Problems with Blogspot

This is being posted for a friend, any help would be appreciated.
From what I understand, her picture folders are being affected and she says that pics from "brentevans blogspot com" are appearing on her computer. She also thinks that it is affecting her ability to connect to the net.

Logfile of HijackThis v1.99.1
Scan saved at 6:06:47 PM, on 3/24/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Mo Mo\AppData\Local\Temp\Temp1_HijackThis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted IP range:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

ComboFix 08-03-25.2 - Mo Mo 2008-03-26 0:31:08.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1218 [GMT -4:00]
Running from: C:\Users\Mo Mo\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://static.flickr.com
hxxp://farm3.static.flickr.com
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.

2008-03-24 13:42 . 2008-03-24 13:42 <DIR> d-------- C:\Users\All Users\Office Genuine Advantage
2008-03-24 13:42 . 2008-03-24 13:42 <DIR> d-------- C:\ProgramData\Office Genuine Advantage
2008-03-23 09:36 . 2008-03-23 09:36 <DIR> d-------- C:\Users\Mo Mo\AppData\Roaming\Yahoo!
2008-03-21 21:38 . 2008-03-23 09:37 <DIR> d-------- C:\Users\Mo Mo\G2IP
2008-03-11 13:22 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 13:22 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-01 20:35 . 2008-03-01 20:35 <DIR> d-------- C:\Program Files\Cisco
2008-03-01 20:35 . 2008-03-01 20:34 744,740 --a------ C:\Windows\System32\oem7.inf
2008-03-01 20:34 . 2007-12-08 15:34 5,967,872 --a------ C:\Windows\System32\BCMWLCPL.CPL
2008-03-01 20:34 . 2007-12-08 15:33 3,895,296 --a------ C:\Windows\System32\bcmttls.dll
2008-03-01 20:34 . 2007-12-08 15:34 3,444,736 --a------ C:\Windows\System32\WLTRAY.EXE
2008-03-01 20:34 . 2007-12-08 15:34 2,506,752 --a------ C:\Windows\System32\BCMWLTRY.EXE
2008-03-01 20:34 . 2007-12-08 15:34 278,528 --a------ C:\Windows\System32\bcmwlu00.exe
2008-03-01 20:34 . 2007-12-06 22:52 87,328 --a------ C:\Windows\System32\bcmwlcoi.dll
2008-03-01 20:34 . 2007-12-08 15:34 65,536 --a------ C:\Windows\System32\wltrynt.dll
2008-03-01 20:34 . 2007-12-08 15:34 54,784 --a------ C:\Windows\System32\bcmwlrmt.dll
2008-03-01 20:34 . 2007-12-08 15:34 24,064 --a------ C:\Windows\System32\WLTRYSVC.EXE
2008-03-01 20:34 . 2007-12-08 15:34 1,591 --a------ C:\Windows\System32\Uninst_EAPModules.bat
2008-03-01 20:33 . 2007-12-06 22:52 3,579,904 --a------ C:\Windows\System32\bcmihvsrv.dll
2008-03-01 20:33 . 2007-12-06 22:52 3,244,032 --a------ C:\Windows\System32\bcmihvui.dll
2008-03-01 20:33 . 2007-12-06 22:52 1,044,984 --a------ C:\Windows\System32\drivers\BCMWL6.SYS
2008-03-01 20:33 . 2008-03-01 20:33 22,729 --a------ C:\newkey
2008-03-01 20:33 . 2008-03-01 20:33 22,729 --a------ C:\newfile.enc
2008-03-01 20:19 . 2008-03-01 20:19 <DIR> d-------- C:\Users\All Users\Citrix
2008-03-01 20:19 . 2008-03-01 20:19 <DIR> d-------- C:\ProgramData\Citrix
2008-03-01 20:18 . 2008-03-01 20:18 <DIR> d-------- C:\Program Files\Citrix
2008-03-01 20:18 . 2008-03-01 20:18 60,968 --a------ C:\Users\Mo Mo\GoToAssistDownloadHelper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 04:09 41,584 ----a-w C:\Windows\System32\rpcnet.dll
2008-03-26 04:09 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-03-25 16:09 --------- d-----w C:\Program Files\McAfee
2008-03-24 13:31 87,323 ----a-w C:\Users\Mo Mo\AppData\Roaming\nvModes.dat
2008-03-24 12:40 17,408 ----a-w C:\Windows\System32\rpcnetp.dll
2008-03-20 20:12 27,525 ----a-w C:\Users\Charlie\AppData\Roaming\nvModes.dat
2008-03-12 21:00 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 19:14 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-09 19:16 --------- d-----w C:\Users\Mo Mo\AppData\Roaming\Roxio
2008-03-09 18:13 --------- d-----w C:\Users\Mo Mo\AppData\Roaming\Image Zone Express
2008-02-26 22:00 --------- d-----w C:\ProgramData\Dell
2008-02-22 18:57 --------- d-----w C:\Users\Mo Mo\AppData\Roaming\Printer Info Cache
2008-02-22 18:41 --------- d-----w C:\Users\Mo Mo\AppData\Roaming\HP
2008-02-20 23:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-19 20:49 --------- d-----w C:\Users\Charlie\AppData\Roaming\CyberLink
2008-02-18 02:50 --------- d-----w C:\ProgramData\Apple Computer
2008-02-18 02:50 --------- d-----w C:\Program Files\QuickTime
2008-02-13 20:54 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 20:50 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 20:50 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:50 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:50 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 20:50 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 20:50 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 20:50 110,136 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 20:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 20:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 20:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 20:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 20:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 20:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 20:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 20:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 20:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 20:45 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 20:45 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 20:45 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 20:45 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-10 23:13 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-01-06 17:23 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-11-08 03:04 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:33 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-11-01 06:43 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 20:35 857648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-06-25 05:13 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-06-25 05:13 8433664]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-06-25 05:13 81920]
"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2007-06-25 05:13 67584]
"VolPanel"="C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 10:14 180224]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 02:00 90112]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-09-21 02:07 184320]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-31 23:25 1862144]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 11:23 405504]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-09-28 14:30 1002496]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2007-12-08 15:34 3444736]

