Heres VirusTotal Log:
AhnLab-V3 2008.5.20.0 2008.05.21 -
AntiVir 7.8.0.19 2008.05.21 -
Authentium 5.1.0.4 2008.05.21 -
Avast 4.8.1195.0 2008.05.21 -
AVG 7.5.0.516 2008.05.21 -
BitDefender 7.2 2008.05.21 -
CAT-QuickHeal 9.50 2008.05.19 -
ClamAV 0.92.1 2008.05.21 -
DrWeb 4.44.0.09170 2008.05.21 -
eSafe 7.0.15.0 2008.05.20 -
eTrust-Vet 31.4.5808 2008.05.21 -
Ewido 4.0 2008.05.21 Trojan.Agent
F-Prot 4.4.2.54 2008.05.16 -
F-Secure 6.70.13260.0 2008.05.21 -
Fortinet 3.14.0.0 2008.05.21 -
GData 2.0.7306.1023 2008.05.21 -
Ikarus T3.1.1.26.0 2008.05.21 -
Kaspersky 7.0.0.125 2008.05.21 -
McAfee 5299 2008.05.20 -
Microsoft 1.3520 2008.05.21 -
NOD32v2 3116 2008.05.21 probably a variant of Win32/Agent
Norman 5.80.02 2008.05.20 -
Panda 9.0.0.4 2008.05.21 -
Prevx1 V2 2008.05.21 Malicious Software
Rising 20.45.12.00 2008.05.20 -
Sophos 4.29.0 2008.05.21 -
Sunbelt 3.0.1123.1 2008.05.17 BAT.Agent.B (v)
Symantec 10 2008.05.21 Trojan Horse
TheHacker 6.2.92.314 2008.05.20 -
VBA32 3.12.6.6 2008.05.20 -
VirusBuster 4.3.26:9 2008.05.20 -
Webwasher-Gateway 6.6.2 2008.05.21 -
Additional information
File size: 48 bytes
MD5...: e46306598c5f687b8afe6a7f5d153792
SHA1..: 5f69c070e6cc0256c4634d26a09ae4bcea2a9052
SHA256: b2dc5a2e489b8b2e706516487c3900405807c662ac453a0a1eef2e893c5e1c54
SHA512: 2de4bb248a540bae11c377a802dd799d312b505ce4de277cc4e3f87a0a1d8945
858a11c38e9b8cc2c14cab3e37b2aa6e1dfc0282965e97a8438f0b33731ee5e3
PEiD..: -
PEInfo: -
Prevx info:
http://info.prevx.co...E6A7F005D153792Heres ComboFix:
ComboFix 08-05-20.5 - Nick B-W 2008-05-21 4:27:25.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1023 [GMT -7:00]
Running from: C:\Users\Nick B-W\Desktop\ComboFix.exe
Command switches used :: C:\Users\Nick B-W\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active
FILE ::
F:\blank.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-21 to 2008-05-21 )))))))))))))))))))))))))))))))
.
2008-05-20 03:07 . 2008-05-20 03:07 129 --a------ C:\Windows\System32\MRT.INI
2008-05-19 19:04 . 2008-05-19 19:04 2,560 --a------ C:\Windows\System32\bitcometres.dll
2008-05-19 18:25 . 2008-05-19 18:25 <DIR> d-------- C:\Windows\Sun
2008-05-19 18:12 . 2008-05-19 18:12 <DIR> d-------- C:\Users\Nick B-W\AppData\Roaming\McAfee
2008-05-19 13:35 . 2008-05-19 15:14 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-19 13:35 . 2008-05-19 13:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-19 13:26 . 2008-05-19 13:26 <DIR> d-------- C:\Users\Nick B-W\AppData\Roaming\PC Tools
2008-05-19 13:26 . 2008-05-19 16:17 <DIR> d-a------ C:\Users\All Users\TEMP
2008-05-19 13:26 . 2008-05-19 16:24 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-19 02:40 . 2008-05-19 02:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-18 16:51 . 2008-05-18 16:51 <DIR> d-------- C:\Program Files\Uniblue
2008-05-17 16:10 . 2008-05-17 16:10 <DIR> d-------- C:\Users\Nick B-W\AppData\Roaming\Petroglyph
2008-05-15 19:11 . 2008-05-15 19:11 <DIR> d-------- C:\Program Files\LucasArts
2008-05-15 19:03 . 2008-02-12 14:45 48 --a------ C:\Windows\System32\readme.bat
2008-05-15 18:44 . 2008-05-15 18:44 <DIR> d-------- C:\Program Files\Alcohol Toolbar
2008-05-15 18:44 . 2008-05-15 18:44 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-05-15 18:44 . 2008-05-15 18:44 229,057 --a------ C:\Windows\Alcohol_Toolbar_Uninstaller_7556.exe
2008-05-08 14:17 . 2008-05-08 14:17 <DIR> d-------- C:\Program Files\iTunes
2008-05-08 14:17 . 2008-05-08 14:17 <DIR> d-------- C:\Program Files\iPod
2008-05-08 14:15 . 2008-05-08 14:15 <DIR> d-------- C:\Program Files\QuickTime
2008-05-08 14:10 . 2008-05-08 14:10 <DIR> d-------- C:\Program Files\Apple Software Update
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-20 02:10 --------- d-----w C:\Program Files\BitComet
2008-05-19 23:22 --------- d-----w C:\Program Files\BAE
2008-05-19 22:23 --------- d-----w C:\Program Files\McAfee
2008-05-17 07:39 131,484 ----a-w C:\Users\Nick B-W\AppData\Roaming\nvModes.dat
2008-05-16 02:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-14 10:03 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 10:11 944,184 ----a-w C:\Windows\System32\winload.exe
2008-04-09 10:11 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-04-09 10:11 620,088 ----a-w C:\Windows\System32\ci.dll
2008-04-09 10:11 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-04-09 10:11 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-04-09 10:11 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-04-09 10:11 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-04-09 10:11 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-04-09 10:11 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-04-09 10:08 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-04-09 10:08 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-04-09 10:06 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-04-09 10:06 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-04-09 10:04 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-09 10:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-09 10:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-09 10:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-27 05:44 --------- d-----w C:\Program Files\HP
2007-12-10 01:49 3,228 ----a-w C:\Users\Nick B-W\AppData\Roaming\wklnhst.dat
2007-09-05 02:16 174 --sha-w C:\Program Files\desktop.ini
