Malware Infected Machine.. Hijack Log, Thanks For Your Help[RESOLVED]

[arojas4570]

Hi there.. I humbly request your help in fixing my machine that was infected horribly. I installed a stupid program called PowerISO and another called "super internet tv". Ever since my IE is running incredibly slow. When I try to google, I get sent to a site called antispywaremaster.com. A rogue application called utorrent.upx was executing some garbage upon boot up. It looks like I was able to remove the utorrent.upx but the worst problem I am having is that my Windows Updates are disabled and greyed out! Please help and thank you in advanced. I've run adaware and Symantec Antivirus but no resolution as of yet. Here is the Hijack log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:58:48 AM, on 5/21/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

c:\program files\common files\aol\1156821003\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\WINDOWS\explorer.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {65193335-DC04-4110-94E7-228FAE5D5470} - C:\WINDOWS\system32\fccaxxuu.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: (no name) - {E23136A1-1AC4-4D1B-926F-5D537CFFF359} - C:\WINDOWS\system32\awtrSjhf.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\RunOnce: [spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKLM\..\RunOnce: [spybotDeletingA6058] command /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC8342] cmd /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingA2093] command /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - HKLM\..\RunOnce: [spybotDeletingC8511] cmd /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [spybotDeletingB54] command /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - HKCU\..\RunOnce: [spybotDeletingD1684] cmd /c del "C:\WINDOWS\system32\fccaxxuu.dll_old"

O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: &Search - ?p=ZUzeb004NYUS_ZUxdm080NUUS

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.win2k8

O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://192.168.2.175/img/NetCamPlayerWeb.ocx

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6022B0FE-B1BD-4306-9A21-E5C8171DDB3E} (CSMProviderEnv Class) - http://192.168.3.249/edgesight40/app/smgr/...ads/CSMCore.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156806161841

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O20 - Winlogon Notify: awtrSjhf - C:\WINDOWS\SYSTEM32\awtrSjhf.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--

End of file - 18058 bytes

[Andro1d]

Hello and Welcome to BT.

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay!

Please visit this web page for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Once you have finished installing the Windows Recovery Console, please continue with the rest of the tutorial at the above link.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

[arojas4570]

Thank you for all your help. Here is the Combo and new HijackThis file. Please let me know if you need any other info.

Alex

CoboFix:

ComboFix 08-05-21.3 - Alex Rojas 2008-05-23 0:20:55.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1330 [GMT -4:00]

Running from: C:\Documents and Settings\Alex Rojas\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Alex Rojas\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\BMd35cca40.xml

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\ajpmigig.dll

C:\WINDOWS\system32\ckigbxrv.dll

C:\WINDOWS\system32\cvbkrwym.ini

C:\WINDOWS\system32\eeulyoup.dll

C:\WINDOWS\system32\egnbfhmf.exe

C:\WINDOWS\system32\gigimpja.ini

C:\WINDOWS\system32\hwcljvjs.dll

C:\WINDOWS\system32\iifcDWmK.dll

C:\WINDOWS\system32\ivhjreoy.dll

C:\WINDOWS\system32\KmWDcfii.ini

C:\WINDOWS\system32\KmWDcfii.ini2

C:\WINDOWS\system32\LSYxaGgh.ini

C:\WINDOWS\system32\LSYxaGgh.ini2

C:\WINDOWS\system32\ojsktsgt.ini

C:\WINDOWS\system32\qaerqepv.exe

C:\WINDOWS\system32\qrYbHRqr.ini

C:\WINDOWS\system32\qrYbHRqr.ini2

C:\WINDOWS\system32\taqqyyie.dll

C:\WINDOWS\system32\uuxxaccf.ini

C:\WINDOWS\system32\uuxxaccf.ini2

C:\WINDOWS\system32\vrxbgikc.ini

C:\WINDOWS\system32\wynufidp.exe

C:\WINDOWS\system32\ybhpbywq.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))

.