C:\Users\Mo Mo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\Users\Charlie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-10-31 23:04:54 50688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe [2007-07-20 19:13:26 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6ED49C8-F27A-483C-BFA8-18E79D65EC9A}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{24DF91D0-8BFA-42A8-A14F-BF54BFA033A0}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A14BB5C0-25AB-49FF-9179-906365311E08}"= C:\Program Files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{8BA71529-D4D4-4CE1-8EA2-7172CA60D56C}"= C:\Program Files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{79DE6D72-B620-4EEF-8F09-AED5645DA4D7}"= C:\Program Files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0C9BCC58-1118-4F8F-80EB-085F3D2E3A8F}"= C:\Program Files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{932D81B3-2D41-4869-9F0C-0A24338BC896}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{BA45829B-BA79-4070-8FC0-69A7D51F9B27}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BF7E4B83-BEF4-4391-9716-CF7212CFF433}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2A588FBF-24FF-4053-9391-354C5E6E8373}"= Disabled:UDP:C:\Users\Mo Mo\AppData\Local\Temp\7zS5CCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{E520B2EB-1D0F-46E7-AD24-FB8400E5568F}"= Disabled:TCP:C:\Users\Mo Mo\AppData\Local\Temp\7zS5CCD.tmp\setup\HPZnui01.exe:hpznui01.exe
"{546E47B5-33B5-4B1E-9DDE-D95F0B7FA6CB}"= Disabled:UDP:C:\Users\Charlie\AppData\Local\Temp\7zSE3BA.tmp\setup\HPZnui01.exe:hpznui01.exe
"{94D10F3A-D9C3-45A8-A108-C5AC09549440}"= Disabled:TCP:C:\Users\Charlie\AppData\Local\Temp\7zSE3BA.tmp\setup\HPZnui01.exe:hpznui01.exe
"{7AC258B2-0B61-4261-9238-131F65A268FC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{038781F7-BFBE-4728-8D67-5DE42AEFC384}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5ECF197A-2E74-4E1A-B12B-C94073C270EC}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{3BC0136C-47DF-4E16-BEF7-BA0EC300AB2B}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E09D47DF-456D-497B-8DE0-E09C49EB19C8}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{E6FBDAEC-4A8C-484A-811D-7DE7E41287DB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{A3EA8D73-5F7F-4C17-A46E-505B4BF3E634}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{A76991E5-5C37-4E0D-9F37-99F1498F5B4B}C:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{0F52BB85-FC88-4B7E-B01A-D79FF72B015E}C:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:C:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{91C21649-7939-4951-963F-9C4D77542B3F}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{1CA2D0BB-ECD5-4C44-A285-3109CCF28AC5}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax
"{59F651EF-0917-4148-BD43-B71704C0A398}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{EBD4D246-5426-46FB-AB2D-F94A6F93A009}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager
"{8FB04B77-47BC-4822-B8E5-B95BB4EC2044}"= Disabled:UDP:C:\Users\Mo Mo\AppData\Local\Temp\7zSDDE0.tmp\setup\HPZnui01.exe:hpznui01.exe
"{EB02F677-597D-495B-8B10-2496996F1546}"= Disabled:TCP:C:\Users\Mo Mo\AppData\Local\Temp\7zSDDE0.tmp\setup\HPZnui01.exe:hpznui01.exe
"TCP Query User{3255A807-78BB-436F-8133-B61ABB96F71B}C:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{87F1CA6D-D72C-42E1-8509-011E10B09AE7}C:\\program files\\java\\jre1.6.0\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0\bin\javaw.exe:Java(TM) Platform SE binary

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 14:25]
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-06 22:52]
S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service []
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 03:31:23 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-11-01 03:31:23 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-03-26 00:35:20
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-26 0:36:02
ComboFix-quarantined-files.txt 2008-03-26 04:35:59
.
2008-03-19 19:10:07 --- E O F ---

Hi my name is Porthos,and welcome to Dev Shed. I am going to try to help you with your problem. Please take a note of a few things.

First do NOT run any tools like combofix with out knowing what they do. You can damage that system and make it unbootable.

Next, Since this is Vista it makes it a little more difficult to clean so read all instructions carefully.

* All advice given is taken at your own risk.
* I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
* The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
* If you don't know, stop and ask! Don't keep going on.

If you HAVE NOT posted for help on any other forum please follow the instructions below.

Delete the HijackThis you have now and use this one.
Download HijackThis
Here


Click "Scan", after click "Save Log".
Save the log, and copy/paste it into your response to this thread.





Due to fourm restrictions you will have to edit out the URL's before posting logs.



On the 6th post you will not have to edit your logs.