Please Help! I think My computer has been hacked

[Akarshan]

I think my computer is infected. Looking at the some behavior of my computer it looks like it has been hacked. As I am not a computer genius, I tried all I could to fix the computer. But I don't think I have resolved the problem. Now I am requesting you experts to help me out and shed some light.
I have tried to give all the possible information that might be helpful for you to analyze the case. I am sorry if some of my information is superfluous.

My operating system is Windows Vista Home Premium.
Symptoms that forced me to think it has been hacked:
1.Computer has been little slower than usual
2.Task Manager was disabled and I was not able to view or edit registry (which I fixed after googling some websites)
3.Windows atomatic update and Firewall was disabled (which I fixed by downloading new PC Tools Firewall plus and changing the value in registry for windows updating.)
4.Though I am the only user, my computer does not recognize me as an administrator( I do not know how to fix that)
5.when I start my computer my wallpaper or the desktop screen pops up or blinks for two or three times before being stable
6.Position of displayed icons on the desktop has changed a few times
6.Javascript has been disabled. And I am not able to fix it even though I changed all the required settings. Hence I am not able to run online virus scanner
7.when I use Internet Explorer most of the times it redirects me to some other websites.

Do these symptoms signify anything? After reading many articles I was convinced that my computer might have been hacked.

Before the computer was infected I had AVG free edition antivirus and spyware doctor, windows defender and windows firewall.
Now I have installed and run many anti spywares like AVG anti spyware, Superanitspyware, Spybot-SD, Ad-Aware, Prevx CSI, AVG anti rootkitfree, cwshredder, HJT.

When I scan my computer most of the results are clean now. But still my problem has not been fixed. Below are the results from anti spywares that have found some infections: (If you want to acess HJT log file, it is at the bottom of this post.)
Thank you very much for your time. I will be looking forward to hear your respose.

*********************************************
************************************************

Ad-Aware 2007 Build
Log File Created on: 2008-02-20 15:21:31
Using Definitions File: C:\ProgramData\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: SLEEK
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 2
Processor type: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Memory Available: 42%
Total Physical Memory: 2136408064 Bytes
Available Physical Memory: 880160768 Bytes
Total Page File Size: 4501422080 Bytes
Available On Page File: 2702053376 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1966374912 Bytes
OS: Microsoft Windows Vista (Build 6000)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 10000 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 53
Build Number: 0
Build Date and Time: 2008/02/18 06:35:34

Scan Statistics
===========================
Method: Smart
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: On

Item Scanned: 266062
Infections Detected: 6
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 6 6
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net ANRTT /
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net TData /
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net Anxd /
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net Tsid /
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net TID /
Item Id: 600000400 Value: Browser: Firefox Cookie: C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles/k8uc06ua.default\cookies.txt tacoda.net Tcc /

Items Ignored During Scan
===========================


Listing of running processes
=======================
I had to delete the running processes because it was too long

**************************************************
**************************************************
Syware Doctor usually detects some infections as
1. Application.Tracking cookies
2. Adware.Advertising

************************************************
**********************************************
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:27:57 PM 2/19/2008

+ Scan result:



:mozilla.123:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.177:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.178:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.94:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.33:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.34:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.48:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.49:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.55:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.56:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.80:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.84:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.85:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.86:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.91:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.61:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.62:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.63:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.72:C:\Users\Akarshan\AppData\Roaming\Mozilla\Firefox\Profiles\k8uc06ua.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


::Report end
**********************************************************
[/color]********************************************************

Now, Below is the HJT log file:


Logfile of HijackThis v1.99.1
Scan saved at 2:43:50 PM, on 2/21/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADEA2C12-A476-D13C-2B4B-A33D54435112} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PrevxCSI.lnk = ?
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[Pancake]

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.


F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"


Reboot...


============================

Please download the OTMoveIt by OldTimer

Save it to your desktop.