2008-05-22 00:34 . 2008-05-22 00:34 400,733 --a------ C:\WINDOWS\system32\nwiz.rar

2008-05-20 23:47 . 2008-05-20 23:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-20 23:47 . 2008-05-21 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-20 22:06 . 2008-05-20 22:17 <DIR> d-------- C:\VundoFix Backups

2008-05-20 02:15 . 2008-05-20 02:15 <DIR> d-------- C:\Program Files\Lavasoft

2008-05-20 02:15 . 2008-05-20 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-20 02:10 . 2008-05-20 02:10 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-20 00:18 . 2008-05-20 00:18 <DIR> d-------- C:\temp\sixaxis

2008-05-20 00:10 . 2008-05-20 01:36 <DIR> d-------- C:\Program Files\Super Internet TV

2008-05-20 00:09 . 2008-05-20 00:14 <DIR> d-------- C:\temp\Super.Internet.TV.7.2-NEW

2008-05-20 00:09 . 2008-05-20 00:09 56,320 --a------ C:\WINDOWS\system32\awtrSjhf.dll

2008-05-14 00:47 . 2008-05-14 00:47 <DIR> d-------- C:\Program Files\VSO

2008-05-14 00:47 . 2008-05-14 00:50 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\Vso

2008-05-14 00:47 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-05-14 00:47 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll

2008-05-14 00:47 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-05-14 00:47 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-05-14 00:47 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-05-14 00:47 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-05-14 00:47 . 2008-05-14 00:47 87,608 --a------ C:\Documents and Settings\Alex Rojas\Application Data\inst.exe

2008-05-14 00:47 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-05-14 00:47 . 2008-05-14 00:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-14 00:47 . 2008-05-14 00:47 47,360 --a------ C:\Documents and Settings\Alex Rojas\Application Data\pcouffin.sys

2008-05-13 23:24 . 2008-05-13 23:24 <DIR> d-------- C:\temp\PM8

2008-05-12 21:20 . 2008-05-12 21:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-05-12 21:20 . 2008-05-12 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-05-12 20:15 . 2008-05-12 20:38 <DIR> d-------- C:\Fraps

2008-05-12 20:15 . 2008-05-20 01:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-12 20:04 . 2008-05-12 20:04 <DIR> d-------- C:\Program Files\NeroInstall.bak

2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\Nero

2008-05-12 19:55 . 2008-05-12 19:58 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-05-12 19:55 . 2008-05-12 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-05-12 19:33 . 2008-05-12 19:41 <DIR> d-------- C:\temp\nero8

2008-05-10 22:41 . 2008-05-10 22:45 227 --a------ C:\WINDOWS\RtlRack.ini

2008-05-10 00:59 . 2008-05-10 00:59 439 --a------ C:\temp\rarreg.zip

2008-05-10 00:58 . 2008-05-10 00:58 1,035,271 --a------ C:\temp\wrar362.exe

2008-04-27 18:20 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-27 18:20 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-04-27 18:20 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-04-27 18:20 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-04-27 18:20 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-04-27 18:20 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-04-27 18:20 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2008-04-27 18:20 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-04-27 18:20 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2008-04-27 18:20 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-04-27 18:18 . 2008-04-27 18:18 22,328 --a------ C:\Documents and Settings\Alex Rojas\Application Data\PnkBstrK.sys

2008-04-27 18:18 . 2008-04-27 18:18 319 --a------ C:\WINDOWS\game.ini

2008-04-27 18:07 . 2008-04-27 18:07 <DIR> d-------- C:\Program Files\Activision

2008-04-26 20:51 . 2008-04-26 20:52 <DIR> d-------- C:\Program Files\Creative

2008-04-26 20:51 . 2002-06-14 13:49 10,194 --a------ C:\WINDOWS\system32\PFMODNT.SYS

2008-04-26 20:50 . 2008-04-26 20:50 24,451,404 --a------ C:\temp\LiveDrvUni-Pack(ENG).exe

2008-04-26 20:49 . 2008-04-26 20:49 6,465,104 --a------ C:\temp\LiveDrvPack_Patch.exe

2008-04-26 20:15 . 2001-08-17 12:19 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2008-04-26 02:06 . 2008-05-19 00:54 <DIR> d-------- C:\temp\new NDS

2008-04-26 00:17 . 2008-04-26 00:17 <DIR> d-------- C:\Program Files\Winnydows

2008-04-25 00:23 . 2008-04-25 00:24 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\PC-FAX TX

