Hello, I'm new and infected! I have included my HJT log for review.
Logfile of HijackThis v1.99.1
Scan saved at 20:32, on 2008-01-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196545411&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
O2 - BHO: (no name) - {350CCD01-ECED-4DEB-95A2-D1114E0176ED} - C:\WINDOWS\system32\pmnnl.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {0a92ec5d-175f-65c8-90f4-b4ff7b37111f} - {f11173b7-ff4b-4f09-8c56-f571d5ce29a0} - C:\WINDOWS\system32\caeiasuj.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180041856625
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Thankyou for any assistance you may be able to provide. Appears I can't get rid of this...FatBoy03

Hi FatBoy03 and welcome to Safer Networking Forums

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

Thank you for your assistance Shaba. This has been driving me crazy. It seems that everytime that I try to log onto the internet, I have windows installer start, and tries to install Microsoft Office????? Have to cancel until it stops.
Anyway, here is the new ComboFix log.
ComboFix 08-01-18.5 - HP_Administrator 2008-01-20 18:02:12.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-12-20 to 2008-01-20 )))))))))))))))))))))))))))))))
.

2008-01-20 15:35 . 2008-01-20 15:35 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-18 19:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 18:26 . 2008-01-19 08:22 <DIR> d-------- C:\VundoFix Backups
2008-01-18 18:17 . 2008-01-18 18:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
2008-01-18 18:13 . 2008-01-18 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-12 20:47 . 2008-01-18 20:04 <DIR> d-------- C:\Program Files\SpywareDetector
2008-01-10 19:20 . 2006-12-12 18:04 1,032,192 --a------ C:\WINDOWS\system32\VchReg.dll
2008-01-09 07:04 . 2008-01-09 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bell
2008-01-07 17:57 . 2008-01-10 06:59 121 --a------ C:\WINDOWS\bdagent .INI
2008-01-07 17:46 . 2008-01-20 18:08 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-06 21:06 . 2008-01-06 21:06 <DIR> d-------- C:\Program Files\BitDefender
2008-01-06 20:59 . 2008-01-18 18:13 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-06 20:04 . 2008-01-18 17:37 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-01-06 20:03 . 2007-12-24 13:16 61,440 --a------ C:\WINDOWS\system32\CloseAll.exe
2008-01-06 17:13 . 2008-01-06 19:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-06 10:43 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-06 10:42 . 2008-01-06 10:42 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-06 10:42 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-06 10:41 . 2008-01-06 10:41 <DIR> d-------- C:\Program Files\Raxco
2008-01-06 10:41 . 2008-01-06 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-06 10:40 . 2008-01-06 10:40 <DIR> d-------- C:\Program Files\CA
2008-01-06 10:39 . 2008-01-06 10:40 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-06 10:30 . 2008-01-06 10:30 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-05 18:14 . 2008-01-05 18:24 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-05 18:13 . 2008-01-06 21:54 <DIR> d-------- C:\Program Files\BellCanada
2008-01-04 18:35 . 2008-01-04 18:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-04 17:17 . 2008-01-04 17:17 <DIR> d-------- C:\EPSONREG
2008-01-04 17:12 . 2008-01-04 17:12 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-04 17:12 . 2008-01-04 17:12 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
2008-01-04 17:12 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-04 17:12 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-04 17:11 . 2008-01-04 17:11 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-01-04 17:11 . 2008-01-04 17:13 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-04 17:11 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-01-04 17:10 . 2008-01-04 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-04 17:10 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-04 17:10 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-04 17:08 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-04 17:08 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-04 17:08 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-04 17:07 . 2008-01-04 17:17 44 --a------ C:\WINDOWS\EPCX4400.ini
2008-01-03 14:07 . 2008-01-03 15:56 <DIR> d-------- C:\Program Files\Common Files\Authentium(2)
2008-01-02 16:35 . 2008-01-02 16:35 0 --a------ C:\WINDOWS\system32\ope19.tmp
2008-01-02 16:34 . 2008-01-02 16:34 0 --a------ C:\WINDOWS\system32\ope12.tmp
2008-01-02 16:34 . 2008-01-02 16:34 0 --a------ C:\WINDOWS\ope17.tmp
2008-01-02 16:18 . 2008-01-09 19:18 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-02 16:14 . 2008-01-02 16:14 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-02 14:50 . 2008-01-02 14:50 0 --a------ C:\WINDOWS\system32\ope1462.tmp
2008-01-02 14:48 . 2008-01-02 14:48 0 --a------ C:\WINDOWS\system32\ope145A.tmp
2008-01-02 14:48 . 2008-01-02 14:48 0 --a------ C:\WINDOWS\ope145F.tmp
2008-01-02 11:53 . 2008-01-02 11:53 <DIR> d-------- C:\WINDOWS\system32\ineWc16
