can not get rid of this virus and i do not know what it is

when i use the complete scan for the cure it it always says it encountered an unexpectred error and needs to shut down before the scan can finish

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-07-14.08 - HP_Administrator 07/18/2009 13:59.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp\IadHide5.dll
c:\recycler\S-1-5-21-4022182150-1509933919-40857881-1008
c:\recycler\S-1-5-21-4022182150-1509933919-40857881-1010
c:\recycler\S-1-5-21-776561741-1229272821-725345543-500
c:\windows\Installer\1032ca9.msi
c:\windows\Installer\107702ed.msp
c:\windows\Installer\10770315.msp
c:\windows\Installer\107704ca.msp
c:\windows\Installer\107704f0.msp
c:\windows\Installer\10770513.msp
c:\windows\Installer\10770538.msp
c:\windows\Installer\1077055b.msp
c:\windows\Installer\10770586.msp
c:\windows\Installer\107705aa.msp
c:\windows\Installer\107705c1.msi
c:\windows\Installer\107705d7.msp
c:\windows\Installer\107705eb.msp
c:\windows\Installer\1077060f.msp
c:\windows\Installer\10770633.msp
c:\windows\Installer\1077065b.msp
c:\windows\Installer\10919bc5.msi
c:\windows\Installer\10e2c44.msi
c:\windows\Installer\112ec5.msi
c:\windows\Installer\11e9290.msi
c:\windows\Installer\11e9291.msi
c:\windows\Installer\12da75.msi
c:\windows\Installer\12da7b.msi
c:\windows\Installer\12da83.msi
c:\windows\Installer\12da89.msi
c:\windows\Installer\12da91.msi
c:\windows\Installer\13b32fb5.msi
c:\windows\Installer\13b33039.msi
c:\windows\Installer\144edf.msi
c:\windows\Installer\144ee5.msi
c:\windows\Installer\144eeb.msi
c:\windows\Installer\144ef1.msi
c:\windows\Installer\150c894b.msi
c:\windows\Installer\151791.msi
c:\windows\Installer\151797.msi
c:\windows\Installer\15fb253b.msi
c:\windows\Installer\16cb08.msi
c:\windows\Installer\18351d55.msi
c:\windows\Installer\1843250f.msi
c:\windows\Installer\18553c7f.msi
c:\windows\Installer\18e3faf.msi
c:\windows\Installer\1ab4da19.msi
c:\windows\Installer\1ab4da21.msi
c:\windows\Installer\1af8dae.msi
c:\windows\Installer\1da38f8.msi
c:\windows\Installer\1fca6896.msp
c:\windows\Installer\20683fd.msi
c:\windows\Installer\2282bcd.msi
c:\windows\Installer\29db2460.msi
c:\windows\Installer\30f56e.msi
c:\windows\Installer\37352.msi
c:\windows\Installer\38421b24.msi
c:\windows\Installer\38e640d0.msi
c:\windows\Installer\3fe2b4.msi
c:\windows\Installer\4866b.msi
c:\windows\Installer\50f7602.msp
c:\windows\Installer\50f7626.msp
c:\windows\Installer\50f764a.msp
c:\windows\Installer\50f766f.msp
c:\windows\Installer\51e5bb8.msi
c:\windows\Installer\51e5bb9.msp
c:\windows\Installer\51e5bba.msp
c:\windows\Installer\51e5bbb.msp
c:\windows\Installer\51e5bbc.msp
c:\windows\Installer\51e5bbd.msp
c:\windows\Installer\51e5bbe.msp
c:\windows\Installer\51e5bbf.msp
c:\windows\Installer\51e5bc0.msp
c:\windows\Installer\51e5bc1.msp
c:\windows\Installer\52a0d.msi
c:\windows\Installer\52a21.msp
c:\windows\Installer\52b4b.msp
c:\windows\Installer\52b5e.msp
c:\windows\Installer\52ebbde.msi
c:\windows\Installer\52ebbea.msi
c:\windows\Installer\52ebbf6.msi
c:\windows\Installer\553373d.msi
c:\windows\Installer\5588cf4.msi
c:\windows\Installer\5c805d0.msi
c:\windows\Installer\5f7544c.msi
c:\windows\Installer\60951e2.msi
c:\windows\Installer\67314.msi
c:\windows\Installer\689f8.msi
c:\windows\Installer\73e86.msi
c:\windows\Installer\7674c.msi
c:\windows\Installer\782ebaa.msi
c:\windows\Installer\84af132.msi
c:\windows\Installer\8cb7dd9.msi
c:\windows\Installer\8ebf50.msi
c:\windows\Installer\93ad033.msi
c:\windows\Installer\9a60857.msi
c:\windows\Installer\a1901cc.msi
c:\windows\Installer\a1901d3.msp
c:\windows\Installer\a3815.msi
c:\windows\Installer\b64a1a.msp
c:\windows\Installer\bf29d.msi
c:\windows\Installer\d2ac81.msi
c:\windows\Installer\d77018.msi
c:\windows\Installer\db5174d.msi
c:\windows\Installer\e1563a.msi
c:\windows\Installer\eb84c75.msi
c:\windows\Installer\ee0c03.msi
c:\windows\kb913800.exe
D:\Autorun.inf
K:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-17 00:10 . 2009-07-17 00:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\DoctorWeb
2009-07-16 02:53 . 2009-07-16 02:53 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-16 02:52 . 2009-07-17 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 02:52 . 2009-07-16 17:51 -------- d-----w- c:\program files\NOS
2009-07-15 02:43 . 2009-07-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-15 02:35 . 2009-07-15 02:35 -------- d-----w- C:\SystemRoot
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\WinBatch
2009-07-14 16:57 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-14 04:46 . 2009-07-14 04:46 -------- d-----w- c:\windows\system32\scripting
2009-07-14 04:13 . 2009-07-14 04:14 -------- dc-h--w- c:\windows\ie8
2009-07-13 21:47 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-07-13 21:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-07-13 21:43 . 2009-07-14 01:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-13 21:00 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-07-13 20:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-13 20:50 . 2009-07-13 20:50 -------- d-----w- c:\program files\SymNetDrv
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 20:46 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2009-07-13 20:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 20:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 20:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 20:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-13 20:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 20:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 20:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 20:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 20:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 20:45 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 20:45 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 20:45 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-13 20:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 20:42 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 20:42 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 20:42 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-13 20:41 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 20:40 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 20:39 . 2009-07-13 20:39 50280 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 19:13 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-13 19:13 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-13 19:13 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-13 19:13 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-13 19:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-13 18:42 . 2009-07-15 03:09 -------- d-sh--r- c:\windows\system32\dllcache
2009-07-13 16:35 . 2009-07-13 16:35 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
2009-07-13 16:35 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:35 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:32 . 2009-07-13 16:32 -------- d-----w- c:\program files\Trend Micro
2009-07-13 16:31 . 2009-07-13 16:31 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\UserData
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Webroot
2009-07-13 16:23 . 2009-07-13 16:23 7406 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe
2009-07-13 16:23 . 2009-07-13 16:23 1078 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe
2009-07-13 16:17 . 2005-10-12 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-07-05 07:13 . 2009-07-05 07:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-04 01:21 . 2009-07-04 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:56 . 2009-04-24 17:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-03 16:55 . 2009-07-03 16:55 164 ----a-w- c:\windows\install.dat
2009-06-25 03:35 . 2009-06-29 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-06-25 03:31 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid_Inc
2009-06-25 03:31 . 2009-06-29 19:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid
2009-06-25 03:30 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MozillaControl
2009-06-25 03:29 . 2009-07-03 18:30 -------- d-----w- c:\program files\VideoLAN
2009-06-25 03:28 . 2009-07-01 17:35 -------- d-----w- c:\program files\Graboid

