You are here:

Computer Security & Viruses/spyware, some kind of malware on my laptop

Advertisement

Expert: - 6/21/2008


Question
QUESTION: i recently got some sort of malware or spyware on my laptop....it causes internet explorer to open up unwanetd alot, taking me to websites about getting rid of spyware, which i dont trust..and it pops up warning messages about the spyware/malware......it is really becoming a burden because i use my computer for work...i use trend micro antivirus, which i have been told isnt that good, and i also have webroot spy sweeper.....i did a sweep with webroot spy sweeper and it found 27 things all with the minimum risk level amount......any help you could give me would be greatly appreciated.......also, its windows vista on a pretty new compaq presario 700 laptop




here is the stuff you asked for:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:50 PM, on 6/19/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:Windowssystem32   askeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWeb Technologieswcs.exe
C:WINDOWSSystem32
undll32.exe
C:Program FilesSynapticsSynTPSynTPStart.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesWeb Technologieswcm.exe
C:Windowssystem32ctfmon.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesHPDigital ImaginginHpqSRmon.exe
C:WINDOWSSystem32
undll32.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program FilesJavajre1.6.0_05injusched.exe
C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWebrootSpy SweeperSpySweeperUI.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesAIMaim.exe
C:WINDOWSehomeehtray.exe
C:UsersOwnerAppDataLocalGoogleUpdate.1.25.0GoogleUpdate.exe
C:UsersOwnerAppDataLocalYouTubeUploaderyoutubeuploader.exe
C:Windowsehomeehmsas.exe
C:Program FilesDealiokb126Dealio Deskbar.exe
C:Program FilesHewlett-PackardSharedHpqToaster.exe
C:WindowsSystem32mobsync.exe
C:Program FilesInternet ExplorerIEUser.exe
C:Program FilesMozilla Firefox irefox.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://internetsearchservice.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt.binA2SRCHAS.DLL
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt.binA2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:Program FilesDealiokb126Dealio.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05inssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarar.binASKSBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:Program FilesHPSmart Web Printinghpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarar.binASKSBAR.DLL
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:Program FilesDealiokb126Dealio.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:PROGRA~1YREFRE~1YREFRE~1.DLL
O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:Program FilesWeb Technologiesiebr.dll
O4 - HKLM..Run: [NvSvc] "RUNDLL32.EXE" C:Windowssystem32
vsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SynTPStart] "C:Program FilesSynapticsSynTPSynTPStart.exe"
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] "C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [hpqSRMon] "C:Program FilesHPDigital ImaginginhpqSRMon.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHpHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [hpWirelessAssistant] "C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe"
O4 - HKLM..Run: [WAWifiMessage] "C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05injusched.exe"
O4 - HKLM..Run: [UfSeAgnt.exe] "C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [au] "C:Program FilesDealioDealioAU.exe"
O4 - HKLM..Run: [SpySweeper] C:Program FilesWebrootSpy SweeperSpySweeperUI.exe /startintray
O4 - HKCU..Run: [Sidebar] "C:Program FilesWindows Sidebarsidebar.exe" /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [HPAdvisor] "C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe" autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [AIM] "C:Program FilesAIMaim.exe" -cnetwait.odl
O4 - HKCU..Run: [Google Update] "C:UsersOwnerAppDataLocalGoogleUpdate.1.25.0GoogleUpdate.exe" /lang en
O4 - HKLM..PoliciesExplorerRun: [some] C:Program FilesWeb Technologieswcs.exe
O4 - HKLM..PoliciesExplorerRun: [start] C:Program FilesWeb Technologiesiebtm.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:UsersOwnerAppDataLocalYouTubeUploaderyoutubeuploader.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:UsersOwnerAppDataLocalLowDealiokb126
esDealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:Program FilesDealiokb126Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:Program FilesDealiokb126Dealio.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver   Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:Program FilesVongoVongoService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 11634 bytes



ANSWER: Hi Evaresto

I need you to run another HJT scan, as this one is not formatted properly.  Click scan and save a log file, then when Notepad opens, go to Format on top and make sure Word Wrap is unchecked. Then copy that log into a follow-up here.

Brian

---------- FOLLOW-UP ----------

QUESTION: ok, i followed your instruction completely......the word wrap box was already unchecked but this is what it shows:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:58 AM, on 6/20/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Web Technologies\wcs.exe
C:\Program Files\Web Technologies\wcm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AIM\aim.exe
C:\Users\Owner\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Users\Owner\AppData\Local\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dealio\kb126\Dealio Deskbar.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb126\Dealio.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:\Program Files\Wisdom-soft\tbWisd.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb126\Dealio.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\PROGRA~1\YREFRE~1\YREFRE~1.DLL
O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:\Program Files\Web Technologies\iebr.dll
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [au] "C:\Program Files\Dealio\DealioAU.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [HPAdvisor] "C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Web Technologies\wcs.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Web Technologies\iebtm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:\Users\Owner\AppData\Local\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\Owner\AppData\LocalLow\Dealio\kb126\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb126\Dealio.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11553 bytes


ANSWER: Hi Evaresto

Much better log, thanks.  You do indeed have several nasties running.  Please follow the instructions below:

1. Download this file to your desktop -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.  Also please disable any anti-virus scanners you may have running before starting combofix.