2008-01-02 11:53 . 2008-01-18 20:01 <DIR> d-------- C:\Temp
2008-01-02 11:53 . 2008-01-02 11:53 111,768 --a------ C:\WINDOWS\system32\ope1342.exe
2008-01-02 11:53 . 2008-01-02 11:53 0 --a------ C:\WINDOWS\system32\ope1342.tmp
2008-01-02 11:52 . 2008-01-02 11:52 352,410 --a------ C:\WINDOWS\system32\ope133A.exe
2008-01-02 11:52 . 2008-01-02 11:52 0 --a------ C:\WINDOWS\system32\ope133A.tmp
2008-01-02 11:52 . 2008-01-02 11:52 0 --a------ C:\WINDOWS\ope133F.tmp
2007-12-21 13:26 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2007-12-21 13:25 . 2007-12-21 13:25 <DIR> d-------- C:\Program Files\Research In Motion
2007-12-21 13:25 . 2007-12-21 13:25 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2007-12-21 13:19 . 2007-12-21 13:19 <DIR> d--hs---- C:\WINDOWS\ftpcache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 01:04 --------- d-----w C:\Program Files\MSN Messenger
2008-01-17 20:27 --------- d-----w C:\Documents and Settings\MaMa\Application Data\OpenOffice.org2
2008-01-10 20:38 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-01-09 02:01 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-08 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-08 02:20 --------- d-----w C:\Program Files\Bell
2008-01-07 02:58 --------- d-----w C:\Program Files\DISC
2008-01-07 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 15:29 --------- d-----w C:\Program Files\MSECACHE
2008-01-06 00:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 00:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Bell
2008-01-05 23:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Motive
2008-01-05 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-01-05 23:14 --------- d-----w C:\Program Files\NetAssistant
2008-01-05 21:33 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
2008-01-04 22:16 --------- d-----w C:\Program Files\EPSON
2008-01-03 18:54 --------- d-----w C:\Documents and Settings\MaMa\Application Data\Bell
2008-01-02 16:59 --------- d-----w C:\Program Files\REGSHAVE
2008-01-02 01:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-31 20:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 23:38 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-21 14:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 21:56 --------- d-----w C:\Program Files\Ashampoo
2007-12-16 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2007-12-13 00:06 --------- d-----w C:\Program Files\mobile PhoneTools
2007-12-12 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-11 01:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-02 23:18 --------- d-----w C:\Program Files\Team6 game studios
2007-11-27 21:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-22 21:39 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-11-21 22:26 --------- d-----w C:\Program Files\All Access Music
2007-11-20 16:09 104,320 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 08:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 08:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-14 23:39 4 ----a-w C:\Documents and Settings\All Users\Application Data\amsrv.dat
2007-07-27 15:10 59,824 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_26_17_11_10_small.dmp.zip
2007-06-04 19:50 125,383 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_03_18_26_22_small.dmp.zip
2007-05-23 23:33 141,558 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_23_19_26_40_small.dmp.zip
2007-05-02 01:39 117,673 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_01_20_58_39_small.dmp.zip
2007-04-20 14:56 120,749 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_18_19_38_02_small.dmp.zip
2007-04-18 00:43 447 -c--a-w C:\Program Files\INSTALL.LOG
2007-04-13 15:55 42,697 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_07_08_36_small.dmp.zip
2007-04-13 15:55 21,901,029 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_07_08_47_full.dmp.zip
2007-04-13 15:55 142,355 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_01_06_26_small.dmp.zip
2007-04-13 00:00 53,147 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_12_15_45_34_small.dmp.zip
2007-04-13 00:00 51,058 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_12_15_45_29_small.dmp.zip
2006-11-07 22:25 3,884,032 -csha-w C:\Program Files\ehthumbs.db
2006-11-05 20:08 92,064 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmmdm.sys
2006-11-05 20:08 9,232 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmmdfl.sys
2006-11-05 20:08 79,328 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmserd.sys
2006-11-05 20:08 66,656 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmbus.sys
2006-11-05 20:08 6,208 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmcmnt.sys
2006-11-05 20:08 5,936 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmwhnt.sys
2006-11-05 20:08 4,048 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmcr.sys
2006-11-05 20:08 25,600 -c--a-w C:\Documents and Settings\HP_Administrator\usbsermptxp.sys
2006-11-05 20:08 22,768 ----a-w C:\Documents and Settings\HP_Administrator\usbsermpt.sys
2006-10-31 02:00 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2006-10-18 00:25 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

