Attention, (name)! Some dangerous trojan horses detected in your system.

Hello,
I am new here and I am trying my best to follow the rules and advice you give.
Apparently some worm alerted Microsoft Explorer and browsing is impossible as the following

"error" pops up.

System error
Attention, (name)! Some dangerous trojan horse detected in your system. Microsoft Vista (TM)

Home Premium files corrupted.
This may lead to the destruction of important files in C:/Windows.
Download protection software now!

Click OK to download antispyware. (Recommended)

With YES or NO choices. Yes leading to a download prompt and NO leading to http://free-

viruscan.com/id/4912933/4/1/ (which happily gets blocked by NOD32)

I do prefer Total Commander to Explorer and Mozilla Firefox to IE but having malware on my

system is unnerving. Also, I am afraid that it has altered Firefox, too. As a part of the

browsing is some-what harder to do. I say this because after running ATF-Cleaner several times

my home page on iGoogle seems to have kept me logged in, which shouldn't have happened if the

cookies were deleted. Also, my machine seems to be running VERY slow. And NOD32 doesn't seem to

have anything to say about it.

I have tried your advice with Malwarebytes' Anti-Malware and did both full scan and quick scan

with no luck at all. The pop up is still there. (I have updated Malwarebytes' Anti-Malware

before scanning) I've tried SUPERAntiSpyware with no luck... I will try Malwarebytes' Anti-

Malware again with no internet connection and as few running process as possible after I finish

writing this post.



Here is my HJT



Deckard's System Scanner v20071014.68
Run by Alex on 2008-06-21 00:08:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2008-06-20 20:27:44 UTC - RP272 - Removed SUPERAntiSpyware Free Edition
4: 2008-06-19 23:01:01 UTC - RP271 - Windows Update
3: 2008-06-19 09:37:48 UTC - RP270 - Scheduled Checkpoint
2: 2008-06-18 16:18:10 UTC - RP269 - Windows Update
1: 2008-06-18 13:11:14 UTC - RP268 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-21 00:11:26
Platform: Windows Vista Service Pack 1 (6.00.6001)
MSIE: Internet Explorer (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alex\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE ext - {2FF811E6-8925-4084-A649-C159955E67E8} - C:\Windows\System32\ini.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} -

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program

Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {F861ECFD-C33E-4281-AF49-B1FFE02BADF3} - C:\Windows\system32\xxywVoPh.dll

(file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless

Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1

\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide

/waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe"

/automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common

Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

(User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

(User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12

\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program

Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} -

C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -

http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) -

https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common

Files\microsoft shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common

Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk

Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple

Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner -

C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program

Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU

Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-

Packard\Shared\hpqWmiEx.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-

Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program

Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


--
End of file - 9330 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\Windows\system32\notepad.exe" "%

1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program

files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 CLCapSvc (CyberLink Background Capture Service (CBCS)) - "c:\program

files\hp\quickplay\kernel\tv\clcapsvc.exe" <Not Verified; ; CLCapSvc Module>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120

\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol

Edition>

S2 CLSched (CyberLink Task Scheduler (CTS)) - "c:\program

files\hp\quickplay\kernel\tv\clsched.exe" <Not Verified; ; CLSched Module>
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet

publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32

bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_30CC103C&REV_01\4&37CDDBA9&0&00E5
Manufacturer: Realtek
Name: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_30CC103C&REV_01\4&37CDDBA9&0&00E5
Service: RTL8169

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\6&2154AAE5&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\6&2154AAE5&0&2
Service: BthPan


-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-20 23:29:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-20 23:29:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 22:56:24 13824 --a------ C:\Windows\system32\ini.dll
2008-06-20 22:56:21 13824 --a------ C:\Windows\system32\dadef.dll
2008-06-20 22:56:17 13824 --a------ C:\Windows\system32\dapol.dll
2008-06-20 22:55:58 13824 --a------ C:\Windows\system32\codef.dll
2008-06-20 22:55:18 13824 --a------ C:\Windows\system32\idef.dll
2008-06-06 14:05:40 0 d-------- C:\Windows\pss
2008-06-06 12:34:15 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 12:33:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 11:16:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-05 13:15:19 377451 --ahs---- C:\Windows\system32\xbabHRqr.ini2
2008-06-05 00:58:39 6858 --ahs---- C:\Windows\system32\oWwENqru.ini2
2008-06-04 17:42:17 378400 --ahs---- C:\Windows\system32\hPoVwyxx.ini2
2008-06-02 23:53:51 0 d-------- C:\Program Files\WinSCP
2008-05-31 22:24:17 0 d-------- C:\Program Files\mplayer2
2008-05-28 23:52:24 0 d-------- C:\Users\All Users\Lavasoft
2008-05-23 00:55:03 52 --a------ C:\smp.bat
2008-05-22 22:47:11 0 d-------- C:\PerfLogs