Brian

---------- FOLLOW-UP ----------

QUESTION: here is the log from the new link you gave me:


ComboFix 08-06-20.1 - Owner 2008-06-20 22:01:04.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.911 [GMT -5:00]
Running from: C:UsersOwnerDesktopComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:Windowssystem32KBL.LOG

.
(((((((((((((((((((((((((   Files Created from 2008-05-21 to 2008-06-21  )))))))))))))))))))))))))))))))
.

2008-06-18 01:11 . 2008-06-20 03:13   <DIR>   d--------   C:WINDOWSSystem32Œ075
2008-06-18 01:11 . 2008-06-18 01:25   <DIR>   d--------   C:Program FilesWeb Technologies
2008-06-17 23:13 . 2008-06-17 23:13   <DIR>   d--------   C:Program FilesSafari
2008-06-17 23:12 . 2008-06-17 23:12   <DIR>   d--------   C:Program FilesApple Software Update
2008-06-14 13:01 . 2008-06-14 13:01   <DIR>   d--------   C:UsersOwnerAppDataRoamingYahoo!
2008-06-14 10:41 . 2008-04-22 23:27   1,244,672   --a------   C:WINDOWSSystem32mcmde.dll
2008-06-14 10:41 . 2008-04-22 23:27   428,032   --a------   C:WINDOWSSystem32EncDec.dll
2008-06-14 10:41 . 2008-04-22 23:27   292,352   --a------   C:WINDOWSSystem32psisdecd.dll
2008-06-14 10:41 . 2008-04-22 23:26   218,624   --a------   C:WINDOWSSystem32psisrndr.ax
2008-06-14 10:41 . 2008-04-22 23:26   80,896   --a------   C:WINDOWSSystem32MSNP.ax
2008-06-14 10:41 . 2008-04-22 23:26   68,608   --a------   C:WINDOWSSystem32Mpeg2Data.ax
2008-06-14 10:41 . 2008-04-22 23:26   57,856   --a------   C:WINDOWSSystem32MSDvbNP.ax
2008-06-10 21:03 . 2008-06-10 21:03   <DIR>   d--------   C:Program FilesYRefresher
2008-06-10 10:58 . 2008-06-10 10:58   <DIR>   d--------   C:UsersOwnerAppDataRoaming lc
2008-06-10 10:56 . 2008-06-10 10:56   <DIR>   d--------   C:Program FilesVideoLAN
2008-06-09 19:11 . 2008-06-09 19:11   <DIR>   d--------   C:Program FilesCommon FilesSWF Studio
2008-06-09 19:10 . 2008-06-09 19:10   <DIR>   d--------   C:Program FilesDealio
2008-06-09 19:06 . 2008-06-09 19:06   <DIR>   d--------   C:WINDOWSSystem32custom matrices
2008-06-09 19:05 . 2008-06-09 19:05   <DIR>   d--------   C:WINDOWSSystem32QuickTime
2008-06-09 19:05 . 2008-06-09 19:06   <DIR>   d--------   C:WINDOWSSystem32C2MP
2008-06-09 15:35 . 2008-06-09 15:35   <DIR>   d--------   C:Program FilesSun
2008-06-06 13:01 . 2008-06-06 13:01   585,728   --a------   C:WINDOWSSystem32sratswf.dll
2008-06-06 13:01 . 2008-06-06 13:01   147,456   --a------   C:WINDOWSSystem32sratwmv.dll
2008-06-06 12:57 . 2008-06-06 12:57   <DIR>   d--------   C:Program FilesWisdom-soft ScreenHunter 5 Free
2008-06-06 12:57 . 2008-06-06 12:57   <DIR>   d--------   C:Program FilesWisdom-soft
2008-06-05 07:15 . 2008-06-06 13:01   <DIR>   d--------   C:Program FilesBSR Screen Recorder 4
2008-06-05 06:46 . 2008-06-05 06:46   <DIR>   d--------   C:Program FilesWisdom-soft MotionStudio
2008-06-01 17:56 . 2008-06-01 17:56   <DIR>   d--------   C:UsersOwnerAppDataRoamingTalkback
2008-06-01 17:55 . 2008-06-01 17:55   0   --a------   C:WINDOWS
sreg.dat
2008-05-31 23:38 . 2008-05-31 23:38   <DIR>   d--------   C:UsersAll UsersYahoo! Companion
2008-05-31 23:38 . 2008-05-31 23:38   <DIR>   d--------   C:ProgramDataYahoo! Companion
2008-05-29 11:54 . 2008-06-17 23:14   <DIR>   d--------   C:UsersOwnerAppDataRoamingApple Computer
2008-05-29 11:53 . 2008-05-29 11:53   <DIR>   d--------   C:Program FilesiTunes
2008-05-29 11:53 . 2008-05-29 11:53   <DIR>   d--------   C:Program FilesiPod
2008-05-29 11:52 . 2008-05-29 11:52   <DIR>   d--------   C:Program FilesBonjour
2008-05-29 11:50 . 2008-05-29 11:53   <DIR>   d--------   C:UsersAll UsersApple Computer
2008-05-29 11:50 . 2008-05-29 11:53   <DIR>   d--------   C:ProgramDataApple Computer
2008-05-29 11:50 . 2008-05-29 11:51   <DIR>   d--------   C:Program FilesQuickTime
2008-05-29 11:47 . 2008-05-29 11:47   <DIR>   d--------   C:UsersAll UsersApple