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 20:57 . 2005-10-12 02:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-15 03:03 . 2005-10-12 01:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:59 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-07-14 04:49 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 04:49 . 2009-07-14 04:49 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-14 04:49 . 2009-07-14 04:49 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-14 04:49 . 2009-07-14 04:49 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-14 04:49 . 2009-07-14 04:49 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-14 04:49 . 2009-07-14 04:49 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-07-14 04:49 . 2009-07-14 04:49 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-14 01:34 . 2007-11-18 19:57 -------- d-----w- c:\program files\Zune
2009-07-13 22:43 . 2009-02-16 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:50 . 2009-07-13 21:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-07-13 21:47 . 2009-07-13 21:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-13 21:08 . 2005-10-12 02:18 -------- d-----w- c:\program files\Norton Internet Security
2009-07-13 20:50 . 2005-10-12 02:16 -------- d-----w- c:\program files\Symantec
2009-07-13 20:38 . 2009-07-13 16:20 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Symantec
2009-07-13 16:23 . 2009-07-13 16:20 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2009-07-13 16:22 . 2009-07-13 16:22 1961 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED842AA-ABA M7250N_YC_0Pavi_QMXK541_E54NAemMPC2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.08_T050912_WXP2_L409_M1023_J250_7Intel_8Pentium D_92.8_#051218_N808627DC_Z11C1048C_G10025B60.MRK
2009-07-13 16:22 . 2005-10-12 02:09 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 02:16 . 2007-05-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 02:07 . 2007-05-23 17:53 -------- d-----w- c:\program files\McAfee
2009-07-12 15:33 . 2007-09-19 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 22:18 . 2008-12-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 22:17 . 2005-12-26 14:02 115160 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 18:29 . 2009-04-05 19:49 -------- d-----w- c:\program files\Starcraft
2009-07-03 18:28 . 2008-02-24 19:20 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-03 18:27 . 2009-04-05 18:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 20:32 . 2009-03-29 16:41 -------- d-----w- c:\program files\Vuze
2009-06-28 18:48 . 2008-09-19 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-06-16 20:17 . 2009-03-29 16:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-16 14:36 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 21:14 . 2007-07-20 18:44 -------- d-----w- c:\program files\DivX
2009-06-09 21:13 . 2009-06-09 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 20:36 . 2009-05-21 02:11 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\LimeWire
2009-05-21 20:20 . 2009-05-08 00:42 -------- d-----w- c:\program files\NCH Software
2009-05-21 20:18 . 2009-05-21 02:10 -------- d-----w- c:\program files\LimeWire
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\autoconfig.dll
2009-05-21 02:11 . 2009-05-21 02:11 18944 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\appshell_modal.dll
2009-05-21 02:11 . 2009-05-21 02:11 17408 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
2009-05-21 02:11 . 2009-05-21 02:11 8192 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2009-05-21 02:11 . 2009-05-21 02:11 20480 ----a-w- c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 15:14 . 2009-02-11 01:27 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 49768]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-13 100056]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46]