-- Find3M Report ---------------------------------------------------------------

2008-06-20 23:45:00 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.dat
2008-06-20 23:44:59 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.001
2008-06-20 23:43:17 1647 --a------ C:\Windows\bthservsdp.dat
2008-06-20 23:29:58 0 d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-20 23:28:18 0 d-------- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2008-06-20 23:28:13 0 d-------- C:\Program Files\Common Files
2008-06-20 23:09:14 0 d-------- C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-12 03:08:37 0 d-------- C:\Program Files\Windows Mail
2008-06-04 17:08:42 1056 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-05-22 22:58:01 174 --ahs---- C:\Program Files\desktop.ini
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Sidebar
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Calendar
2008-05-22 22:49:26 0 d-------- C:\Program Files\Movie Maker
2008-05-22 22:49:23 0 d-------- C:\Program Files\Windows Collaboration
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Journal
2008-05-22 22:49:15 0 d-------- C:\Program Files\Windows Defender
2008-05-09 18:14:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 18:23:50 0 d-------- C:\Program Files\Buddy Spy
2008-05-08 17:43:27 0 d-------- C:\Program Files\HP
2008-05-07 17:00:47 0 d-------- C:\Users\Alex\AppData\Roaming\Samsung
2008-05-07 16:59:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 16:51:31 0 d-------- C:\Program Files\Samsung
2008-05-05 03:27:17 2224 --a------ C:\Windows\mozver.dat
2008-05-05 03:27:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-25 23:49:24 0 -rahs---- C:\MSDOS.SYS
2008-03-25 23:49:24 0 -rahs---- C:\IO.SYS
2008-03-25 20:27:01 4096 --a------ C:\Windows\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FF811E6-8925-4084-A649-C159955E67E8}]
06/20/2008 10:56 PM 13824 --a------ C:\Windows\system32\ini.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861ECFD-C33E-4281-AF49-B1FFE02BADF3}]
C:\Windows\system32\xxywVoPh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "= "C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 10:38 AM]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"

[10/03/2007 04:15 PM]
"RtHDVCpl "= "RtHDVCpl.exe" [10/09/2007 04:59 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 07:31 PM]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"CognizanceTS "= "C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 07:12 AM]
"@ "=" " []
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 09:21 AM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [11/07/2007 09:05 AM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [11/07/2007 09:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter "= "C:\Program Files\DU Meter\DUMeter.exe" [10/17/2007 03:54 AM]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/14/2008 04:03 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"

[08/11/2005 05:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)
"EnableUIADesktopToggle "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution

options\taskmgr.exe]
Debugger= "D:\KITURI\PROCESSEXPLORER\PROCEXP.EXE "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages "= scecli ASWLNPkg
"Authentication Packages "= msv1_0 C:\Windows\system32\xxywVoPh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-

00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-

08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-

00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-

F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start

Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start

Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007

Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-

7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf11958b6]
Rundll32.exe "C:\Windows\system32\exmogewt.dll ",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f22a6b2a]
rundll32.exe "C:\Windows\system32\akngdjku.dll ",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control

Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry

WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost

wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder

WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc

*Newly Created Service* - MBAMCATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-

94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-

ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-

B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-21 00:13:40 ------------


Here is my Malwarebytes` log:

Malwarebytes' Anti-Malware 1.18
Database version: 872

11:34:09 PM 6/20/2008
mbam-log-6-20-2008 (23-34-09).txt

Scan type: Quick Scan
Objects scanned: 35656
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{fa1d47c4-e13f-4562-b23b-39ef9017be8b} (Trojan.FakeAlert) -> Quarantined

and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted

successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted

successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bhoapp.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Alex\Local Settings\Temporary Internet Files\Content.IE5\P9WVRZ04\kb456456[1]

(Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.


--------------------------------------------------------------------

Help!

--------------------------------------------------------------------

 

Welcome to WindowsBBS Leni

Highlight and copy the bolded command below.

"%userprofile%\desktop\dss.exe" /daft

• Click Start>Run and paste the command in, then hit enter.
• An interface of Deckards file association fix will open.
• Click Scan.
• Check the box next to the following entries, then click Fix.
  • .reg
  • .scr
• Exit when complete.

Then, download ComboFix by sUBs from here, saving the file to your desktop.


Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

 

combofix log

ComboFix 08-06-20.4 - Alex 2008-06-21 12:59:44.1 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1295 [GMT 3:00]
Running from: C:\Users\Alex\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\smp.bat
C:\Windows\System32\hPoVwyxx.ini
C:\Windows\System32\hPoVwyxx.ini2
C:\Windows\system32\hygvgllj.ini
C:\Windows\system32\iphvmfrb.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\oWwENqru.ini
C:\Windows\System32\oWwENqru.ini2
C:\Windows\system32\tlxlafhf.ini
C:\Windows\system32\ukjdgnka.ini
C:\Windows\system32\wbmueqxx.ini
C:\Windows\System32\xbabHRqr.ini
C:\Windows\System32\xbabHRqr.ini2

.
((((((((((((((((((((((((( Files Created from 2008-05-21 to 2008-06-21 )))))))))))))))))))))))))))))))
.