Please double-click OTMoveIt.exe to run it

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


C:\Program Files\Common Files\System\svchost.exe"



Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

Click the red Moveit! button.

Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


=====================================

Please download Combofix from any of the links below, and save it to your desktop. For further information regarding this download you can see this on this Information Page


Combofix Link 1
Combofix Link 2
Combofix Link 3


**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Caution...Never run and remove files using ComboFix without being supervised by a security analyst.

[Akarshan]

Thanks for the response. However, I am unable to find the line "F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"."

That line is missing. I can see that on the hijackthis notepad but not on the result of the hijackthis. I would really appreciate it if you guide me through this.

[Pancake]

Ok..Good.Can you run Combofix please

[Akarshan]

Below is the log file from ComboFix:

****************************************************
*****************************************************
ComboFix 08-02-24.4 - Akarshan 2008-02-24 14:50:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1064 [GMT -8:00]
Running from: C:\Users\Akarshan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\Windows\system32\x64

----- BITS: Possible infected sites -----

hxxp://actresshot.blogspot.com
hxxp://image1.indiaglitz.com

.
((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-23 16:02 . 2008-02-23 16:02 <DIR> d-------- C:\Windows\Sun
2008-02-23 15:26 . 2008-02-23 15:26 <DIR> d-------- C:\ie-spyad_zo
2008-02-21 19:39 . 2008-02-21 19:39 <DIR> d-------- C:\Users\All Users\Simply Super Software
2008-02-21 19:39 . 2008-02-21 19:39 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\Simply Super Software
2008-02-21 19:39 . 2008-02-21 19:39 <DIR> d-------- C:\ProgramData\Simply Super Software
2008-02-21 19:39 . 2008-02-21 19:40 <DIR> d-------- C:\Program Files\Trojan Remover
2008-02-21 19:39 . 2006-05-25 14:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-02-21 19:39 . 2003-02-02 19:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-02-21 19:39 . 2005-08-26 00:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-02-21 19:39 . 2002-03-06 00:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-02-21 19:39 . 2006-06-19 12:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-02-21 19:05 . 2008-02-21 19:05 <DIR> d-------- C:\Program Files\CCleaner
2008-02-21 17:16 . 2008-02-21 17:16 <DIR> d-------- C:\Windows\System32\ZoneLabs
2008-02-21 17:16 . 2008-01-09 03:32 276,368 --a------ C:\Windows\System32\drivers\vsdatant.sys
2008-02-21 17:16 . 2003-10-16 14:11 70 --ah----- C:\Windows\System32\drivers\vsconfig.xml
2008-02-21 17:15 . 2008-02-21 18:30 <DIR> d-------- C:\Windows\Internet Logs
2008-02-21 16:41 . 2008-02-23 14:52 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-20 20:09 . 2008-02-20 20:09 <DIR> d-------- C:\Program Files\Belarc
2008-02-20 20:09 . 2005-04-07 16:18 3,840 --a------ C:\Windows\System32\drivers\BANTExt.sys
2008-02-19 18:22 . 2008-02-19 18:22 <DIR> d-------- C:\Program Files\PrevxCSI
2008-02-19 18:18 . 2008-02-20 00:55 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\PrevxCSI
2008-02-19 18:18 . 2008-02-20 00:55 10,752 --a------ C:\Windows\System32\drivers\pxark.sys
2008-02-18 23:45 . 2006-12-26 08:57 19,247 --------- C:\Windows\CV30A5ZA.CAT
2008-02-18 01:31 . 2008-02-18 01:31 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\Grisoft
2008-02-18 01:29 . 2007-05-30 04:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-02-17 18:30 . 2007-12-20 09:43 248,448 --a------ C:\Windows\System32\PROUnstl.exe
2008-02-17 16:05 . 2007-01-18 04:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys
2008-02-17 15:45 . 2008-02-17 15:45 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\Uniblue
2008-02-17 14:19 . 2008-02-17 14:19 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-02-17 14:19 . 2008-02-17 14:19 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\SUPERAntiSpyware.com
2008-02-17 14:19 . 2008-02-17 14:19 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-02-17 14:19 . 2008-02-23 22:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 18:20 . 2008-02-16 18:56 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-02-16 18:20 . 2008-02-16 18:56 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-02-16 18:20 . 2008-02-16 18:20 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 17:49 . 2008-02-16 17:49 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-02-16 17:49 . 2008-02-16 17:49 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-02-16 17:49 . 2008-02-16 17:49 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-02-16 17:49 . 2008-02-16 17:49 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-02-16 17:49 . 2008-02-16 17:49 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-02-16 17:45 . 2008-02-16 17:45 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-16 15:44 . 2008-02-16 15:45 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-02-16 15:44 . 2008-02-16 15:45 <DIR> d-------- C:\ProgramData\Lavasoft
2008-02-16 15:44 . 2008-02-16 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-16 15:43 . 2008-02-17 14:18 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 20:38 . 2008-02-14 20:39 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\PCToolsFirewallPlus
2008-02-14 20:32 . 2008-02-14 20:32 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-14 20:32 . 2008-01-04 14:13 218,520 --a------ C:\Windows\System32\drivers\pctfw2.sys
2008-02-14 20:32 . 2008-01-04 14:13 125,848 --a------ C:\Windows\System32\drivers\pctfw.sys
2008-02-14 20:32 . 2008-01-04 14:13 40,856 --a------ C:\Windows\System32\drivers\pctmp.sys
2008-02-14 20:32 . 2008-01-04 14:13 18,328 --a------ C:\Windows\System32\drivers\pctssipc.sys
2008-02-14 20:14 . 2008-02-14 20:14 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\InstallShield