2008-04-24 17:59 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys

2008-04-24 17:59 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

2008-04-24 17:59 . 2008-04-25 01:03 1,187 --a------ C:\WINDOWS\Brpfx04a.ini

2008-04-24 17:59 . 2008-04-24 17:59 419 --a------ C:\WINDOWS\BRWMARK.INI

2008-04-24 17:59 . 2008-04-25 00:23 153 --a------ C:\WINDOWS\brpcfx.ini

2008-04-24 17:59 . 2008-04-24 17:59 50 --a------ C:\WINDOWS\system32\bridf07a.dat

2008-04-24 17:59 . 2008-04-24 17:59 27 --a------ C:\WINDOWS\BRPP2KA.INI

2008-04-24 17:58 . 2008-04-24 17:58 <DIR> d-------- C:\Program Files\Brother

2008-04-24 17:55 . 2008-04-24 17:55 <DIR> d-------- C:\Program Files\Nuance

2008-04-24 17:55 . 2006-10-24 15:34 31,567 --a------ C:\WINDOWS\maxlink.ini

2008-04-24 17:54 . 2008-04-24 17:54 <DIR> d-------- C:\Program Files\ScanSoft

2008-04-24 17:54 . 2008-04-24 17:54 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-04-24 17:54 . 2008-04-24 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft

2008-04-24 17:47 . 2008-04-24 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-23 04:31 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-05-23 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-05-20 06:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-20 05:27 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Azureus

2008-05-20 03:58 --------- d-----w C:\Program Files\Total Video Converter

2008-05-20 02:56 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-19 01:36 --------- d-----w C:\Program Files\MSN Messenger

2008-05-16 03:16 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\LimeWire

2008-05-14 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 23:16 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-05-13 23:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-13 23:16 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-05-13 01:09 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-12 23:55 --------- d-----w C:\Program Files\Nero

2008-05-12 23:43 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-11 02:26 --------- d-----w C:\Program Files\Zune

2008-04-27 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-26 15:04 --------- d-s---w C:\Program Files\Xfire

2008-04-26 05:36 --------- d-----w C:\Program Files\Replay Converter

2008-04-26 03:44 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Xfire

2008-04-23 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks

2008-04-19 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth

2008-04-19 18:58 --------- d-----w C:\Program Files\IVT Corporation

2008-04-19 05:24 --------- d-----w C:\Program Files\Reference Assemblies

2008-04-17 23:34 --------- d-----w C:\Program Files\Azureus

2008-04-16 05:45 --------- d-----w C:\Program Files\BatchDPG

2008-04-05 04:59 --------- d-----w C:\Program Files\LimeWire

2008-04-04 21:31 41,296 ----a-w C:\WINDOWS\system32\xfcodec.dll

2008-04-03 23:24 --------- d-----w C:\Program Files\DOSBox-0.72

2008-04-03 01:30 --------- d-----w C:\Program Files\Matroska Pack

2008-04-02 04:53 --------- d-----w C:\Program Files\7-Zip

2008-04-02 03:07 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-02 03:06 --------- d-----w C:\Program Files\eRightSoft

2008-04-02 02:52 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Media Player Classic

2008-04-01 21:31 --------- d-----w C:\Program Files\TechSmith

2008-04-01 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith

2008-03-30 04:39 --------- d-----w C:\Program Files\Memorex exPressit Label Design Studio

2008-03-30 04:36 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 21:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-25 06:29 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe

2008-02-25 06:28 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-02-25 06:28 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe

2008-02-25 06:28 3,955,352 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe

2008-02-25 06:12 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-25 06:12 282,624 ----a-r C:\WINDOWS\Setup1.exe

2008-02-25 06:12 102,400 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL

2007-05-21 02:12 630,784 ----a-w C:\Documents and Settings\Alex Rojas\GoToAssist_chat2way__317_en.exe

2007-03-15 21:37 56,912 ----a-w C:\Documents and Settings\Alex Rojas\g2mdlhlpx.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50064432-0C5A-404C-934F-19370F3F8AF4}]

C:\WINDOWS\system32\hgGaxYSL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65193335-DC04-4110-94E7-228FAE5D5470}]