2009-07-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 06:33]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 05:15]

2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]

2009-07-17 c:\windows\Tasks\wrSpySweeper_LDF53BDAFCFB443A89FAF85DAD1AC0362.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-12-31 17:19]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 14:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1856)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\program files\Java\jre1.5.0\bin\jusched.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-07-18 14:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 21:23

Pre-Run: 105,761,423,360 bytes free
Post-Run: 107,082,805,248 bytes free

395 --- E O F --- 2009-07-17 09:18

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Limewire
  

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\program files\LimeWire

File::
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

ComboFix 09-07-14.08 - HP_Administrator 07/18/2009 21:02.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.693 [GMT -7:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll"
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\components\auth.dll"
"c:\documents and settings\HP_Administrator\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.

2009-07-17 00:10 . 2009-07-17 00:10 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\DoctorWeb
2009-07-16 02:53 . 2009-07-16 02:53 1914000 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-07-16 02:52 . 2009-07-17 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-16 02:52 . 2009-07-16 17:51 -------- d-----w- c:\program files\NOS
2009-07-15 02:43 . 2009-07-15 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-07-15 02:35 . 2009-07-15 02:35 -------- d-----w- C:\SystemRoot
2009-07-15 02:18 . 2009-07-15 02:18 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\WinBatch
2009-07-14 16:57 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-14 04:46 . 2009-07-14 04:46 -------- d-----w- c:\windows\system32\scripting
2009-07-14 04:13 . 2009-07-14 04:14 -------- dc-h--w- c:\windows\ie8
2009-07-13 21:47 . 2008-03-21 20:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\dllcache\imapi2fs.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-07-13 21:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\dllcache\imapi2.dll
2009-07-13 21:46 . 2008-05-02 10:49 62976 ------w- c:\windows\system32\dllcache\cdrom.sys
2009-07-13 21:43 . 2009-07-14 01:35 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-13 21:43 . 2009-07-13 21:43 -------- d-----w- c:\windows\system32\LogFiles
2009-07-13 21:00 . 2008-04-14 00:12 20992 ------w- c:\windows\system32\spupdwxp.exe
2009-07-13 20:59 . 2008-04-14 00:11 86016 ------w- c:\windows\system32\mdmxsdk.dll
2009-07-13 20:50 . 2009-07-13 20:50 -------- d-----w- c:\program files\SymNetDrv
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-07-13 20:46 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-07-13 20:46 . 2008-08-14 10:04 138496 ------w- c:\windows\system32\dllcache\afd.sys
2009-07-13 20:45 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-07-13 20:45 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-07-13 20:45 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-07-13 20:45 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-07-13 20:45 . 2009-02-09 12:10 729088 ------w- c:\windows\system32\dllcache\lsasrv.dll
2009-07-13 20:45 . 2009-02-09 12:10 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-07-13 20:45 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-07-13 20:45 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-07-13 20:45 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-07-13 20:45 . 2009-02-06 11:06 2145280 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-07-13 20:45 . 2009-02-06 11:08 2189056 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-07-13 20:45 . 2009-02-06 10:32 2023936 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-07-13 20:43 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-07-13 20:43 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-07-13 20:42 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-07-13 20:42 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-07-13 20:42 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-07-13 20:41 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-07-13 20:40 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-07-13 20:39 . 2009-07-18 21:26 51056 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-13 19:13 . 2001-08-18 05:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2009-07-13 19:13 . 2008-04-14 00:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2009-07-13 19:13 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-07-13 19:13 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-07-13 19:12 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-07-13 18:42 . 2009-07-18 21:23 -------- d-sh--r- c:\windows\system32\dllcache
2009-07-13 16:35 . 2009-07-13 16:35 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Malwarebytes
2009-07-13 16:35 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 16:35 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 16:32 . 2009-07-13 16:32 -------- d-----w- c:\program files\Trend Micro
2009-07-13 16:31 . 2009-07-13 16:31 -------- d-sh--w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\UserData
2009-07-13 16:29 . 2009-07-13 16:29 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Webroot
2009-07-13 16:23 . 2009-07-13 16:23 7406 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_63cb6bfc.exe
2009-07-13 16:23 . 2009-07-13 16:23 1078 ----a-r- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Microsoft\Installer\{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}\_6e5d1ad4.exe