2008-02-14 19:55 . 2008-02-14 20:46 <DIR> d-------- C:\Program Files\PC Tools Firewall Plus
2008-02-14 15:26 . 2008-02-21 09:22 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-14 15:26 . 2007-12-10 14:53 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys
2008-02-14 15:26 . 2007-12-10 14:53 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys
2008-02-14 15:26 . 2007-12-10 14:53 41,864 --a------ C:\Windows\System32\drivers\ikfilesec.sys
2008-02-14 15:26 . 2007-12-10 14:53 29,576 --a------ C:\Windows\System32\drivers\kcom.sys
2008-02-13 20:39 . 2008-02-13 21:08 <DIR> d-------- C:\Users\Akarshan\.housecall6.6
2008-02-13 09:54 . 2008-02-13 09:54 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 09:54 . 2008-02-13 09:54 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 09:49 . 2008-02-13 09:49 806,400 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 09:49 . 2008-02-13 09:49 217,144 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 09:49 . 2008-02-13 09:49 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 09:49 . 2008-02-13 09:49 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 09:49 . 2008-02-13 09:49 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 09:46 . 2008-02-13 09:46 56,320 --a------ C:\Windows\System32\iesetup.dll
2008-02-01 14:15 . 2008-02-07 09:43 <DIR> d-------- C:\Program Files\HP DeskJet 630C Series
2008-01-27 19:59 . 2008-01-27 19:59 <DIR> d-------- C:\Users\Akarshan\AppData\Roaming\WordWeb
2008-01-25 18:55 . 2008-01-25 18:55 229,376 --a------ C:\Windows\System32\UCI32A27.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 22:44 --------- d---a-w C:\ProgramData\TEMP
2008-02-24 17:20 --------- d-----w C:\ProgramData\Google Updater
2008-02-24 17:07 --------- d-----w C:\Users\Akarshan\AppData\Roaming\AVG7
2008-02-19 18:03 --------- d-----w C:\Program Files\Windows Mail
2008-02-18 09:29 --------- d-----w C:\ProgramData\Grisoft
2008-02-18 02:01 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-17 02:01 174 --sha-w C:\Program Files\desktop.ini
2008-02-17 01:48 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-02-17 01:46 88,576 ----a-w C:\Windows\System32\avifil32.dll
2008-02-15 04:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-15 04:25 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-15 03:52 --------- d-----w C:\ProgramData\PC Tools
2008-02-15 00:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-13 17:47 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 17:47 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 17:47 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-16 07:37 --------- d-----w C:\Program Files\iTunes
2008-01-16 07:37 --------- d-----w C:\Program Files\iPod
2008-01-16 07:36 --------- d-----w C:\ProgramData\Apple Computer
2008-01-16 07:34 --------- d-----w C:\Program Files\QuickTime
2008-01-14 18:37 --------- d-----w C:\Users\Akarshan\AppData\Roaming\Move Networks
2008-01-09 11:02 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 11:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-03 01:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-01-03 01:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-01-03 01:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-01-03 01:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-01-03 01:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-01-03 01:06 530,968 ----a-w C:\Windows\System32\igfxcfg.exe
2008-01-03 01:06 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-01-03 01:06 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-01-03 00:57 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1409.dll
2008-01-03 00:48 2,580,480 ----a-w C:\Windows\System32\igdumd32.dll
2008-01-03 00:48 2,016,256 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-01-03 00:42 1,658,880 ----a-w C:\Windows\System32\ig4dev32.dll
2008-01-03 00:41 2,416,640 ----a-w C:\Windows\System32\ig4icd32.dll
2008-01-03 00:34 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-01-03 00:34 48,128 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-01-03 00:34 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-01-03 00:34 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-01-03 00:34 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-01-03 00:33 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-01-03 00:33 200,704 ----a-w C:\Windows\System32\igfxdev.dll
2008-01-03 00:33 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-01-03 00:33 102,400 ----a-w C:\Windows\System32\hccutils.dll
2007-12-30 06:25 --------- d-----w C:\ProgramData\avg7
2007-12-30 04:58 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2007-12-30 04:58 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2007-12-29 23:05 --------- d-----w C:\Program Files\Sprint music manager
2007-12-15 04:05 35,424 ----a-w C:\Windows\System32\e100bmsg.dll
2007-12-14 19:32 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-12-14 11:08 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-14 11:08 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-14 11:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-11-29 14:52 40,056 ----a-w C:\Windows\System32\NicInst6.dll
2007-05-03 01:40 0 ----a-w C:\Users\Akarshan\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 16:36 1474560]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 09:11 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 04:34 2159104 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-14 00:36 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 15:33 167936]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0\bin\jusched.exe" [2006-12-17 22:19 77824]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 15:24 54840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-29 20:58 579072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"00PCTFW"="C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25 6731312]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-02 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-02 17:06 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-02 17:07 133656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 20:58 219136]

