Hi Ried, and thanks for your help. Hopefully I have done as you requested properly. The contents of the ComboFix file has been pasted into this reply. I'm feeling overwhelmed, but learning these new things can't be a bad thing. I suppose.
Rosie
ComboFix 08-08-09.03 - Owner 2008-08-10 0:15:31.1 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1861 [GMT -4:00]
Running from: C:\Users\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\KBL.LOG
.
((((((((((((((((((((((((( Files Created from 2008-07-10 to 2008-08-10 )))))))))))))))))))))))))))))))
.
2008-08-04 19:41 . 2008-08-04 19:41 <DIR> d-------- C:\Deckard
2008-08-04 19:30 . 2008-08-04 19:31 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-04 18:20 . 2008-08-04 18:20 <DIR> d-------- C:\Program Files\Panda Security
2008-08-04 18:20 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-08-04 12:48 . 2008-08-10 00:07 <DIR> d-a------ C:\Users\All Users\TEMP
2008-08-04 12:48 . 2008-08-10 00:07 <DIR> d-a------ C:\ProgramData\TEMP
2008-08-04 12:46 . 2008-08-09 00:19 <DIR> d-------- C:\Users\All Users\Google Updater
2008-08-04 12:46 . 2008-08-09 00:19 <DIR> d-------- C:\ProgramData\Google Updater
2008-08-04 12:46 . 2008-08-04 12:46 <DIR> d-------- C:\Program Files\Google
2008-07-29 00:04 . 2008-07-29 08:09 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-29 00:04 . 2008-07-29 08:09 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-07-29 00:04 . 2008-07-29 00:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-28 23:52 . 2008-07-28 23:52 <DIR> d-------- C:\Program Files\Sun
2008-07-19 09:23 . 2008-07-19 09:23 <DIR> d-------- C:\Users\Owner\AppData\Roaming\Malwarebytes
2008-07-19 09:23 . 2008-07-19 09:23 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-19 09:23 . 2008-07-19 09:23 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-19 09:23 . 2008-07-19 10:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-12 22:33 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:33 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:33 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-11 14:20 . 2008-07-11 16:02 <DIR> d-------- C:\Users\Owner\equinox new tubes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-10 04:23 --------- d-----w C:\Users\Owner\AppData\Roaming\WTablet
2008-07-29 03:52 --------- d-----w C:\Program Files\Java
2008-07-24 01:32 27,839 ----a-w C:\Users\Owner\AppData\Roaming\nvModes.dat
2008-07-10 07:05 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 16:50 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-23 10:25 --------- d-----w C:\Program Files\HP
2008-06-19 02:06 --------- d-----w C:\Users\Owner\AppData\Roaming\Amazon
2008-06-19 02:06 --------- d-----w C:\Program Files\Amazon
2008-06-15 03:20 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-11 07:11 --------- d-----w C:\Program Files\Yahoo!
2008-06-11 02:38 --------- d-----w C:\ProgramData\WildTangent
2008-06-10 02:58 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-10 02:57 --------- d-----w C:\ProgramData\CyberLink
2008-06-10 02:56 --------- d-----w C:\Users\Owner\AppData\Roaming\CyberLink
2008-05-27 05:21 1,582,592 ----a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 ----a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 ----a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 ----a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 ----a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 ----a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 ----a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 ----a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 ----a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 ----a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 ----a-w C:\Windows\System32\offfilt.dll
2008-05-27 05:17 143,872 ----a-w C:\Windows\System32\korwbrkr.dll
2008-05-27 05:17 11,776 ----a-w C:\Windows\System32\msshooks.dll
2008-05-27 05:17 1,671,680 ----a-w C:\Windows\System32\chsbrkr.dll
2008-05-27 04:59 18,904 ----a-w C:\Windows\System32\StructuredQuerySchemaTrivial.bin
2008-05-27 04:59 106,605 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-20 22:23 1233920]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-16 05:01 492808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 22:25 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 21:16 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 21:16 8501792]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-11-07 21:16 81920]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-11-01 12:44 671744]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-12-19 22:27 468264]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 19:32 222504]
"DpAgent"="C:\Program Files\DigitalPersona\Bin\dpagent.exe" [2007-09-20 14:12 671744]
"hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 20:31 80896]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 20:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 19:15 480560]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Corel Photo Downloader"="C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-16 12:00 531272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-10 03:59 4702208 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-09-05 16:09:54 727592]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-08 20:16:10 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{78B35E1E-35E2-4F52-844C-B48C584C7AD7}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2FE07A7D-7A16-4DCE-A4D5-E7D817F633BF}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7AC0EA07-3C09-4755-877B-EBE657B9ED41}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{09F16182-1211-469A-976C-FE8C8BAD5227}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{808B515A-3C99-4877-95E1-5EB4CCEAF42B}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9A59F702-8221-47F5-B6AD-29DDBBA48871}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CF62C3F1-C4A3-416F-8F20-281CD724F891}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{983BB620-6E22-42A2-9FB3-582787ADD9AA}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4C74FFBD-6526-4F7F-A173-86BE448F3273}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{72E65C68-CE99-4E43-A3AB-7CE2A33027AD}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{56770C86-B59A-4A7E-8C5C-6AA0BB551911}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4F2CFFEB-5B1D-4BE6-AF85-4A76AFF99952}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{7C4F4574-AF17-4968-B7DB-20B62990A42E}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2008-02-16 05:00]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 22:28]
R2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe [2007-11-08 07:37]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2008-02-16 05:00]
R2 WacomTouchService;Wacom Touch Service;C:\Windows\system32\WacomTouchService.exe [2007-10-16 09:55]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 13:30]
R3 Wacomhidfilter;Wacom HID Filter;C:\Windows\system32\DRIVERS\wacomhidfilter.sys [2007-11-05 11:39]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 06:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\Windows\system32\DRIVERS\wacomvhid.sys [2007-10-06 05:30]
R3 WacomVKHid;Virtual Keyboard Driver;C:\Windows\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11:11]
R3 WacomVTHid;Virtual Touch Driver;C:\Windows\system32\DRIVERS\WacomVTHid.sys [2007-02-22 09:55]
S2 QPSched;QuickPlay Task Scheduler (QTS);C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 22:28]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2007-09-18 09:12]
S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-09-18 09:12]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-09-18 09:12]
S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-20 22:23]
S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-20 22:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-eewmoie - c:\users\owner\appdata\local\eewmoie.exe
MSConfigStartUp-siuiu - c:\users\owner\appdata\local\siuiu.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 -: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-10 00:24:55
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\Windows\TEMP\TMP0000003D9BE76657BBF9CEE3
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Windows\System32\wlanext.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\WTablet\Pen_TabletUser.exe
C:\Windows\System32\wisptis.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2008-08-10 0:31:24 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-10 04:31:10
Pre-Run: 163,084,374,016 bytes free
Post-Run: 162,828,828,672 bytes free
226 --- E O F --- 2008-08-09 04:20:35