2007-09-28 01:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-28 01:25 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-28 01:25 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-21_ 3.15.38.11 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-21 10:13:49 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-05-21 11:15:30 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-05-21 10:07:25 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-05-21 11:26:46 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-05-21 10:05:44 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-21 10:16:35 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-21 10:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-21 10:16:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-21 10:05:44 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-21 10:16:35 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 05:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-29 19:07 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 17:35 857648]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-24 22:17 405504]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 07:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-10 23:00 90112]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-04-16 14:10 184320]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 03:20 17920]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 12:43 228088]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-08-23 23:45 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"MRT"="C:\Windows\system32\MRT.exe" [2008-05-09 14:35 16863864]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 20:05:26 29696]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 15:55:50 703280]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-08-29 11:33:50 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 16:13:26 1180952]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"= C:\Users\NICKB-~1\AppData\Local\Temp\uRlJDULc.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{84813924-8B72-4021-B906-9121F63B9DFB}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{5C7E8769-8CE6-4688-B51F-217F7E10D3AC}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{EB697D8C-25AF-4A3D-81F8-3FD04AA83EF4}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{13B435CA-1F79-478C-94BB-9157CF541528}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{44670002-9906-4D27-8AC1-23B082326346}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{F3F80003-C496-43BE-8A72-348E88EE9CF4}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{DD4B5A8D-F193-4E77-A941-AA0C998055F7}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{C60B5DD8-AB3C-46B9-B9BD-584A92B70349}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{BE02DCD0-B2DF-4607-919C-363623FDBC9A}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{69ADC3BF-8B25-4C53-8F22-568E1936F673}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3940ED6E-BED5-4FF3-B7F2-337948053766}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{97FB86F5-401F-4E71-9A9E-EA8BA419CEFD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{782993F5-A57C-427F-95FF-DBFEB0EF0526}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{19E0C898-7D32-4C4D-8999-1B558A7E6C6F}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{59B418ED-E3F3-4691-852C-C7943D0B46C1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{D20C3389-03B6-4E09-956A-D0625044615C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F0C9C679-C0F9-4780-B013-9539997D8B42}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{80DD7D33-C8BF-401D-9B72-34F03F85935B}"= UDP:C:\Windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{C83922C3-077F-459F-ACF9-5538211ED969}"= TCP:C:\Windows\System32\dlbccoms.exe:Photo Printer 720 Server
"{D2E71FC4-7B5D-4F7B-A3AF-9BFE27C61B23}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{4B904A07-156E-4F96-91D5-61D74076BE45}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{E7430773-AB5B-4C8E-B27B-8D29DABCE107}"= UDP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{18C0786C-B62C-4BC6-A817-83499D5EFDB1}"= TCP:C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{414C0BF5-064C-4DEA-9CA1-50DC73405DDA}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4969A61F-A5D7-47E8-ACC2-2A8817E8F4AD}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B411EACA-4C6B-430A-9563-A41BE514DD4F}"= UDP:9119:BitComet 9119 TCP
"{048ED9C9-C3C2-42C0-8CA3-0E595D0AD4EE}"= TCP:9119:BitComet 9119 UDP
"{98770E8A-C847-42FF-A1E0-7F9B81956B9D}"= UDP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
"{5256D53E-D3D6-464D-8E5D-B78079C9D284}"= TCP:C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:Star Wars: Empire at War
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R2 dlbc_device;dlbc_device;C:\Windows\system32\dlbccoms.exe [2007-03-01 16:52]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 17:39]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 18:37]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 16:13]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16:13]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 00:36]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 14:38]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{169ed2f4-66f4-11dc-b357-001c26f533e0}]
\shell\AutoRun\command - F:\blank.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 07:59:59 C:\Windows\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-05-01 07:59:59 C:\Windows\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-21 04:29:38
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-21 4:31:05
ComboFix-quarantined-files.txt 2008-05-21 11:30:32
ComboFix2.txt 2008-05-21 10:40:01
ComboFix3.txt 2008-05-21 10:16:16
Pre-Run: 65,033,052,160 bytes free
Post-Run: 65,102,741,504 bytes free
198 --- E O F --- 2008-05-21 10:09:46
Heres HiJackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:54 AM, on 5/21/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://*.mcafee.comO16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) -
http://support.dell....r/SysProExe.CABO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.co.../sysreqlab2.cabO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dlbc_device - - C:\Windows\system32\dlbccoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 10631 bytes
I got to get some sleep, but I'll follow whatever other directions you have tomorrow morning