2008-05-29 11:47 . 2008-05-29 11:47   <DIR>   d--------   C:ProgramDataApple
2008-05-29 11:47 . 2008-05-29 11:47   <DIR>   d--------   C:Program FilesCommon FilesApple
2008-05-28 00:56 . 2008-03-07 19:37   4,247,552   --a------   C:WINDOWSSystem32GameUXLegacyGDFs.dll
2008-05-28 00:56 . 2008-03-07 23:30   1,686,528   --a------   C:WINDOWSSystem32gameux.dll
2008-05-27 06:24 . 2008-05-29 16:17   <DIR>   d-a------   C:UsersAll UsersTEMP
2008-05-27 06:24 . 2008-05-29 16:17   <DIR>   d-a------   C:ProgramDataTEMP
2008-05-27 06:24 . 2008-05-27 06:24   <DIR>   d--------   C:Program FilesDeskshare
2008-05-27 06:24 . 2008-05-27 06:24   <DIR>   d--------   C:Program FilesCommon FilesDeskShare Shared
2008-05-27 06:24 . 2004-12-07 10:11   258,352   --a------   C:WINDOWSSystem32Unicows.dll
2008-05-27 06:24 . 2004-03-09 00:00   224,016   --a------   C:WINDOWSSystem32TABCTL32.OCX
2008-05-27 06:24 . 2001-02-20 03:47   140,288   --a------   C:WINDOWSSystem32COMDLG32.OCX
2008-05-26 22:24 . 2008-06-19 21:54   309,627,212   --a------   C:WINDOWSMEMORY.DMP
2008-05-26 04:34 . 2008-05-26 04:34   <DIR>   d--------   C:UsersOwnerAppDataRoamingNCH Software
2008-05-25 12:24 . 2008-05-25 12:24   <DIR>   d--------   C:UsersOwnerAppDataRoamingTemplate
2008-05-25 12:24 . 2008-06-09 18:11   498   --a------   C:UsersOwnerAppDataRoamingwklnhst.dat
2008-05-25 11:51 . 2008-05-25 11:51   <DIR>   d--------   C:UsersAll UsersAOL OCP
2008-05-25 11:51 . 2008-06-01 13:43   <DIR>   d--------   C:UsersAll UsersAOL
2008-05-25 11:51 . 2008-05-25 11:51   <DIR>   d--------   C:ProgramDataAOL OCP
2008-05-25 11:51 . 2008-06-01 13:43   <DIR>   d--------   C:ProgramDataAOL
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:UsersOwnerAppDataRoamingNCH Swift Sound
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:UsersAll UsersNCH Swift Sound
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:UsersAll UsersNCH Software
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:ProgramDataNCH Swift Sound
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:ProgramDataNCH Software
2008-05-22 19:28 . 2008-05-22 19:28   <DIR>   d--------   C:Program FilesNCH Software
2008-05-22 19:27 . 2008-06-01 13:41   <DIR>   d--------   C:Program FilesNCH Swift Sound
2008-05-22 19:24 . 2008-06-07 15:31   <DIR>   d--------   C:UsersOwnerShared
2008-05-22 19:24 . 2008-06-07 15:31   <DIR>   d--------   C:UsersOwnerIncomplete
2008-05-22 19:24 . 2008-05-30 07:35   <DIR>   d--------   C:UsersOwnerAppDataRoamingFrostWire
2008-05-22 19:24 . 2008-05-22 19:24   <DIR>   d--------   C:Program FilesFrostWire
2008-05-22 16:44 . 2008-05-22 16:44   <DIR>   d--------   C:UsersOwnerAppDataRoamingAim
2008-05-22 15:55 . 2008-05-22 16:43   <DIR>   d--------   C:Program FilesAOD
2008-05-22 15:55 . 2008-05-22 16:44   <DIR>   d--------   C:Program FilesAIM
2008-05-22 14:37 . 2007-10-01 16:24   163,640   --a------   C:WINDOWSSystem32driversssidrv.sys
2008-05-22 14:37 . 2007-10-01 16:24   23,864   --a------   C:WINDOWSSystem32driverssskbfd.sys
2008-05-22 14:37 . 2007-10-01 16:24   21,816   --a------   C:WINDOWSSystem32driverssshrmd.sys
2008-05-22 14:37 . 2007-10-01 16:24   20,280   --a------   C:WINDOWSSystem32driversSSFS0BB9.sys
2008-05-22 14:36 . 2008-05-22 14:36   <DIR>   d--------   C:UsersOwnerAppDataRoamingWebroot
2008-05-22 14:36 . 2008-05-22 14:36   <DIR>   d--------   C:UsersAll UsersWebroot
2008-05-22 14:36 . 2008-05-22 14:36   <DIR>   d--------   C:ProgramDataWebroot
2008-05-22 14:36 . 2008-05-22 14:36   <DIR>   d--------   C:Program FilesWebroot
2008-05-22 14:36 . 2007-10-01 16:40   1,526,072   --a------   C:WINDOWSWRSetup.dll
2008-05-22 14:35 . 2008-05-22 14:35   <DIR>   d--------   C:Program FilesAskSBar
2008-05-22 14:28 . 2008-05-22 14:28   <DIR>   d--------   C:UsersAll UsersTrend Micro