2008-06-21 00:08 . 2008-06-21 00:08 <DIR> d-------- C:\Deckard
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 23:29 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-20 23:29 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-20 22:56 . 2008-06-20 22:56 13,824 --a------ C:\Windows\System32\ini.dll
2008-06-20 22:56 . 2008-06-20 22:56 13,824 --a------ C:\Windows\System32\dapol.dll
2008-06-20 22:56 . 2008-06-20 22:56 13,824 --a------ C:\Windows\System32\dadef.dll
2008-06-20 22:55 . 2008-06-20 22:55 13,824 --a------ C:\Windows\System32\idef.dll
2008-06-20 22:55 . 2008-06-20 22:55 13,824 --a------ C:\Windows\System32\codef.dll
2008-06-16 11:21 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-16 11:21 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-16 11:21 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-16 11:21 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 07:35 . 2008-05-10 06:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-11 07:35 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 07:35 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 07:35 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 07:35 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 07:35 . 2008-05-10 01:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-11 07:35 . 2008-05-10 01:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 07:34 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 07:34 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 07:34 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-06 12:34 . 2008-06-06 12:34 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 12:34 . 2008-06-06 12:34 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-06 12:33 . 2008-06-20 23:28 <DIR> d-------- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 12:33 . 2008-06-20 23:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 11:16 . 2008-06-06 11:16 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-02 23:53 . 2008-06-02 23:53 <DIR> d-------- C:\Program Files\WinSCP
2008-05-31 22:24 . 2008-05-31 22:24 <DIR> d-------- C:\Program Files\mplayer2
2008-05-28 23:52 . 2008-06-04 17:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 23:52 . 2008-06-04 17:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 10:38 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 10:38 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 18:43 . 2008-05-26 18:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-24 00:32 . 2008-05-24 00:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-22 22:58 . 2008-05-22 22:58 <DIR> dr------- C:\Users\Public\Downloads
2008-05-22 22:47 . 2008-05-22 22:47 <DIR> d-------- C:\PerfLogs
2008-05-22 21:43 . 2008-01-19 10:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 10:03 27,744 ----a-w C:\Users\Alex\AppData\Roaming\nvModes.dat
2008-06-20 20:09 --------- d-----w C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-12 00:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 21:40 --------- d---a-w C:\ProgramData\TEMP
2008-05-27 09:27 --------- d-----w C:\ProgramData\FLEXnet
2008-05-22 20:01 --------- d-----w C:\ProgramData\NVIDIA
2008-05-22 19:58 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Calendar
2008-05-15 00:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-09 15:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 15:23 --------- d-----w C:\Program Files\Buddy Spy
2008-05-08 14:43 --------- d-----w C:\Program Files\HP
2008-05-07 14:00 --------- d-----w C:\Users\Alex\AppData\Roaming\Samsung
2008-05-07 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 13:51 --------- d-----w C:\Program Files\Samsung
2008-05-05 00:27 --------- d-----w C:\Program Files\Common Files\ParallelGraphics
2008-05-02 02:59 122,368 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861ECFD-C33E-4281-AF49-B1FFE02BADF3}]
C:\Windows\system32\xxywVoPh.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter "= "C:\Program Files\DU Meter\DUMeter.exe" [2007-10-17 03:54 2582288]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-14 16:03 4608]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-09 16:59 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"CognizanceTS "= "C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 07:12 17920]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 20:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf11958b6]
C:\Windows\system32\exmogewt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f22a6b2a]
C:\Windows\system32\akngdjku.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-03-17 17:59 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 09:05 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 14:54 554320 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--------- 2007-04-23 19:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1666324535-1078301055-401092682-1000]
"EnableNotificationsRef "=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0463876-9E90-4523-8030-A2C1E2D30AB3} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F6083B3F-B58C-418E-BB84-C98766E6E118} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{51156731-5CB8-4BDF-86A2-249FFA3A1EC6} "= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A8044F70-7BC1-485B-909E-9F2B11E58812} "= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{92D6A92D-3EA1-41B8-B975-26A5425DCB22} "= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A31C1A26-93D4-4256-A97F-51A495CB56A7} "= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{D45A84C1-4745-4315-B453-9A6B07A9978F}D:\\kituri\\sdc205\\strongdc.exe "= UDP:\kituri\sdc205\strongdc.exe:StrongDC++
"UDP Query User{1AA3C299-14A6-4966-82CF-E4140B7DAA51}D:\\kituri\\sdc205\\strongdc.exe "= TCP:\kituri\sdc205\strongdc.exe:StrongDC++
"TCP Query User{2397FD5E-3C22-4ED6-9CBD-B3F1DF05BA56}C:\\users\\alex\\desktop\\totalcmd.exe "= UDP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"UDP Query User{29B8DED9-8A7B-4CFF-A65A-FF63A7195915}C:\\users\\alex\\desktop\\totalcmd.exe "= TCP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"TCP Query User{431EF283-2DFE-427D-97B9-742AC7DA9C24}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe "= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B8979BFD-60CA-4F66-B78F-AADB76BDDCDE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe "= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{77E99D4B-64DD-4790-BC32-BF894FE281D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe "= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{A9411809-A8D6-49E6-B0AB-9F0347320D93}C:\\program files\\common files\\ahead\\nero web\\setupx.exe "= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{2C84E8AC-0F28-4764-9653-2E619B206BE4}C:\\users\\alex\\desktop\\totalcmd.exe "= UDP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"UDP Query User{4C98BAA5-E7E9-4C82-9703-9D02E7C0876E}C:\\users\\alex\\desktop\\totalcmd.exe "= TCP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"{BEC5F473-FD63-4D4C-88CD-0C85605CDCEE} "= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{66C43537-154C-4D11-AB6D-567E2C1FAA79} "= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{B5FE4C68-60AE-40FF-8241-AB33C9244534}D:\\totalcmd.exe "= UDP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{432EA7DD-07B6-46FA-973C-BF111681C788}D:\\totalcmd.exe "= TCP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{6EAEE4AC-E75C-4C8E-9319-91EE08E7A85F}D:\\kituri\\sdc205\\strongdc.exe "= UDP:\kituri\sdc205\strongdc.exe:StrongDC++
"UDP Query User{8806A70A-65A6-4734-9A04-E994B2800D26}D:\\kituri\\sdc205\\strongdc.exe "= TCP:\kituri\sdc205\strongdc.exe:StrongDC++
"TCP Query User{5F13B21A-1A2B-406B-9352-EBF02540407A}D:\\totalcmd.exe "= UDP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{422BD351-C45C-4134-916E-9A55B7DC67EA}D:\\totalcmd.exe "= TCP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{25A716B1-29DF-40A1-BCFE-332EBA178185}C:\\windows\\system32\\mstsc.exe "= UDP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"UDP Query User{A1514C55-2723-4B2B-AA11-46935F7D9430}C:\\windows\\system32\\mstsc.exe "= TCP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"{D33EA5A5-1CEF-4500-BC26-949C0D9BA42A} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B845A602-E541-46D6-8BD0-1FB58B85E80A} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{64C3A6ED-2653-4834-A3AB-60260738240C}C:\\program files\\mirc\\mirc.exe "= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F00C9D3D-D72E-445E-A480-180E5177B4DD}C:\\program files\\mirc\\mirc.exe "= TCP:C:\program files\mirc\mirc.exe:mIRC