C:\Users\Akarshan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-01 09:11:30 124912]
HP Connections.lnk - C:\Program Files\HP Connections\6811507\Program\HP Connections.exe [2006-12-17 22:02:11 34520]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 11:05:56 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-12-29 20:58 9216 C:\Windows\System32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{986DBCC3-258C-478A-B7BC-99F1DB270CF8}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F629E84D-94B6-4C41-872B-5620E934DE41}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7D5DA446-5191-41B4-8CA8-AABE993A2C4D}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6C384080-1347-4BDB-BB76-09B21B18A5F0}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{E3C0C252-0A38-4361-AF59-1D8FB0E983C5}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E77BB2B5-46F0-4DFC-961D-332C4023D99F}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{B140A5A1-8FFE-44B1-804E-C4DB0150BB5E}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EFE4B2F2-9DAD-441F-B249-26F7546828FE}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{8418196E-2324-4FC8-9146-ABEC4B16444F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{02FF0AB7-62F2-451D-9EC5-1BE315AAC2E1}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D6FBBB6A-F9D7-423F-ACDB-7B402A3175D4}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2FAC9CA2-5D93-4E24-A619-61A342200713}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1C94BF54-4E72-4403-B729-54CF4FC72C5F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"TCP Query User{3934BC9A-0A85-4A2E-8CA7-7B2379AF712D}C:\program files\tvuplayer\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component|Desc=TVUPlayer Component
"UDP Query User{0F173C4F-2CE0-4C51-8677-C7E145B6D012}C:\program files\tvuplayer\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component|Desc=TVUPlayer Component
"TCP Query User{6C0FEA48-5C4F-4FB0-9043-04A6F36D2111}C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe"= UDP:C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"UDP Query User{80ECF965-2E09-4823-9CE9-41AC48FAF2C3}C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe"= TCP:C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"TCP Query User{AFE1263A-D1EE-4133-A8B8-937ADE002621}C:\program files\sopcast\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{2FB9CB7D-DF57-4DFB-B245-1815E4105DB3}C:\program files\sopcast\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"{0EEF513B-78D0-415E-8BF1-492BCF4AE6B3}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CDA639CE-A73F-4106-9A5E-2FA8E6229C59}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{5B2CA5E7-7AA7-4DC1-9327-ED471274C598}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{C1613D40-B319-47CB-A524-E5CB2A6060DC}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{708E4799-8618-4D37-BB83-7435029E4E1B}"= Disabled:UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{54A94869-6808-4372-B4AB-250AB0111E97}"= Disabled:TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{BBFD15EF-AF38-410B-A4CC-9213AD187567}C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe"= Disabled:UDP:C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"UDP Query User{E22805A7-DA41-4A31-96EF-798196EFFD46}C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe"= Disabled:TCP:C:\users\akarshan\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe|Desc=sopadver.exe
"TCP Query User{75F98CF1-E68C-4FFC-BC33-226A07549FA9}C:\program files\sopcast\sopcast.exe"= Disabled:UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"UDP Query User{6BE27F13-A400-4FEF-B9A2-89F8432C7050}C:\program files\sopcast\sopcast.exe"= Disabled:TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application|Desc=SopCast Main Application
"{009D3011-BCB6-4E33-95E9-869B1644CA82}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{736206B0-1487-4C58-A8FD-32920215B143}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files\PPStream\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream

R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-02-20 00:55]
R1 pctfw2;pctfw2;C:\Windows\System32\drivers\pctfw2.sys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\Windows\system32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\Windows\system32\drivers\pctssipc.sys [2008-01-04 14:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 05:27]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-29 20:58]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-01-02 16:48]
R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-31 18:36]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 23:30]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-10-08 10:40]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-08 10:00]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 01:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57957aaa-16d2-11dc-ba1c-001b2413270c}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-24 22:31:00 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-01-29 00:37:07 C:\Windows\Tasks\HPCeeScheduleForAkarshan.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-02-24 21:31:23 C:\Windows\Tasks\User_Feed_Synchronization-{13A1D845-1EB6-42FF-A79A-F395B2D43AB2}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-24 14:53:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-24 14:53:49
ComboFix-quarantined-files.txt 2008-02-24 22:53:47
.
2008-02-24 04:46:00 --- E O F ---
********************************************************
******************************************************

While I was running the HijackThis I got some error warnings which I have included in the attached document. However, I ran the HijackThis and below is the log file

*****************************************************
*****************************************************
Logfile of HijackThis v1.99.1
Scan saved at 2:43:50 PM, on 2/21/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\System\svchost.exe"
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ADEA2C12-A476-D13C-2B4B-A33D54435112} - C:\PROGRA~1\COMMON~1\System\vd3_sys.dat
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: PrevxCSI.lnk = ?
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

[Pancake]

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the text in the quotebox below into it:

Quote:

Killall::

File::
C:\Program Files\Common Files\System\svchost.exe
C:\PROGRAM FILES\COMMON FILES\System\vd3_sys.dat

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=-

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*