<pre>
----a-w 310,000 2008-01-06 21:20:17 C:\Program Files\Bell\Security Manager\Rps .exe
----a-w 13,552 2008-01-06 21:20:20 C:\Program Files\Bell\Security Manager\ZkRunOnceR .exe
----a-w 1,468,928 2008-01-06 21:19:45 C:\Program Files\BellCanada\McciTrayApp .exe
----a-w 563,984 2008-01-07 23:02:58 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
----a-w 1,060,864 2008-01-06 21:20:04 C:\Program Files\DISC\DISCover .exe
----a-w 61,440 2008-01-06 21:20:01 C:\Program Files\DISC\DiscUpdateMgr .exe
----a-w 5,674,352 2008-01-19 00:13:29 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 20,058,152 2008-01-06 21:21:32 C:\Program Files\Skype\Phone\Skype .exe
----a-w 419,280 2008-01-19 00:13:09 C:\Program Files\SpywareDetector\LiveUpdateSD .exe
----a-w 64,512 2008-01-06 18:10:29 C:\WINDOWS\ehome\ehtray .exe
----a-w 158,208 2008-01-05 21:33:07 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-10 00:18:22 C:\WINDOWS\system32\ctfmon .exe
----a-w 180,736 2008-01-06 21:20:27 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAA .EXE
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{350CCD01-ECED-4DEB-95A2-D1114E0176ED}]
C:\WINDOWS\system32\pmnnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f11173b7-ff4b-4f09-8c56-f571d5ce29a0}]
C:\WINDOWS\system32\caeiasuj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\E_S20IC1.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 00:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-01-18 18:53 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-01-18 18:53 319488]

C:\Documents and Settings\MaMa\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-04-18 23:58:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
RegCompact.dll 2006-04-10 18:42 138552 C:\WINDOWS\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\pmnnl.exe

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-12 16:28]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2007-08-08 13:12]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-10 00:00]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 16:51]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 16:51]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - 98068DFB
*Newly Created Service* - E52E54E6
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 06:04:02 C:\WINDOWS\Tasks\HP_Administrator backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-01-06 00:33:11 C:\WINDOWS\Tasks\HP_Administrator scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-20 18:10:33
ComboFix-quarantined-files.txt 2008-01-20 23:09:39
ComboFix2.txt 2008-01-19 01:11:29
.
2008-01-20 20:50:26 --- E O F ---
Cannot fit all of Hijackthis so will post next.

Could not fit the combofix and hijackthis in the same post so I am putting the new hijackthis separate. I hope there are some corrections here and easy for you to sort out....I'm completely lost!
Logfile of HijackThis v1.99.1
Scan saved at 18:20, on 2008-01-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196545411&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
O2 - BHO: (no name) - {350CCD01-ECED-4DEB-95A2-D1114E0176ED} - C:\WINDOWS\system32\pmnnl.dll (file missing)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {0a92ec5d-175f-65c8-90f4-b4ff7b37111f} - {f11173b7-ff4b-4f09-8c56-f571d5ce29a0} - C:\WINDOWS\system32\caeiasuj.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180041856625
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi

Does BitDefender and Authenticum both have antivirus?

If so, you should uninstall one of them.

You have vundo file infector might means that you may need to re-install some programs after you're clean.

Open notepad and copy/paste the text in the quotebox below into it:


RenV::
----a-w 310,000 2008-01-06 21:20:17 C:\Program Files\Bell\Security Manager\Rps .exe
----a-w 13,552 2008-01-06 21:20:20 C:\Program Files\Bell\Security Manager\ZkRunOnceR .exe
----a-w 1,468,928 2008-01-06 21:19:45 C:\Program Files\BellCanada\McciTrayApp .exe
----a-w 563,984 2008-01-07 23:02:58 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper .exe
----a-w 1,060,864 2008-01-06 21:20:04 C:\Program Files\DISC\DISCover .exe
----a-w 61,440 2008-01-06 21:20:01 C:\Program Files\DISC\DiscUpdateMgr .exe
----a-w 5,674,352 2008-01-19 00:13:29 C:\Program Files\MSN Messenger\msnmsgr .exe
----a-w 20,058,152 2008-01-06 21:21:32 C:\Program Files\Skype\Phone\Skype .exe
----a-w 419,280 2008-01-19 00:13:09 C:\Program Files\SpywareDetector\LiveUpdateSD .exe
----a-w 64,512 2008-01-06 18:10:29 C:\WINDOWS\ehome\ehtray .exe
----a-w 158,208 2008-01-05 21:33:07 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-10 00:18:22 C:\WINDOWS\system32\ctfmon .exe
----a-w 180,736 2008-01-06 21:20:27 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAA .EXE