2008-05-22 14:28 . 2008-05-22 14:28   <DIR>   d--------   C:ProgramDataTrend Micro
2008-05-22 14:26 . 2008-06-19 21:13   <DIR>   d--------   C:Program FilesTrend Micro
2008-05-22 13:53 . 2007-12-24 17:37   138,384   --a------   C:WINDOWSSystem32drivers   mcomm.sys
2008-05-22 13:53 . 2007-12-24 17:37   52,496   --a------   C:WINDOWSSystem32drivers   mactmon.sys
2008-05-22 13:53 . 2007-12-24 17:37   52,240   --a------   C:WINDOWSSystem32drivers   mevtmgr.sys
2008-05-22 11:24 . 2008-05-22 11:24   1,060,920   --a------   C:WINDOWSSystem32drivers
tfs.sys
2008-05-22 11:24 . 2008-05-22 11:24   194,560   --a------   C:WINDOWSSystem32WebClnt.dll
2008-05-22 11:24 . 2008-05-22 11:24   110,080   --a------   C:WINDOWSSystem32driversmrxdav.sys
2008-05-22 11:24 . 2008-05-22 11:24   41,984   --a------   C:WINDOWSSystem32driversmonitor.sys
2008-05-22 11:23 . 2008-05-22 11:23   8,147,968   --a------   C:WINDOWSSystem32wmploc.DLL
2008-05-22 11:23 . 2008-05-22 11:23   356,864   --a------   C:WINDOWSSystem32MediaMetadataHandler.dll
2008-05-22 11:23 . 2008-05-22 11:23   7,680   --a------   C:WINDOWSSystem32spwmp.dll
2008-05-22 11:23 . 2008-05-22 11:23   4,096   --a------   C:WINDOWSSystem32msdxm.ocx
2008-05-22 11:23 . 2008-05-22 11:23   4,096   --a------   C:WINDOWSSystem32dxmasf.dll
2008-05-22 11:20 . 2008-05-22 11:20   1,585,664   --a------   C:WINDOWSSystem32setupapi.dll
2008-05-22 11:19 . 2008-05-22 11:19   2,027,008   --a------   C:WINDOWSSystem32win32k.sys
2008-05-22 11:18 . 2008-05-22 11:18   296,448   --a------   C:WINDOWSSystem32gdi32.dll
2008-05-22 11:18 . 2008-05-22 11:18   223,232   --a------   C:WINDOWSSystem32WMASF.DLL
2008-05-22 11:18 . 2008-05-22 11:18   9,728   --a------   C:WINDOWSSystem32LAPRXY.DLL
2008-05-22 11:18 . 2008-05-22 11:18   2,048   --a------   C:WINDOWSSystem32asferror.dll
2008-05-22 11:17 . 2008-05-22 11:17   737,792   --a------   C:WINDOWSSystem32inetcomm.dll
2008-05-22 11:17 . 2008-05-22 11:17   84,480   --a------   C:WINDOWSSystem32INETRES.dll
2008-05-22 11:17 . 2008-05-22 11:17   83,968   --a------   C:WINDOWSSystem32dnsrslvr.dll
2008-05-22 11:17 . 2008-05-22 11:17   24,576   --a------   C:WINDOWSSystem32dnscacheugc.exe
2008-05-22 11:17 . 2008-05-22 11:17   11,776   --a------   C:WINDOWSSystem32sbunattend.exe
2008-05-22 11:16 . 2008-05-22 11:16   788,992   --a------   C:WINDOWSSystem32
pcrt4.dll
2008-05-22 11:16 . 2008-05-22 11:16   130,048   --a------   C:WINDOWSSystem32driverssrv2.sys
2008-05-22 11:16 . 2008-05-22 11:16   101,888   --a------   C:WINDOWSSystem32driversmrxsmb.sys
2008-05-22 11:16 . 2008-05-22 11:16   84,992   --a------   C:WINDOWSSystem32driverssrvnet.sys
2008-05-22 11:16 . 2008-05-22 11:16   58,368   --a------   C:WINDOWSSystem32driversmrxsmb20.sys
2008-05-22 11:14 . 2008-05-22 11:14   <DIR>   d--------   C:Program FilesMSXML 4.0
2008-05-22 11:13 . 2008-05-22 11:13   2,048   --a------   C:WINDOWSSystem32   zres.dll
2008-05-22 10:50 . 2008-05-22 10:50   1,712,984   --a------   C:WINDOWSSystem32wuaueng.dll
2008-05-22 10:50 . 2008-05-22 10:50   1,524,224   --a------   C:WINDOWSSystem32wucltux.dll
2008-05-22 10:50 . 2008-05-22 10:50   549,720   --a------   C:WINDOWSSystem32wuapi.dll
2008-05-22 10:50 . 2008-05-22 10:50   80,896   --a------   C:WINDOWSSystem32wudriver.dll
2008-05-22 10:50 . 2008-05-22 10:50   53,080   --a------   C:WINDOWSSystem32wuauclt.exe
2008-05-22 10:50 . 2008-05-22 10:50   43,352   --a------   C:WINDOWSSystem32wups2.dll
2008-05-22 10:50 . 2008-05-22 10:50   33,624   --a------   C:WINDOWSSystem32wups.dll
2008-05-22 10:49 . 2008-05-22 10:49   163,000   --a------   C:WINDOWSSystem32wuwebv.dll
2008-05-22 10:49 . 2008-05-22 10:49   31,232   --a------   C:WINDOWSSystem32wuapp.exe
2008-05-22 10:47 . 2008-05-22 10:47   <DIR>   d--------   C:UsersOwnerAppDataRoamingSymantec