C:\WINDOWS\system32\fccaxxuu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93CB77C9-282D-4D4A-9BE5-83D62D6B8FFA}]

C:\WINDOWS\system32\rqRHbYrq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C69F5E00-7BF3-4565-B78C-6623F70DC1A8}]

2008-05-23 00:35 370688 --a------ C:\WINDOWS\system32\tuvWonMe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23136A1-1AC4-4D1B-926F-5D537CFFF359}]

2008-05-20 00:09 56320 --a------ C:\WINDOWS\system32\awtrSjhf.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 17:42 401491]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]

"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-11-03 09:02 31816]

"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 14:42 61440 C:\WINDOWS\MIDIDEF.EXE]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTrayp"="VTtrayp.exe" [2005-03-11 13:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]

"HostManager"="C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]

"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 08:00 143360]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 00:28 185896]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632]

"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 13:14 663552]

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"VTTimer"="VTTimer.exe" [2005-03-07 23:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 12:42 90112 C:\WINDOWS\soundman.exe]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 07:07 228088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]

"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS" [ ]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]

"BMd35cca40"="C:\WINDOWS\system32\cwlikepy.dll" [2008-05-23 00:41 126464]

C:\Documents and Settings\Alex Rojas\Start Menu\Programs\Startup\

AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 17:50:57 41824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-04-19 14:58:35 1183744]

SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 08:00:00 5513216]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"= C:\WINDOWS\system32\awtrSjhf.dll [2008-05-20 00:09 56320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrSjhf]

awtrSjhf.dll 2008-05-20 00:09 56320 C:\WINDOWS\system32\awtrSjhf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2005-05-20 12:51 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.NTN1"= nuvision.ax

"vidc.yv12"= yv12vfw.dll

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\tuvWonMe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"C:\\Program Files\\America Online 9.0\\waol.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\AOLServiceHost.exe"=

"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Program Files\\Xfire\\Xfire.exe"=

"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\aolsoftware.exe"=

"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault\\mohpa.exe"=

"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\AOLDesktop.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:PCTV Service

"54925:UDP"= 54925:UDP:Brother Network Scanner

R2 pctvsvc;PCTV Service;C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe [2007-06-27 18:03]

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]

R3 BoosterKey;PCTV key Service;C:\WINDOWS\system32\DRIVERS\pctvkey.sys [2007-06-27 18:03]

R3 havanet;PCTV To Go NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2007-06-27 18:03]

R3 HAVATV;PCTV To Go Video Device;C:\WINDOWS\system32\DRIVERS\PCTV.sys [2007-06-27 18:03]

R3 HavaTV_10;PCTV To Go Remote Video Device;C:\WINDOWS\system32\DRIVERS\PCTV_10.sys [2007-06-27 18:03]

R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]

R3 NuVision;Hauppauge WinTV USB (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 17:40]

R3 pctvbus;PCTV To Go Bus Enumerator;C:\WINDOWS\system32\DRIVERS\pctvbus.sys [2007-06-27 18:03]

.

Contents of the 'Scheduled Tasks' folder

"2008-03-16 00:51:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 00:30:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe

-> C:\WINDOWS\system32\awtrSjhf.dll

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\cwlikepy.dll

-> C:\WINDOWS\system32\tuvWonMe.dll

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\Common Files\AOL\1156821003\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\verclsid.exe

.

**************************************************************************

.

Completion time: 2008-05-23 0:44:10 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-23 04:43:29

Pre-Run: 26,271,731,712 bytes free

Post-Run: 26,280,259,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

369 --- E O F --- 2008-05-20 02:56:05

________________________________________________________________________________

____________________________________________

New HijackThis file:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:53:52 AM, on 5/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

c:\program files\common files\aol\1156821003\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\explorer.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bMd35cca40] Rundll32.exe "C:\WINDOWS\system32\cwlikepy.dll",s

O4 - HKLM\..\Run: [d06ff9dc] rundll32.exe "C:\WINDOWS\system32\mkyqvies.dll",b

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: &Search - ?p=ZUzeb004NYUS_ZUxdm080NUUS

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.win2k8

O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://192.168.2.175/img/NetCamPlayerWeb.ocx

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6022B0FE-B1BD-4306-9A21-E5C8171DDB3E} (CSMProviderEnv Class) - http://192.168.3.249/edgesight40/app/smgr/...ads/CSMCore.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156806161841

O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--

End of file - 15992 bytes

[Andro1d]

Hello again,

Step 1

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program.