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 14:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 14:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 14:12]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 13:03:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-21 13:06:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-21 10:06:21

Pre-Run: 13,855,195,136 bytes free
Post-Run: 13,540,016,128 bytes free

243 --- E O F --- 2008-06-18 16:18:24

 

HJT log after ComboFix

Deckard's System Scanner v20071014.68
Run by Alex on 2008-06-21 13:13:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:14:15 PM, on 6/21/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: (no name) - {F861ECFD-C33E-4281-AF49-B1FFE02BADF3} - C:\Windows\system32\xxywVoPh.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8681 bytes

-- Files created between 2008-05-21 and 2008-06-21 -----------------------------

2008-06-21 13:14:07 0 d-------- C:\Program Files\Trend Micro
2008-06-21 13:02:07 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-06-21 12:58:32 68096 --a------ C:\Windows\zip.exe
2008-06-21 12:58:32 49152 --a------ C:\Windows\VFind.exe
2008-06-21 12:58:32 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-21 12:58:32 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-21 12:58:32 98816 --a------ C:\Windows\sed.exe
2008-06-21 12:58:32 80412 --a------ C:\Windows\grep.exe
2008-06-21 12:58:32 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-21 12:58:26 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 23:29:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-20 23:29:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 22:56:24 13824 --a------ C:\Windows\system32\ini.dll
2008-06-20 22:56:21 13824 --a------ C:\Windows\system32\dadef.dll
2008-06-20 22:56:17 13824 --a------ C:\Windows\system32\dapol.dll
2008-06-20 22:55:58 13824 --a------ C:\Windows\system32\codef.dll
2008-06-20 22:55:18 13824 --a------ C:\Windows\system32\idef.dll
2008-06-06 14:05:40 0 d-------- C:\Windows\pss
2008-06-06 12:34:15 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 12:33:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 11:16:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-02 23:53:51 0 d-------- C:\Program Files\WinSCP
2008-05-31 22:24:17 0 d-------- C:\Program Files\mplayer2
2008-05-28 23:52:24 0 d-------- C:\Users\All Users\Lavasoft
2008-05-22 22:47:11 0 d-------- C:\PerfLogs