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 08:13   ---------   d-----w   C:Program FilesWindows Mail
2008-06-10 08:02   ---------   d-----w   C:ProgramDataMicrosoft Help
2008-06-09 20:34   ---------   d-----w   C:Program FilesJava
2008-06-01 18:43   ---------   d-----w   C:Program FilesCommon FilesAOL
2008-05-22 19:23   ---------   d-----w   C:Program FilesCommon FilesSymantec Shared
2008-05-22 19:21   ---------   d-----w   C:ProgramDataSymantec
2008-05-22 16:30   ---------   d-----w   C:Program FilesWindows Sidebar
2008-05-22 16:22   803,328   ----a-w   C:Windowssystem32drivers   cpip.sys
2008-05-22 16:20   944,184   ----a-w   C:WindowsSystem32winload.exe
2008-05-22 15:48   ---------   d-----w   C:ProgramDataHewlett-Packard
2008-05-22 15:47   ---------   d-----w   C:ProgramDataNVIDIA
2008-05-22 15:44   ---------   d--h--w   C:Program FilesInstallShield Installation Information
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataTemplates
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataStart Menu
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataFavorites
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataDocuments
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataDesktop
2008-05-22 15:32   ---------   d-sh--w   C:ProgramDataApplication Data
2008-05-10 03:30   14,848   ----a-w   C:WindowsSystem32wshrm.dll
2008-05-10 01:21   113,664   ----a-w   C:Windowssystem32drivers
mcast.sys
2008-05-02 21:22   205,328   ----a-w   C:Windowssystem32drivers   mxpflt.sys
2008-05-02 21:21   36,368   ----a-w   C:Windowssystem32drivers   mpreflt.sys
2008-05-02 21:17   1,169,240   ----a-w   C:Windowssystem32drivers sapint.sys
2008-04-26 08:02   1,327,104   ----a-w   C:WindowsSystem32quartz.dll
2008-04-25 04:23   826,368   ----a-w   C:WindowsSystem32wininet.dll
2008-04-25 04:23   56,320   ----a-w   C:WindowsSystem32iesetup.dll
2008-04-25 04:23   52,736   ----a-w   C:WindowsAppPatchiebrshim.dll
2008-04-25 04:22   26,624   ----a-w   C:WindowsSystem32ieUnatt.exe
2008-03-31 21:25   682,496   ----a-w   C:WindowsSystem32DivX.dll
2008-03-29 15:42   335,872   ----a-w   C:WindowsSystem32gdsmux.exe
2008-03-29 15:42   245,248   ----a-w   C:WindowsSystem32dxr.dll
2008-03-29 15:42   163,840   ----a-w   C:WindowsSystem32   s.dll
2008-03-29 15:42   159,744   ----a-w   C:WindowsSystem32mmfinfo.dll
2008-03-29 15:42   148,992   ----a-w   C:WindowsSystem32mkx.dll
2008-03-29 15:42   141,312   ----a-w   C:WindowsSystem32mp4.dll
2008-03-29 15:42   120,832   ----a-w   C:WindowsSystem32ogm.dll
2008-03-29 15:42   108,032   ----a-w   C:WindowsSystem32avi.dll
2008-03-29 15:42   103,424   ----a-w   C:WindowsSystem32dsmux.exe
2008-03-29 15:42   102,400   ----a-w   C:WindowsSystem32avss.dll
2008-03-29 15:41   97,280   ----a-w   C:WindowsSystem32avs.dll
2008-03-29 15:41   79,360   ----a-w   C:WindowsSystem32mkzlib.dll
2008-03-29 15:41   23,552   ----a-w   C:WindowsSystem32mkunicode.dll
2008-03-29 15:41   135,168   ----a-w   C:WindowsSystem32mkv2vfr.exe
2008-03-21 20:30   524,288   ----a-w   C:WindowsSystem32DivXsm.exe
2008-03-21 20:30   3,596,288   ----a-w   C:WindowsSystem32qt-dx331.dll
2008-03-21 20:30   200,704   ----a-w   C:WindowsSystem32ssldivx.dll
2008-03-21 20:30   1,044,480   ----a-w   C:WindowsSystem32libdivx.dll
2008-03-21 20:28   81,920   ----a-w   C:WindowsSystem32dpl100.dll
2008-03-21 20:28   593,920   ----a-w   C:WindowsSystem32dpuGUI11.dll
2008-03-21 20:28   57,344   ----a-w   C:WindowsSystem32dpv11.dll
2008-03-21 20:28   344,064   ----a-w   C:WindowsSystem32dpus11.dll
2008-03-21 20:28   294,912   ----a-w   C:WindowsSystem32dpu11.dll
2008-03-21 20:28   196,608   ----a-w   C:WindowsSystem32dtu100.dll
2007-10-25 08:15   174   --sha-w   C:Program Filesdesktop.ini
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE~Browser Helper Objects{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-05-22 14:35   66912   --a------   C:Program FilesAskSBarSrchAstt.binA2SRCHAS.DLL