Step 2

1. Please open Notepad

• Click Start , then Run
  
• Type notepad .exe in the Run Box.
  

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\awtrSjhf.dll
C:\Documents and Settings\Alex Rojas\Application Data\inst.exe
C:\WINDOWS\RtlRack.ini
C:\WINDOWS\Brpfx04a.ini
C:\WINDOWS\BRWMARK.INI
C:\WINDOWS\brpcfx.ini
C:\WINDOWS\BRPP2KA.INI 
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\hgGaxYSL.dll
C:\WINDOWS\system32\fccaxxuu.dll
C:\WINDOWS\system32\rqRHbYrq.dll
C:\WINDOWS\system32\tuvWonMe.dll
C:\WINDOWS\system32\cwlikepy.dll
C:\WINDOWS\system32\awtrSjhf.dll
C:\WINDOWS\system32\mkyqvies.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50064432-0C5A-404C-934F-19370F3F8AF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65193335-DC04-4110-94E7-228FAE5D5470}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93CB77C9-282D-4D4A-9BE5-83D62D6B8FFA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C69F5E00-7BF3-4565-B78C-6623F70DC1A8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E23136A1-1AC4-4D1B-926F-5D537CFFF359}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BMd35cca40"=-
"d06ff9dc"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E23136A1-1AC4-4D1B-926F-5D537CFFF359}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtrSjhf]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{85D1F3B2-2A21-11D7-97B9-0010DC2A6243}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
  
• A new HijackThis log.
  

[arojas4570]

Thank you again for your continued help. Here are the two updated files.

Combofix.txt:

ComboFix 08-05-21.3 - Alex Rojas 2008-05-23 22:08:07.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1412 [GMT -4:00]

Running from: C:\Documents and Settings\Alex Rojas\Desktop\ComboFix.exe

Command switches used :: C:\Documents and Settings\Alex Rojas\Desktop\CFScript.txt

* Created a new restore point

FILE ::

C:\Documents and Settings\Alex Rojas\Application Data\inst.exe

C:\WINDOWS\brpcfx.ini

C:\WINDOWS\Brpfx04a.ini

C:\WINDOWS\BRPP2KA.INI

C:\WINDOWS\BRWMARK.INI

C:\WINDOWS\iun6002.exe

C:\WINDOWS\RtlRack.ini

C:\WINDOWS\system32\awtrSjhf.dll

C:\WINDOWS\system32\cwlikepy.dll

C:\WINDOWS\system32\fccaxxuu.dll

C:\WINDOWS\system32\hgGaxYSL.dll

C:\WINDOWS\system32\mkyqvies.dll

C:\WINDOWS\system32\rqRHbYrq.dll

C:\WINDOWS\system32\tuvWonMe.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Alex Rojas\Application Data\inst.exe

C:\WINDOWS\BMd35cca40.xml

C:\WINDOWS\brpcfx.ini

C:\WINDOWS\Brpfx04a.ini

C:\WINDOWS\BRPP2KA.INI

C:\WINDOWS\BRWMARK.INI

C:\WINDOWS\iun6002.exe

C:\WINDOWS\pskt.ini

C:\WINDOWS\RtlRack.ini

C:\WINDOWS\system32\awtrSjhf.dll

C:\WINDOWS\system32\cwlikepy.dll

C:\WINDOWS\system32\eMnoWvut.ini

C:\WINDOWS\system32\eMnoWvut.ini2

C:\WINDOWS\system32\mkyqvies.dll

C:\WINDOWS\system32\seivqykm.ini

C:\WINDOWS\system32\tuvWonMe.dll

.

((((((((((((((((((((((((( Files Created from 2008-04-24 to 2008-05-24 )))))))))))))))))))))))))))))))

.