-- Find3M Report ---------------------------------------------------------------

2008-06-21 13:03:56 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.dat
2008-06-21 13:03:53 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.001
2008-06-21 13:02:31 1647 --a------ C:\Windows\bthservsdp.dat
2008-06-20 23:29:58 0 d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-20 23:28:18 0 d-------- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2008-06-20 23:28:13 0 d-------- C:\Program Files\Common Files
2008-06-20 23:09:14 0 d-------- C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-12 03:08:37 0 d-------- C:\Program Files\Windows Mail
2008-06-04 17:08:42 1056 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-05-22 22:58:01 174 --ahs---- C:\Program Files\desktop.ini
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Sidebar
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Calendar
2008-05-22 22:49:26 0 d-------- C:\Program Files\Movie Maker
2008-05-22 22:49:23 0 d-------- C:\Program Files\Windows Collaboration
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Journal
2008-05-22 22:49:15 0 d-------- C:\Program Files\Windows Defender
2008-05-09 18:14:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 18:23:50 0 d-------- C:\Program Files\Buddy Spy
2008-05-08 17:43:27 0 d-------- C:\Program Files\HP
2008-05-07 17:00:47 0 d-------- C:\Users\Alex\AppData\Roaming\Samsung
2008-05-07 16:59:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 16:51:31 0 d-------- C:\Program Files\Samsung
2008-05-05 03:27:17 2224 --a------ C:\Windows\mozver.dat
2008-05-05 03:27:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-25 23:49:24 0 -rahs---- C:\MSDOS.SYS
2008-03-25 23:49:24 0 -rahs---- C:\IO.SYS
2008-03-25 20:27:01 4096 --a------ C:\Windows\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861ECFD-C33E-4281-AF49-B1FFE02BADF3}]
C:\Windows\system32\xxywVoPh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/03/2007 04:15 PM]
"RtHDVCpl "= "RtHDVCpl.exe" [10/09/2007 04:59 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 07:31 PM]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"CognizanceTS "= "C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 07:12 AM]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 09:21 AM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [11/07/2007 09:05 AM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [11/07/2007 09:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter "= "C:\Program Files\DU Meter\DUMeter.exe" [10/17/2007 03:54 AM]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/14/2008 04:03 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 05:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)
"EnableUIADesktopToggle "=0 (0x0)
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf11958b6]
Rundll32.exe "C:\Windows\system32\exmogewt.dll ",s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f22a6b2a]
rundll32.exe "C:\Windows\system32\akngdjku.dll ",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-21 13:15:27 ------------

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Windows\System32\ini.dll
C:\Windows\System32\dapol.dll
C:\Windows\System32\dadef.dll
C:\Windows\System32\idef.dll
C:\Windows\System32\codef.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F861ECFD-C33E-4281-AF49-B1FFE02BADF3}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMf11958b6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f22a6b2a]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log along with a fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

combofix log -II-

ComboFix 08-06-20.4 - Alex 2008-06-22 12:53:43.2 - NTFSx86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1204 [GMT 3:00]
Running from: C:\Users\Alex\Desktop\ComboFix.exe
Command switches used :: C:\Users\Alex\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\System32\codef.dll
C:\Windows\System32\dadef.dll
C:\Windows\System32\dapol.dll
C:\Windows\System32\idef.dll
C:\Windows\System32\ini.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\System32\codef.dll
C:\Windows\System32\dadef.dll
C:\Windows\System32\dapol.dll
C:\Windows\System32\idef.dll
C:\Windows\System32\ini.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-21 13:14 . 2008-06-21 13:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-21 00:08 . 2008-06-21 00:08 <DIR> d-------- C:\Deckard
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-20 23:29 . 2008-06-20 23:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-20 23:29 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-20 23:29 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-16 11:21 . 2008-04-23 07:42 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-16 11:21 . 2008-04-23 07:42 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-16 11:21 . 2008-04-23 07:41 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-16 11:21 . 2008-04-23 07:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-11 07:35 . 2008-05-10 06:35 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-11 07:35 . 2008-04-29 04:42 220,160 --a------ C:\Windows\System32\drivers\bthport.sys
2008-06-11 07:35 . 2008-04-29 06:54 181,760 --a------ C:\Windows\System32\fsquirt.exe
2008-06-11 07:35 . 2008-05-10 04:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 07:35 . 2008-04-29 04:42 29,184 --a------ C:\Windows\System32\drivers\BTHUSB.SYS
2008-06-11 07:35 . 2008-05-10 01:22 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-11 07:35 . 2008-05-10 01:22 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-11 07:34 . 2008-04-25 05:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-11 07:34 . 2008-04-26 11:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 07:34 . 2008-04-25 07:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-06 12:34 . 2008-06-06 12:34 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 12:34 . 2008-06-06 12:34 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-06-06 12:33 . 2008-06-20 23:28 <DIR> d-------- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2008-06-06 12:33 . 2008-06-20 23:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 11:16 . 2008-06-06 11:16 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-02 23:53 . 2008-06-02 23:53 <DIR> d-------- C:\Program Files\WinSCP
2008-05-31 22:24 . 2008-05-31 22:24 <DIR> d-------- C:\Program Files\mplayer2
2008-05-28 23:52 . 2008-06-04 17:38 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-05-28 23:52 . 2008-06-04 17:38 <DIR> d-------- C:\ProgramData\Lavasoft
2008-05-28 10:38 . 2008-03-08 05:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-28 10:38 . 2008-03-08 07:21 1,695,744 --a------ C:\Windows\System32\gameux.dll
2008-05-26 18:43 . 2008-05-26 18:43 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-05-24 00:32 . 2008-05-24 00:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-05-22 22:58 . 2008-05-22 22:58 <DIR> dr------- C:\Users\Public\Downloads
2008-05-22 22:47 . 2008-05-22 22:47 <DIR> d-------- C:\PerfLogs
2008-05-22 21:43 . 2008-01-19 10:36 2,153,472 --a------ C:\Windows\System32\oobefldr.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-21 10:03 27,744 ----a-w C:\Users\Alex\AppData\Roaming\nvModes.dat
2008-06-20 20:09 --------- d-----w C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-12 00:08 --------- d-----w C:\Program Files\Windows Mail
2008-05-28 21:40 --------- d---a-w C:\ProgramData\TEMP
2008-05-27 09:27 --------- d-----w C:\ProgramData\FLEXnet
2008-05-22 20:01 --------- d-----w C:\ProgramData\NVIDIA
2008-05-22 19:58 174 --sha-w C:\Program Files\desktop.ini
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Journal
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Defender
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Collaboration
2008-05-22 19:49 --------- d-----w C:\Program Files\Windows Calendar
2008-05-22 19:02 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-05-22 19:02 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-05-15 00:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-09 15:14 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-08 15:23 --------- d-----w C:\Program Files\Buddy Spy
2008-05-08 14:43 --------- d-----w C:\Program Files\HP
2008-05-07 14:00 --------- d-----w C:\Users\Alex\AppData\Roaming\Samsung
2008-05-07 13:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 13:51 --------- d-----w C:\Program Files\Samsung
2008-05-05 00:27 --------- d-----w C:\Program Files\Common Files\ParallelGraphics
2008-05-02 02:59 122,368 ----a-w C:\Windows\system32\drivers\Rtlh86.sys
.