[HKEY_LOCAL_MACHINE~Browser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

[HKEY_LOCAL_MACHINE~Browser Helper Objects{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2007-07-17 15:59   1379352   --a------   C:Program FilesWisdom-soft   bWisd.dll

[HKEY_LOCAL_MACHINE~Browser Helper Objects{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 13:32   177504   --a------   c:Program FilesHPSmart Web Printinghpswp_framework.dll

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "C:Program FilesWisdom-soft   bWisd.dll" [2007-07-17 15:59 1379352]
"{F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B}"= "C:Program FilesWeb Technologiesiebr.dll" [2008-06-18 01:11 86528]

[HKEY_CLASSES_ROOTclsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CLASSES_ROOTclsid{f99d0c20-f8e1-43b6-ab24-3f16bfaea77b}]

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= C:Program FilesWisdom-soft   bWisd.dll [2007-07-17 15:59 1379352]

[HKEY_CLASSES_ROOTclsid{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="C:Program FilesWindows Sidebarsidebar.exe" [2008-05-22 11:17 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 07:34 2159104 C:WINDOWSSystem32oobefldr.dll]
"HPAdvisor"="C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe" [2007-10-01 18:10 1783136]
"ehTray.exe"="C:WindowsehomeehTray.exe" [2006-11-02 07:35 125440]
"AIM"="C:Program FilesAIMaim.exe" [2006-08-01 15:35 67112]
"Google Update"="C:UsersOwnerAppDataLocalGoogleUpdate.1.25.0GoogleUpdate.exe" [2008-05-27 21:37 51184]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvSvc"="C:Windowssystem32
vsvc.dll" [2007-09-28 03:06 86016]
"NvCplDaemon"="C:Windowssystem32NvCpl.dll" [2007-09-28 03:06 8497696]
"NvMediaCenter"="C:Windowssystem32NvMcTray.dll" [2007-09-28 03:06 81920]
"SynTPStart"="C:Program FilesSynapticsSynTPSynTPStart.exe" [2007-09-15 03:29 102400]
"QPService"="C:Program FilesHPQuickPlayQPService.exe" [2007-10-03 00:00 181544]
"QlbCtrl"="C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" [2007-09-06 16:46 202032]
"Windows Defender"="C:Program FilesWindows DefenderMSASCui.exe" [2007-10-25 02:36 1006264]
"hpqSRMon"="C:Program FilesHPDigital ImaginginhpqSRMon.exe" [2007-08-22 18:31 80896]
"Adobe Reader Speed Launcher"="C:Program FilesAdobeReader 8.0ReaderReader_sl.exe" [2007-05-11 05:06 40048]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe" [ ]
"HP Software Update"="C:Program FilesHpHP Software UpdateHPWuSchd2.exe" [2007-05-08 18:24 54840]
"hpWirelessAssistant"="C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe" [2007-09-13 10:47 480560]
"WAWifiMessage"="C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe" [2007-01-08 17:53 311296]
"SunJavaUpdateSched"="C:Program FilesJavajre1.6.0_05injusched.exe" [2008-02-22 04:25 144784]
"UfSeAgnt.exe"="C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe" [2008-02-26 14:10 1398024]
"QuickTime Task"="C:Program FilesQuickTimeQTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:Program FilesiTunesiTunesHelper.exe" [2008-03-30 10:36 267048]
"au"="C:Program FilesDealioDealioAU.exe" [2008-02-08 13:11 546144]
"SpySweeper"="C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" [2007-10-01 16:40 5367608]

C:UsersOwnerAppDataRoamingMicrosoftWindowsStart MenuProgramsStartup\r
YouTube Uploader.lnk - C:UsersOwnerAppDataLocalYouTubeUploaderyoutubeuploader.exe [2007-11-09 13:33:08 71152]

C:ProgramDataMicrosoftWindowsStart MenuProgramsStartup\r
Vongo Tray.lnk - C:WindowsInstaller{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-10-25 04:08:37 53248]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciesexplorer
un]
"some"= C:Program FilesWeb Technologieswcs.exe
"start"= C:Program FilesWeb Technologiesiebtm.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"LoadAppInit_DLLs"=0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"msacm.l3codecp"= l3codecp.acm
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparameters irewallpolicy]
"<NO NAME>"=