File::
C:\WINDOWS\system32\ope19.tmp
C:\WINDOWS\system32\ope12.tmp
C:\WINDOWS\ope17.tmp
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\ope1462.tmp
C:\WINDOWS\system32\ope145A.tmp
C:\WINDOWS\ope145F.tmp
C:\WINDOWS\system32\ope1342.exe
C:\WINDOWS\system32\ope1342.tmp
C:\WINDOWS\system32\ope133A.exe
C:\WINDOWS\system32\ope133A.tmp
C:\WINDOWS\ope133F.tmp

Folder::
C:\WINDOWS\system32\ineWc16

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{350CCD01-ECED-4DEB-95A2-D1114E0176ED}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f11173b7-ff4b-4f09-8c56-f571d5ce29a0}]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

I completed the steps you recommended. Here is the new ComboFix, following is the new HijackThis as they will not fit in one post.
Thank you,
FatBoy03

ComboFix 08-01-18.5 - HP_Administrator 2008-01-21 20:10:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.530 [GMT -5:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\ope133F.tmp
C:\WINDOWS\ope145F.tmp
C:\WINDOWS\ope17.tmp
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\ope12.tmp
C:\WINDOWS\system32\ope133A.exe
C:\WINDOWS\system32\ope133A.tmp
C:\WINDOWS\system32\ope1342.exe
C:\WINDOWS\system32\ope1342.tmp
C:\WINDOWS\system32\ope145A.tmp
C:\WINDOWS\system32\ope1462.tmp
C:\WINDOWS\system32\ope19.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\ope133F.tmp
C:\WINDOWS\ope145F.tmp
C:\WINDOWS\ope17.tmp
C:\WINDOWS\system32\d3d8caps.dat
C:\WINDOWS\system32\ineWc16
C:\WINDOWS\system32\ineWc16\ineWc162291.exe
C:\WINDOWS\system32\ope12.tmp
C:\WINDOWS\system32\ope133A.exe
C:\WINDOWS\system32\ope133A.tmp
C:\WINDOWS\system32\ope1342.exe
C:\WINDOWS\system32\ope1342.tmp
C:\WINDOWS\system32\ope145A.tmp
C:\WINDOWS\system32\ope1462.tmp
C:\WINDOWS\system32\ope19.tmp

.
((((((((((((((((((((((((( Files Created from 2007-12-22 to 2008-01-22 )))))))))))))))))))))))))))))))
.