((((((((((((((((((((((((((((( snapshot@2008-06-21_13.06.01.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-21 10:03:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-22 09:02:49 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-21 10:02:31 1,647 ----a-w C:\Windows\bthservsdp.dat
+ 2008-06-21 23:30:51 1,647 ----a-w C:\Windows\bthservsdp.dat
+ 2008-06-22 09:02:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-22 09:02:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-21 10:03:44 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-06-22 09:30:18 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-06-21 10:03:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 09:04:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-06-22 09:04:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-21 09:56:15 101,350 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-22 09:10:33 101,350 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-21 09:56:15 595,684 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-22 09:10:33 595,684 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-21 09:51:35 7,118 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1666324535-1078301055-401092682-1000_UserData.bin
+ 2008-06-22 09:05:43 7,658 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1666324535-1078301055-401092682-1000_UserData.bin
- 2008-06-21 09:51:35 66,830 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-22 09:05:43 67,110 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-21 09:51:34 38,804 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-22 09:05:42 38,804 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-06-20 07:35:09 261,420 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-06-21 19:22:50 264,016 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter "= "C:\Program Files\DU Meter\DUMeter.exe" [2007-10-17 03:54 2582288]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-14 16:03 4608]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [2008-01-19 10:33 125952]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 10:33 202240]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 17:30 249856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 16:15 480560]
"RtHDVCpl "= "RtHDVCpl.exe" [2007-10-09 16:59 4702208 C:\Windows\RtHDVCpl.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"CognizanceTS "= "C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 07:12 17920]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [2007-11-07 09:05 86016]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [2007-11-07 09:05 8534560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.hfyu "= huffyuv.dll
"msacm.divxa32 "= DivXa32.acm
"msacm.l3codec "= l3codecp.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 20:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-27 20:03 152872 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 17:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 17:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2008-03-17 17:59 2289664 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-11-07 09:05 81920 C:\Windows\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 14:54 554320 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--------- 2007-04-23 19:11 176128 C:\Program Files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1666324535-1078301055-401092682-1000]
"EnableNotificationsRef "=dword:00000005