[HKLM~servicessharedaccessparameters irewallpolicyDomainProfile]
"<NO NAME>"=

[HKLM~servicessharedaccessparameters irewallpolicyDomainProfileAuthorizedApplications]
"<NO NAME>"=

[HKLM~servicessharedaccessparameters irewallpolicyDomainProfileAuthorizedApplicationsList]
"<NO NAME>"=
"C:\Program Files\Vongo\VongoService.exe"= C:Program FilesVongoVongoService.exe:*:enabled:VongoService

[HKLM~servicessharedaccessparameters irewallpolicyFirewallRules]
"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}"= UDP:C:Program FilesCommon FilesAOLLoaderaolload.exe:AOL Loader
"{CA6C467C-F80C-4393-A684-1A757088196E}"= TCP:C:Program FilesCommon FilesAOLLoaderaolload.exe:AOL Loader
"{1AE562DA-7309-453A-9981-14754F331E8B}"= UDP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{215A0E8B-F3B1-4142-9EDC-67844C866781}"= TCP:C:Program FilesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}"= C:Program FilesCyberlinkPowerDirectorPDR.EXE:CyberLink PowerDirector
"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{D012D9F6-2140-435A-84C2-5468FCAFA85A}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{CCB39148-7984-4B64-B9C3-C4136001128B}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{3AB9E897-EFD5-46F8-A8FD-92524044A185}"= UDP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{4630CE96-7C84-4111-9852-86D38C21972F}"= TCP:C:Program Filesearthlink totalaccessTaskPanl.exe:taskpanl
"{EFFC690E-32E4-4BB0-8708-B93E2398D75D}"= C:Program FilesHPQuickPlayQP.exe:Quick Play
"{B1DA885E-8259-4D7D-BD01-624BDC0668F9}"= C:Program FilesHPQuickPlayQPService.exe:Quick Play Resident Program
"{F87F790A-5394-4BC0-BD9D-356E147198E6}"= UDP:C:Program FilesFrostWireFrostWire.exe:LimeWire
"{163A8DC6-38BD-4BC4-8B37-1DF61AC4555B}"= TCP:C:Program FilesFrostWireFrostWire.exe:LimeWire
"TCP Query User{E26B0695-1CCC-46E8-9A1E-32914F24B333}C:\program files\aim\aim.exe"= UDP:C:program filesaimaim.exe:AOL Instant Messenger
"UDP Query User{228A374A-F363-4736-A8D0-CF1EA58EF111}C:\program files\aim\aim.exe"= TCP:C:program filesaimaim.exe:AOL Instant Messenger
"TCP Query User{3AED8A84-840D-4E81-A26F-072BC4E5153D}C:\program files\internet explorer\iexplore.exe"= UDP:C:program filesinternet exploreriexplore.exe:Internet Explorer
"UDP Query User{A46A6D5C-D14F-4256-B597-AB329B5594F6}C:\program files\internet explorer\iexplore.exe"= TCP:C:program filesinternet exploreriexplore.exe:Internet Explorer
"{6CDF113D-2D86-48B7-9456-7750031FA2B7}"= UDP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{CD7081E3-5086-418A-951E-E967268FD92D}"= TCP:C:Program FilesBonjourmDNSResponder.exe:Bonjour
"{B6C86FC5-76AB-4B75-9A17-962AFB974966}"= UDP:C:Program FilesiTunesiTunes.exe:iTunes
"{59679479-2503-4ECD-9097-AB8809DE5804}"= TCP:C:Program FilesiTunesiTunes.exe:iTunes

[HKLM~servicessharedaccessparameters irewallpolicyRestrictedServicesStaticSystem]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%system32svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM~servicessharedaccessparameters irewallpolicyStandardProfileAuthorizedApplicationsList]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"= C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink

S3 GameConsoleService;GameConsoleService;"C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe" [2007-07-23 18:33]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-20 22:06:29
Windows 6.0.6000  NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-20 22:08:21
ComboFix-quarantined-files.txt  2008-06-21 03:08:09