2008-01-18 19:27 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-18 18:26 . 2008-01-19 08:22 <DIR> d-------- C:\VundoFix Backups
2008-01-18 18:17 . 2008-01-18 18:17 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Bitdefender
2008-01-18 18:13 . 2008-01-18 18:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-01-12 20:47 . 2008-01-21 20:10 <DIR> d-------- C:\Program Files\SpywareDetector
2008-01-10 19:20 . 2006-12-12 18:04 1,032,192 --a------ C:\WINDOWS\system32\VchReg.dll
2008-01-09 07:04 . 2008-01-09 07:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Bell
2008-01-07 17:57 . 2008-01-10 06:59 121 --a------ C:\WINDOWS\bdagent .INI
2008-01-07 17:46 . 2008-01-21 20:18 121 --a------ C:\WINDOWS\bdagent.INI
2008-01-06 21:06 . 2008-01-06 21:06 <DIR> d-------- C:\Program Files\BitDefender
2008-01-06 20:59 . 2008-01-18 18:13 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-01-06 20:04 . 2008-01-18 17:37 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-01-06 20:03 . 2007-12-24 13:16 61,440 --a------ C:\WINDOWS\system32\CloseAll.exe
2008-01-06 17:13 . 2008-01-06 19:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-06 10:43 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-06 10:42 . 2008-01-06 10:42 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-06 10:42 . 2007-04-19 11:36 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-06 10:41 . 2008-01-06 10:41 <DIR> d-------- C:\Program Files\Raxco
2008-01-06 10:41 . 2008-01-06 10:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2008-01-06 10:40 . 2008-01-06 10:40 <DIR> d-------- C:\Program Files\CA
2008-01-06 10:39 . 2008-01-06 10:40 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-06 10:30 . 2008-01-06 10:30 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-01-05 18:14 . 2008-01-05 18:24 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-01-05 18:13 . 2008-01-21 20:10 <DIR> d-------- C:\Program Files\BellCanada
2008-01-04 20:31 . 2008-01-05 16:33 158,208 --a------ C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-04 18:35 . 2008-01-04 18:35 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-01-04 17:17 . 2008-01-04 17:17 <DIR> d-------- C:\EPSONREG
2008-01-04 17:12 . 2008-01-04 17:12 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-01-04 17:12 . 2008-01-04 17:12 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\ArcSoft
2008-01-04 17:12 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-04 17:12 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2008-01-04 17:11 . 2008-01-04 17:11 <DIR> d-------- C:\WINDOWS\system32\PhotoImpression Slideshow
2008-01-04 17:11 . 2008-01-04 17:13 <DIR> d-------- C:\Program Files\ArcSoft
2008-01-04 17:11 . 2006-10-20 16:11 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr
2008-01-04 17:10 . 2008-01-04 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-01-04 17:10 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-04 17:10 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-04 17:08 . 2006-12-28 00:00 208,896 --a------ C:\WINDOWS\system32\esint7e.dll
2008-01-04 17:08 . 2006-12-28 00:00 66,560 --a------ C:\WINDOWS\system32\eswia7e.dll
2008-01-04 17:08 . 2006-03-10 00:00 3,584 --a------ C:\WINDOWS\system32\eswiaml.dll
2008-01-04 17:07 . 2008-01-04 17:17 44 --a------ C:\WINDOWS\EPCX4400.ini
2008-01-03 14:07 . 2008-01-03 15:56 <DIR> d-------- C:\Program Files\Common Files\Authentium(2)
2008-01-03 13:24 . 2008-01-06 13:10 64,512 --a------ C:\WINDOWS\system32\dllcache\ehtray.exe
2008-01-02 16:18 . 2008-01-09 19:18 15,360 --a------ C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-02 16:18 . 2008-01-09 19:18 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-02 11:53 . 2008-01-18 20:01 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-22 01:10 --------- d-----w C:\Program Files\MSN Messenger
2008-01-22 01:10 --------- d-----w C:\Program Files\DISC
2008-01-21 00:09 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\OpenOffice.org2
2008-01-17 20:27 --------- d-----w C:\Documents and Settings\MaMa\Application Data\OpenOffice.org2
2008-01-09 02:01 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-01-08 22:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-08 02:20 --------- d-----w C:\Program Files\Bell
2008-01-07 02:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-06 15:29 --------- d-----w C:\Program Files\MSECACHE
2008-01-06 00:38 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 00:12 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Bell
2008-01-05 23:21 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Motive
2008-01-05 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-01-05 23:14 --------- d-----w C:\Program Files\NetAssistant
2008-01-05 21:33 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-01-04 22:16 --------- d-----w C:\Program Files\EPSON
2008-01-03 18:54 --------- d-----w C:\Documents and Settings\MaMa\Application Data\Bell
2008-01-02 16:59 --------- d-----w C:\Program Files\REGSHAVE
2008-01-02 01:07 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2007-12-31 20:51 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 23:38 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2007-12-21 18:25 --------- d-----w C:\Program Files\Research In Motion
2007-12-21 18:25 --------- d-----w C:\Program Files\Common Files\Research In Motion
2007-12-21 14:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-16 21:56 --------- d-----w C:\Program Files\Ashampoo
2007-12-16 21:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
2007-12-13 00:06 --------- d-----w C:\Program Files\mobile PhoneTools
2007-12-12 23:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-11 01:48 --------- d-----w C:\Program Files\Common Files\Logitech
2007-12-02 23:18 --------- d-----w C:\Program Files\Team6 game studios
2007-11-27 21:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2007-11-22 21:39 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Skype
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-24 06:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 06:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 06:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 06:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 08:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 08:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-14 23:39 4 ----a-w C:\Documents and Settings\All Users\Application Data\amsrv.dat
2007-07-27 15:10 59,824 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_07_26_17_11_10_small.dmp.zip
2007-06-04 19:50 125,383 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_03_18_26_22_small.dmp.zip
2007-05-23 23:33 141,558 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_23_19_26_40_small.dmp.zip
2007-05-02 01:39 117,673 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_05_01_20_58_39_small.dmp.zip
2007-04-20 14:56 120,749 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_18_19_38_02_small.dmp.zip
2007-04-18 00:43 447 -c--a-w C:\Program Files\INSTALL.LOG
2007-04-13 15:55 42,697 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_07_08_36_small.dmp.zip
2007-04-13 15:55 21,901,029 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_07_08_47_full.dmp.zip
2007-04-13 15:55 142,355 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_13_01_06_26_small.dmp.zip
2007-04-13 00:00 53,147 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_12_15_45_34_small.dmp.zip
2007-04-13 00:00 51,058 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_04_12_15_45_29_small.dmp.zip
2006-11-07 22:25 3,884,032 -csha-w C:\Program Files\ehthumbs.db
2006-11-05 20:08 92,064 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmmdm.sys
2006-11-05 20:08 9,232 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmmdfl.sys
2006-11-05 20:08 79,328 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmserd.sys
2006-11-05 20:08 66,656 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmbus.sys
2006-11-05 20:08 6,208 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmcmnt.sys
2006-11-05 20:08 5,936 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmwhnt.sys
2006-11-05 20:08 4,048 -c--a-w C:\Documents and Settings\HP_Administrator\mqdmcr.sys
2006-11-05 20:08 25,600 -c--a-w C:\Documents and Settings\HP_Administrator\usbsermptxp.sys
2006-11-05 20:08 22,768 ----a-w C:\Documents and Settings\HP_Administrator\usbsermpt.sys
2006-10-31 02:00 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
2006-10-18 00:25 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-18_20.09.50.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-08-06 03:56:34 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe
+ 2008-01-06 18:10:29 64,512 ----a-w C:\WINDOWS\ehome\ehtray.exe
- 2008-01-19 00:36:36 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-22 01:10:21 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-19 00:36:37 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-22 01:10:21 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-19 00:36:38 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-22 01:10:22 1,421,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-19 00:36:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-22 01:10:22 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-19 00:36:39 5,959,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-22 01:10:22 5,959,680 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-19 00:36:40 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-22 01:10:22 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-06 21:20:27 180,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICAA.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{350CCD01-ECED-4DEB-95A2-D1114E0176ED}]
C:\WINDOWS\system32\pmnnl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f11173b7-ff4b-4f09-8c56-f571d5ce29a0}]
C:\WINDOWS\system32\caeiasuj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 17:00 1818624 C:\WINDOWS\mixer.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 00:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-01-18 18:53 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-01-18 18:53 319488]