2009-07-13 16:17 . 2005-10-12 01:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
2009-07-05 07:13 . 2009-07-05 07:13 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-07-04 01:21 . 2009-07-04 01:21 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-03 16:56 . 2009-04-24 17:19 1563008 ----a-w- c:\windows\WRSetup.dll
2009-07-03 16:55 . 2009-07-03 16:55 164 ----a-w- c:\windows\install.dat
2009-06-25 03:35 . 2009-06-29 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\vlc
2009-06-25 03:31 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid_Inc
2009-06-25 03:31 . 2009-06-29 19:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Graboid
2009-06-25 03:30 . 2009-06-25 03:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\MozillaControl
2009-06-25 03:29 . 2009-07-03 18:30 -------- d-----w- c:\program files\VideoLAN
2009-06-25 03:28 . 2009-07-01 17:35 -------- d-----w- c:\program files\Graboid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 01:47 . 2005-10-12 02:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-18 21:31 . 2005-10-12 02:18 -------- d-----w- c:\program files\Norton Internet Security
2009-07-15 03:03 . 2005-10-12 01:51 -------- d-----w- c:\program files\Hewlett-Packard
2009-07-15 01:59 . 2005-01-25 00:30 139264 ----a-w- c:\windows\system32\hpzjrd01.dll
2009-07-14 04:49 . 2005-01-28 17:40 92191 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-07-14 04:49 . 2009-07-14 04:49 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe
2009-07-14 04:49 . 2009-07-14 04:49 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\uploadHSC.dll
2009-07-14 04:49 . 2009-07-14 04:49 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll
2009-07-14 04:49 . 2009-07-14 04:49 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll
2009-07-14 04:49 . 2009-07-14 04:49 32768 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\Scom.dll
2009-07-14 04:49 . 2009-07-14 04:49 287310 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection.dll
2009-07-14 04:49 . 2009-07-14 04:49 163840 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemcheck.dll
2009-07-14 01:34 . 2007-11-18 19:57 -------- d-----w- c:\program files\Zune
2009-07-13 22:43 . 2009-02-16 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 21:50 . 2009-07-13 21:50 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-07-13 21:47 . 2009-07-13 21:47 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-07-13 20:50 . 2005-10-12 02:16 -------- d-----w- c:\program files\Symantec
2009-07-13 20:38 . 2009-07-13 16:20 -------- d-----w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Application Data\Symantec
2009-07-13 16:23 . 2009-07-13 16:20 155 ----a-w- c:\documents and settings\HP_Administrator.YOUR-55E5F9E3D2\Local Settings\Application Data\fusioncache.dat
2009-07-13 16:22 . 2009-07-13 16:22 1961 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED842AA-ABA M7250N_YC_0Pavi_QMXK541_E54NAemMPC2_48_ILITHIUM_SASUSTek Computer INC._V1.04_B3.08_T050912_WXP2_L409_M1023_J250_7Intel_8Pentium D_92.8_#051218_N808627DC_Z11C1048C_G10025B60.MRK
2009-07-13 16:22 . 2005-10-12 02:09 -------- d-----w- c:\program files\Easy Internet signup
2009-07-13 02:16 . 2007-05-23 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-13 02:07 . 2007-05-23 17:53 -------- d-----w- c:\program files\McAfee
2009-07-12 15:33 . 2007-09-19 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-05 22:18 . 2008-12-31 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2009-07-05 22:17 . 2005-12-26 14:02 115160 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 18:29 . 2009-04-05 19:49 -------- d-----w- c:\program files\Starcraft
2009-07-03 18:28 . 2008-02-24 19:20 -------- d--h--w- c:\documents and settings\HP_Administrator\Application Data\ijjigame
2009-07-03 18:27 . 2009-04-05 18:47 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-07-01 20:32 . 2009-03-29 16:41 -------- d-----w- c:\program files\Vuze
2009-06-28 18:48 . 2008-09-19 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MediaMall
2009-06-16 20:17 . 2009-03-29 16:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Azureus
2009-06-16 14:36 . 2004-08-10 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-09 21:14 . 2007-07-20 18:44 -------- d-----w- c:\program files\DivX
2009-06-09 21:13 . 2009-06-09 21:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 19:09 . 2004-08-10 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-21 20:20 . 2009-05-08 00:42 -------- d-----w- c:\program files\NCH Software
2009-05-21 16:30 . 2009-05-21 16:30 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NCH Swift Sound
2009-05-13 05:15 . 2004-08-10 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2004-08-10 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-06-22 15:14 . 2009-02-11 01:27 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-18_21.15.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 21:23 . 2009-07-07 15:10 24539592 c:\windows\system32\MRT.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-10 61440]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-08 49512]
"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2005-03-30 22656]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-10-12 180269]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-07-13 100056]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-08-18 14820864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-10 61440]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Nike+ Utility.lnk - c:\program files\Nike+ Utility\Nike+ Utility.exe [2008-4-30 1228800]
Updates from HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2005-10-11 36903]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-13 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-05-24 23:46]