Pre-Run: 98,927,706,112 bytes free
Post-Run: 98,667,491,328 bytes free

318   --- E O F ---   2008-06-20 01:59:38





here is the new log from the first link:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:46 AM, on 6/21/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:Windowssystem32   askeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WINDOWSSystem32
undll32.exe
C:Program FilesSynapticsSynTPSynTPStart.exe
C:Program FilesHPQuickPlayQPService.exe
C:Program FilesHewlett-PackardHP Quick Launch ButtonsQLBCTRL.exe
C:Program FilesHPDigital ImaginginHpqSRmon.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:WINDOWSSystem32
undll32.exe
C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe
C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe
C:Program FilesJavajre1.6.0_05injusched.exe
C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesWebrootSpy SweeperSpySweeperUI.exe
C:Program FilesWindows Sidebarsidebar.exe
C:WINDOWSehomeehtray.exe
C:UsersOwnerAppDataLocalGoogleUpdate.1.25.0GoogleUpdate.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesDealiokb126Dealio Deskbar.exe
C:UsersOwnerAppDataLocalYouTubeUploaderyoutubeuploader.exe
C:Program FilesHewlett-PackardSharedHpqToaster.exe
C:Windowsehomeehmsas.exe
C:Program FilesMozilla Firefox irefox.exe
C:WindowsSystem32mobsync.exe
C:Program FilesAIMaim.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLMSoftwareMicrosoftInternet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://internetsearchservice.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Unknown&
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt.binA2SRCHAS.DLL
R3 - URLSearchHook: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt.binA2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:Program FilesDealiokb126Dealio.dll
O2 - BHO: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_05inssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarar.binASKSBAR.DLL
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:Program FilesHPSmart Web Printinghpswp_framework.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:Program FilesAskSBarar.binASKSBAR.DLL
O3 - Toolbar: Wisdom-soft toolbar - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} - C:Program FilesWisdom-soft   bWisd.dll
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:Program FilesDealiokb126Dealio.dll
O3 - Toolbar: RefresherBand Class - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:PROGRA~1YREFRE~1YREFRE~1.DLL
O3 - Toolbar: Internet Service - {F99D0C20-F8E1-43B6-AB24-3F16BFAEA77B} - C:Program FilesWeb Technologiesiebr.dll
O4 - HKLM..Run: [NvSvc] "RUNDLL32.EXE" C:Windowssystem32
vsvc.dll,nvsvcStart
O4 - HKLM..Run: [NvCplDaemon] "RUNDLL32.EXE" C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SynTPStart] "C:Program FilesSynapticsSynTPSynTPStart.exe"
O4 - HKLM..Run: [QPService] "C:Program FilesHPQuickPlayQPService.exe"
O4 - HKLM..Run: [QlbCtrl] "C:Program FilesHewlett-PackardHP Quick Launch ButtonsQlbCtrl.exe" /Start
O4 - HKLM..Run: [hpqSRMon] "C:Program FilesHPDigital ImaginginhpqSRMon.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHpHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [hpWirelessAssistant] "C:Program FilesHewlett-PackardHP Wireless AssistantHPWAMain.exe"
O4 - HKLM..Run: [WAWifiMessage] "C:Program FilesHewlett-PackardHP Wireless AssistantWiFiMsg.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_05injusched.exe"
O4 - HKLM..Run: [UfSeAgnt.exe] "C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [au] "C:Program FilesDealioDealioAU.exe"
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootSpy SweeperSpySweeperUI.exe" /startintray
O4 - HKCU..Run: [Sidebar] "C:Program FilesWindows Sidebarsidebar.exe" /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [HPAdvisor] "C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe" autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [AIM] C:Program FilesAIMaim.exe -cnetwait.odl
O4 - HKCU..Run: [Google Update] "C:UsersOwnerAppDataLocalGoogleUpdate.1.25.0GoogleUpdate.exe" /lang en
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: YouTube Uploader.lnk = C:UsersOwnerAppDataLocalYouTubeUploaderyoutubeuploader.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O8 - Extra context menu item: Compare Prices with &Dealio - C:UsersOwnerAppDataLocalLowDealiokb126
esDealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~3Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_05inssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~3Office12ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~3Office12REFIEBAR.DLL
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:Program FilesDealiokb126Dealio.dll
O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:Program FilesDealiokb126Dealio.dll
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:Program FilesCommon FilesAppleMobile Device SupportinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardHP Quick Launch ButtonsCom4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program FilesHP GamesMy HP Game ConsoleGameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:Program FilesHewlett-PackardSharedhpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver   Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodiniPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:Program FilesCyberLinkShared FilesRichVideo.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:Program FilesTrend MicroBMTMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:Program FilesTrend MicroInternet SecurityTmProxy.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:Program FilesVongoVongoService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:Program FilesWebrootSpy SweeperSpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 11156 bytes


Answer
Hi Evaresto

Both logs are not formatted properly this time.  The log entries should look like this:
C:\Windows\system32\taskeng.exe
not this:
C:Windowssystem32 askeng.exe

If you are pasting them properly, then this site may be the problem.  Send the logs to me at numbersix6@yahoo.com so I can read through them.  Thanks.

Brian

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Brian Benosky

Expertise

I will help you in eradicating malware and all forms of virus/trojans/adware. I can answer all PC-related hardware issues. I can also troubleshoot Windows OS errors (all versions) and other software problems. HijackThis logs are a MUST for virus related help. If you do not know how to do this, I have posted easy-to-follow instructions on the Ask a Question page. Every computer infection is different, so I will give you personal instructions on how to remove the malware, not a 'pat' answer. You can be assured of a prompt, polite, and knowledgeable response in all regards.

Experience

I have over 25 years experience in using, building, and repairing computers. I have helped over two thousand people here on AllExperts, with consistent Top Feedback Scores. Please look at my answers here: http://en.allexperts.com/q/Computer-Security-Viruses-1737/indexExp_84308.htm I am also a Top Contributor of General Computing answers in Yahoo! Questions.

Education/Credentials
College Educated Self-taught Computer Skills

©2012 About.com, a part of The New York Times Company. All rights reserved.