C:\Documents and Settings\MaMa\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-04-18 23:58:47]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RegCompact]
RegCompact.dll 2006-04-10 18:42 138552 C:\WINDOWS\system32\RegCompact.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\pmnnl.exe

R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2007-11-12 16:28]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-11-12 16:27]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2007-08-02 16:03]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-21 17:02]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2004-08-10 00:00]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 16:51]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 16:51]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 PavTPK.sys;PavTPK.sys;C:\WINDOWS\system32\PavTPK.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 06:04:02 C:\WINDOWS\Tasks\HP_Administrator backup.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
"2008-01-06 00:33:11 C:\WINDOWS\Tasks\HP_Administrator scan and fix.job"
- C:\Program Files\AMUST\Registry Cleaner\RegCleaner.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-01-21 20:20:16
ComboFix-quarantined-files.txt 2008-01-22 01:19:24
ComboFix2.txt 2008-01-20 23:10:33
ComboFix3.txt 2008-01-19 01:11:29
.
2008-01-20 20:50:26 --- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 20:22, on 2008-01-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1196545411&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Security Manager\pkR.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180041856625
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Sympatico Security Manager Update Service (RPSUpdaterR) - Bell Sympatico - C:\Program Files\Bell\Security Manager\rpsupdaterR.exe
O23 - Service: Sympatico Security Manager Firewall (RP_FWS) - Bell Sympatico - C:\Program Files\Bell\Security Manager\Fws.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Something worth noting, I'm not aware of an antivirus program by the name Authenticum? I use BitDefender as my antivirus program.
Thanks again,
FatBoy03

Hi

Well you have another AV:

O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe

Please check if you can find either Authentium AntiVirus or
Command Antivirus from your add/remove programs.

If so, please uninstall it.

I have checked my add remove in control panel and cannot find a program that has this anti virus. It appears to only show up in common files. ??? Is there something that I should do to remove this another way?

Hi

Yes, there is.

Please download and install CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim).
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.