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0463876-9E90-4523-8030-A2C1E2D30AB3} "= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{F6083B3F-B58C-418E-BB84-C98766E6E118} "= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{51156731-5CB8-4BDF-86A2-249FFA3A1EC6} "= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{A8044F70-7BC1-485B-909E-9F2B11E58812} "= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{92D6A92D-3EA1-41B8-B975-26A5425DCB22} "= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{A31C1A26-93D4-4256-A97F-51A495CB56A7} "= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{D45A84C1-4745-4315-B453-9A6B07A9978F}D:\\kituri\\sdc205\\strongdc.exe "= UDP:\kituri\sdc205\strongdc.exe:StrongDC++
"UDP Query User{1AA3C299-14A6-4966-82CF-E4140B7DAA51}D:\\kituri\\sdc205\\strongdc.exe "= TCP:\kituri\sdc205\strongdc.exe:StrongDC++
"TCP Query User{2397FD5E-3C22-4ED6-9CBD-B3F1DF05BA56}C:\\users\\alex\\desktop\\totalcmd.exe "= UDP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"UDP Query User{29B8DED9-8A7B-4CFF-A65A-FF63A7195915}C:\\users\\alex\\desktop\\totalcmd.exe "= TCP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"TCP Query User{431EF283-2DFE-427D-97B9-742AC7DA9C24}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe "= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{B8979BFD-60CA-4F66-B78F-AADB76BDDCDE}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe "= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{77E99D4B-64DD-4790-BC32-BF894FE281D5}C:\\program files\\common files\\ahead\\nero web\\setupx.exe "= UDP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"UDP Query User{A9411809-A8D6-49E6-B0AB-9F0347320D93}C:\\program files\\common files\\ahead\\nero web\\setupx.exe "= TCP:C:\program files\common files\ahead\nero web\setupx.exe:MSI starter
"TCP Query User{2C84E8AC-0F28-4764-9653-2E619B206BE4}C:\\users\\alex\\desktop\\totalcmd.exe "= UDP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"UDP Query User{4C98BAA5-E7E9-4C82-9703-9D02E7C0876E}C:\\users\\alex\\desktop\\totalcmd.exe "= TCP:C:\users\alex\desktop\totalcmd.exe:totalcmd.exe
"{BEC5F473-FD63-4D4C-88CD-0C85605CDCEE} "= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{66C43537-154C-4D11-AB6D-567E2C1FAA79} "= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{B5FE4C68-60AE-40FF-8241-AB33C9244534}D:\\totalcmd.exe "= UDP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{432EA7DD-07B6-46FA-973C-BF111681C788}D:\\totalcmd.exe "= TCP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{6EAEE4AC-E75C-4C8E-9319-91EE08E7A85F}D:\\kituri\\sdc205\\strongdc.exe "= UDP:\kituri\sdc205\strongdc.exe:StrongDC++
"UDP Query User{8806A70A-65A6-4734-9A04-E994B2800D26}D:\\kituri\\sdc205\\strongdc.exe "= TCP:\kituri\sdc205\strongdc.exe:StrongDC++
"TCP Query User{5F13B21A-1A2B-406B-9352-EBF02540407A}D:\\totalcmd.exe "= UDP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"UDP Query User{422BD351-C45C-4134-916E-9A55B7DC67EA}D:\\totalcmd.exe "= TCP:\totalcmd.exe:Total Commander 32 bit international version, file manager replacement for Windows
"TCP Query User{25A716B1-29DF-40A1-BCFE-332EBA178185}C:\\windows\\system32\\mstsc.exe "= UDP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"UDP Query User{A1514C55-2723-4B2B-AA11-46935F7D9430}C:\\windows\\system32\\mstsc.exe "= TCP:C:\windows\system32\mstsc.exe:Remote Desktop Connection
"{D33EA5A5-1CEF-4500-BC26-949C0D9BA42A} "= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B845A602-E541-46D6-8BD0-1FB58B85E80A} "= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{64C3A6ED-2653-4834-A3AB-60260738240C}C:\\program files\\mirc\\mirc.exe "= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{F00C9D3D-D72E-445E-A480-180E5177B4DD}C:\\program files\\mirc\\mirc.exe "= TCP:C:\program files\mirc\mirc.exe:mIRC

R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R2 ASBroker;Logon Session Broker;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 ASChannel;Local Communication Channel;C:\Windows\System32\svchost.exe [2008-01-19 10:33]
R2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [2007-10-15 16:19]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 14:12]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 14:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 14:12]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\Windows\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\Windows\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\Windows\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-22 12:55:24
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-22 12:56:08
ComboFix-quarantined-files.txt 2008-06-22 09:55:55
ComboFix2.txt 2008-06-21 10:06:27

Pre-Run: 13,047,513,088 bytes free
Post-Run: 13,014,171,648 bytes free

241 --- E O F --- 2008-06-18 16:18:24

 

HJT log after ComboFix -II-

Oh, and I want to mention that I don't get that pop-up anymore.

I think the problem has been solved, but I don't know for sure.

Thank you.



