-4236-8599-6EC0B1ABFA89} "= UDP:50900:Adobe Version Cue CS3 Server
"{DFB03819-BE41-4B90-A3F7-DD7F863C30AA} "= UDP:50901:Adobe Version Cue CS3 Server
"{2523A441-39CA-4DAD-8F4F-39E9FFCD54BE} "= UDP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{E6DAFA3D-26DC-466A-BB6B-57D0F2D1454B} "= TCP:C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:Adobe Version Cue CS3 Server
"{6C650F2A-0CF9-4E3E-9EE2-A04A82AF3541} "= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{98C9804A-5FBC-41BE-A659-EF7C31A44612} "= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B1F2B3CE-725E-4B5E-BE23-DC8B145B2BC1} "= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{77B224CF-7D7B-4097-8676-02FCF83F648B} "= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{006BFFEB-7325-468E-8E5A-0EEF474FF610} "= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{73EBB3B4-47C1-4C76-8698-BF8EA46C5780} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F7F80810-5167-4094-A0D3-030992B1C979} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe "= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2008-03-28 20:16]
R2 QPSched;QuickPlay Task Scheduler (QTS); "C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2008-03-28 20:16]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-11-08 06:37]
R2 WacomTouchService;Wacom Touch Service;C:\Windows\system32\WacomTouchService.exe [2007-10-16 08:55]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 USB28xxBGA;WinTV HVR-900;C:\Windows\system32\DRIVERS\emBDA.sys [2007-10-03 18:14]
R3 USB28xxOEM;WinTV OEM Filter;C:\Windows\system32\DRIVERS\emOEM.sys [2007-10-03 18:13]
R3 Wacomhidfilter;Wacom HID Filter;C:\Windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 10:39]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 05:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-10-06 04:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 10:11]
R3 WacomVTHid;Virtual Touch Driver;C:\Windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 08:55]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-12-12 13:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-12-12 13:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-12-12 13:12]
S3 GameConsoleService;GameConsoleService; "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 18:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - PROCEXP110

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
Contents of the 'Scheduled Tasks' folder
"2008-06-15 06:59:04 C:\Windows\Tasks\McDefragTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-06-01 06:00:11 C:\Windows\Tasks\McQcTask.job "
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-06-20 01:38:32 C:\Windows\Tasks\User_Feed_Synchronization-{DFC309B6-3FD9-405F-91D7-F57A156CF9ED}.job "
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-19 21:07:48
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-19 21:09:23
ComboFix-quarantined-files.txt 2008-06-20 02:09:16
ComboFix2.txt 2008-06-19 22:10:17
ComboFix3.txt 2008-06-19 21:48:17

Pre-Run: 44,517,076,992 bytes free
Post-Run: 44,483,911,680 bytes free

297 --- E O F --- 2008-06-20 01:37:01

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:25 PM, on 6/19/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 13123 bytes

 

Scan again with HijackThis and place a check next to the following entry, then click Fix Checked.

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


Click Start and in the Start Search window, type or paste the following then hit enter to uninstall ComboFix.

ComboFix /u


Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot


I recommend you run an online scan to check for any leftovers. Do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log and one more fresh HijackThis log.

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 20, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 20, 2008 18:25:58
Records in database: 879810
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 321183
Threat name: 7
Infected objects: 14
Suspicious objects: 6
Duration of the scan: 05:08:08


File name / Threat name / Threats count
C:\Anna Backup\Outlook\OutlookAndersonJR-00000012.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Program Files\Uninstall Ask Toolbar.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.a 1
C:\Users\God\AppData\Local\Microsoft\Outlook\OutlookAndersonJR-00000012.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Users\God\Software\Downloaders\Ares\AresUltra.exe Infected: not-a-virus:FraudTool.Win32.EtdScanner.a 1
C:\Users\God\Software\Nero\Nero8\Nero PhotoShow Express\nero_photoshow_express_5_setup.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 1
C:\Users\God\Software\Nero\Nero8\nero8x.exe Infected: Trojan-Dropper.Win32.Agent.clt 1
C:\Users\God\Software\PowerISO\PowerISO v3.8 & Key Gen\PowerISO38.exe Infected: Trojan-Dropper.Win32.Agent.cuj 1
C:\Users\God\Software\Video\Virtual Drives\PowerISO\PowerISO v3.8 & Key Gen\PowerISO38.exe Infected: Trojan-Dropper.Win32.Agent.cuj 1
C:\Users\God\Software\Video\VNC\vnc-4_1_2-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4
C:\Users\God\Software\Video\VNC\vnc-4_1_2-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 4

The selected area was scanned.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:49 PM, on 6/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0 "
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: CLKERN.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: Wacom Touch Service (WacomTouchService) - Unknown owner - C:\Windows\system32\WacomTouchService.exe

--
End of file - 12499 bytes

 

These are the ones that concern me most.

C:\Users\God\Software\Nero\Nero8\nero8x.exe Infected: Trojan-Dropper.Win32.Agent.clt 1
C:\Users\God\Software\PowerISO\PowerISO v3.8 & Key Gen\PowerISO38.exe Infected: Trojan-Dropper.Win32.Agent.cuj 1
C:\Users\God\Software\Video\Virtual Drives\PowerISO\PowerISO v3.8 & Key Gen\PowerISO38.exe Infected: Trojan-Dropper.Win32.Agent.cuj 1
C:\Anna Backup\Outlook\OutlookAndersonJR-00000012.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Users\God\AppData\Local\Microsoft\Outlook\OutlookAndersonJR-00000012.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 3


Did you get those in red via P2P or warez site? They need to go.

The 2 in blue indicate an infected email in Outlook. Unfortunatley there's not enough information given for me to tell you which email. Appears that the email account was backed up to the Anna Backup folder, and undoubtedly it's the same infected email in both places.

How's the computer behaving now?

 

it's good now

thanks for all the help

 

Happy to help. I'll mark this topic resolved.

 

Posted a reply on this tread in error