2009-07-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-03 06:33]

2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-05-23 15:53]

2009-07-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-03-24 21:47]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 21:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(760)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2192)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Norton Internet Security\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\dwwin.exe
c:\program files\Java\jre1.5.0\bin\jusched.exe
c:\program files\Java\jre1.5.0\bin\jucheck.exe
c:\windows\ehome\ehrecvr.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2009-07-19 21:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 04:31
ComboFix2.txt 2009-07-18 21:23

Pre-Run: 106,189,852,672 bytes free
Post-Run: 106,828,496,896 bytes free

283 --- E O F --- 2009-07-18 21:40

Can you do another Malwarebytes scan and post the log back here.

Malwarebytes' Anti-Malware 1.39
Database version: 2423
Windows 5.1.2600 Service Pack 3

7/19/2009 2:07:33 PM
mbam-log-2009-07-19 (14-07-33).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Objects scanned: 303190
Time elapsed: 2 hour(s), 19 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

the computer is running good now except fort he problem that my zune software is still encountering an unexpected error everytime i open it otherwise it is good

The malware might have corrupted the program, you might need to uninstall and then reinstall it, please do the following:

Please download Revo Uninstall from here: Revo Uinstaller

1. Download and run the setup file for Revo Uninstaller.
   
2. Once setup, run Revo Uninstaller.
   
3. Select the following item for removal by clicking on it once.
   
   Zune
   
   
4. Then hit the "Uninstall" button at the top.
   
5. Close Revo Uninstaller.
   

i used the revo uninstaller but my zune is still giving me the same error

I see but virus wise is everything running good?

yes everything virus wise is good thank you for the help

Glad to hear things are running better, while I am not keen on this particular problem you can open a new topic here and see if someone else who is good in that field can help:

http://www.geekpolice.net/software-f6/