Deckard's System Scanner v20071014.68
Run by Alex on 2008-06-22 12:56:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Alex.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:55 PM, on 6/22/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Users\Alex\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alex.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 8576 bytes

-- Files created between 2008-05-22 and 2008-06-22 -----------------------------

2008-06-22 12:53:13 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-21 13:14:07 0 d-------- C:\Program Files\Trend Micro
2008-06-21 12:58:32 68096 --a------ C:\Windows\zip.exe
2008-06-21 12:58:32 49152 --a------ C:\Windows\VFind.exe
2008-06-21 12:58:32 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-21 12:58:32 98816 --a------ C:\Windows\sed.exe
2008-06-21 12:58:32 80412 --a------ C:\Windows\grep.exe
2008-06-21 12:58:32 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-21 12:58:26 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-20 23:29:56 0 d-------- C:\Users\All Users\Malwarebytes
2008-06-20 23:29:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-06 14:05:40 0 d-------- C:\Windows\pss
2008-06-06 12:34:15 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-06-06 12:33:24 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-06-06 11:16:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-02 23:53:51 0 d-------- C:\Program Files\WinSCP
2008-05-31 22:24:17 0 d-------- C:\Program Files\mplayer2
2008-05-28 23:52:24 0 d-------- C:\Users\All Users\Lavasoft
2008-05-22 22:47:11 0 d-------- C:\PerfLogs


-- Find3M Report ---------------------------------------------------------------

2008-06-22 12:50:17 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.001
2008-06-22 02:30:51 1647 --a------ C:\Windows\bthservsdp.dat
2008-06-21 13:03:56 27744 --a------ C:\Users\Alex\AppData\Roaming\nvModes.dat
2008-06-20 23:29:58 0 d-------- C:\Users\Alex\AppData\Roaming\Malwarebytes
2008-06-20 23:28:18 0 d-------- C:\Users\Alex\AppData\Roaming\SUPERAntiSpyware.com
2008-06-20 23:28:13 0 d-------- C:\Program Files\Common Files
2008-06-20 23:09:14 0 d-------- C:\Users\Alex\AppData\Roaming\uTorrent
2008-06-12 03:08:37 0 d-------- C:\Program Files\Windows Mail
2008-06-04 17:08:42 1056 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-05-22 22:58:01 174 --ahs---- C:\Program Files\desktop.ini
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Sidebar
2008-05-22 22:49:27 0 d-------- C:\Program Files\Windows Calendar
2008-05-22 22:49:26 0 d-------- C:\Program Files\Movie Maker
2008-05-22 22:49:23 0 d-------- C:\Program Files\Windows Collaboration
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-22 22:49:21 0 d-------- C:\Program Files\Windows Journal
2008-05-22 22:49:15 0 d-------- C:\Program Files\Windows Defender
2008-05-09 18:14:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-08 18:23:50 0 d-------- C:\Program Files\Buddy Spy
2008-05-08 17:43:27 0 d-------- C:\Program Files\HP
2008-05-07 17:00:47 0 d-------- C:\Users\Alex\AppData\Roaming\Samsung
2008-05-07 16:59:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-07 16:51:31 0 d-------- C:\Program Files\Samsung
2008-05-05 03:27:17 2224 --a------ C:\Windows\mozver.dat
2008-05-05 03:27:13 0 d-------- C:\Program Files\Common Files\ParallelGraphics
2008-03-25 23:49:24 0 -rahs---- C:\MSDOS.SYS
2008-03-25 23:49:24 0 -rahs---- C:\IO.SYS
2008-03-25 20:27:01 4096 --a------ C:\Windows\d3dx.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant "= "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [10/03/2007 04:15 PM]
"RtHDVCpl "= "RtHDVCpl.exe" [10/09/2007 04:59 PM C:\Windows\RtHDVCpl.exe]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 07:31 PM]
"SynTPStart "= "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 03:29 AM]
"CognizanceTS "= "C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [12/22/2003 07:12 AM]
"egui "= "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [12/21/2007 09:21 AM]
"NvSvc "= "C:\Windows\system32\nvsvc.dll" [11/07/2007 09:05 AM]
"NvCplDaemon "= "C:\Windows\system32\NvCpl.dll" [11/07/2007 09:05 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter "= "C:\Program Files\DU Meter\DUMeter.exe" [10/17/2007 03:54 AM]
"AlcoholAutomount "= "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [02/14/2008 04:03 PM]
"ehTray.exe "= "C:\Windows\ehome\ehTray.exe" [01/19/2008 10:33 AM]
"WMPNSCFG "= "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 10:33 AM]
"ISUSPM Startup "= "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [08/11/2005 05:30 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "=2 (0x2)
"EnableLUA "=0 (0x0)
"EnableUIADesktopToggle "=0 (0x0)
"DisableRegistryTools "=0 (0x0)
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts "=0 (0x0)
"HideLogoffScripts "=0 (0x0)
"RunLogonScriptSync "=1 (0x1)
"RunStartupScriptSync "=0 (0x0)
"HideStartupScripts "=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=APSHook.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@= "IEEE 1394 Bus host controllers "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@= "SBP2 IEEE 1394 Devices "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@= "SecurityDevices "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\Windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Alex^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"C:\Program Files\HP\QuickPlay\QPService.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
bthsvcs BthServ
Cognizance ASBroker ASChannel
GPSvcGroup GPSvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-06-22 12:57:52 ------------

 

Logs look good. Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot


Now, please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


Post the Kaspersky log here.