2008-05-23 22:01 . 2008-05-23 22:01 50,688 --a------ C:\temp\ATF-Cleaner.exe

2008-05-23 00:56 . 2008-05-23 00:56 134,144 --a------ C:\WINDOWS\system32\efwfkahy.dll

2008-05-22 00:34 . 2008-05-22 00:34 400,733 --a------ C:\WINDOWS\system32\nwiz.rar

2008-05-20 23:47 . 2008-05-20 23:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy

2008-05-20 23:47 . 2008-05-21 01:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-20 22:06 . 2008-05-20 22:17 <DIR> d-------- C:\VundoFix Backups

2008-05-20 02:15 . 2008-05-20 02:15 <DIR> d-------- C:\Program Files\Lavasoft

2008-05-20 02:15 . 2008-05-20 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-20 02:10 . 2008-05-20 02:10 <DIR> d-------- C:\Program Files\Trend Micro

2008-05-20 00:18 . 2008-05-20 00:18 <DIR> d-------- C:\temp\sixaxis

2008-05-20 00:10 . 2008-05-20 01:36 <DIR> d-------- C:\Program Files\Super Internet TV

2008-05-20 00:09 . 2008-05-20 00:14 <DIR> d-------- C:\temp\Super.Internet.TV.7.2-NEW

2008-05-14 00:47 . 2008-05-14 00:47 <DIR> d-------- C:\Program Files\VSO

2008-05-14 00:47 . 2008-05-14 00:50 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\Vso

2008-05-14 00:47 . 2004-05-04 11:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll

2008-05-14 00:47 . 2006-05-20 16:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll

2008-05-14 00:47 . 2006-05-11 19:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll

2008-05-14 00:47 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll

2008-05-14 00:47 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll

2008-05-14 00:47 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll

2008-05-14 00:47 . 2007-03-18 20:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll

2008-05-14 00:47 . 2008-05-14 00:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys

2008-05-14 00:47 . 2008-05-14 00:47 47,360 --a------ C:\Documents and Settings\Alex Rojas\Application Data\pcouffin.sys

2008-05-13 23:24 . 2008-05-13 23:24 <DIR> d-------- C:\temp\PM8

2008-05-12 21:20 . 2008-05-12 21:20 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared

2008-05-12 21:20 . 2008-05-12 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-05-12 20:15 . 2008-05-12 20:38 <DIR> d-------- C:\Fraps

2008-05-12 20:15 . 2008-05-20 01:10 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-12 20:04 . 2008-05-12 20:04 <DIR> d-------- C:\Program Files\NeroInstall.bak

2008-05-12 20:00 . 2008-05-12 20:00 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\Nero

2008-05-12 19:55 . 2008-05-12 19:58 <DIR> d-------- C:\Program Files\Common Files\Nero

2008-05-12 19:55 . 2008-05-12 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero

2008-05-12 19:33 . 2008-05-12 19:41 <DIR> d-------- C:\temp\nero8

2008-05-10 00:59 . 2008-05-10 00:59 439 --a------ C:\temp\rarreg.zip

2008-05-10 00:58 . 2008-05-10 00:58 1,035,271 --a------ C:\temp\wrar362.exe

2008-04-27 18:20 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll

2008-04-27 18:20 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-04-27 18:20 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll

2008-04-27 18:20 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-04-27 18:20 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

2008-04-27 18:20 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-04-27 18:20 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2008-04-27 18:20 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll

2008-04-27 18:20 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll

2008-04-27 18:20 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-04-27 18:18 . 2008-04-27 18:18 22,328 --a------ C:\Documents and Settings\Alex Rojas\Application Data\PnkBstrK.sys

2008-04-27 18:18 . 2008-04-27 18:18 319 --a------ C:\WINDOWS\game.ini

2008-04-27 18:07 . 2008-04-27 18:07 <DIR> d-------- C:\Program Files\Activision

2008-04-26 20:51 . 2008-04-26 20:52 <DIR> d-------- C:\Program Files\Creative

2008-04-26 20:51 . 2002-06-14 13:49 10,194 --a------ C:\WINDOWS\system32\PFMODNT.SYS

2008-04-26 20:50 . 2008-04-26 20:50 24,451,404 --a------ C:\temp\LiveDrvUni-Pack(ENG).exe

2008-04-26 20:49 . 2008-04-26 20:49 6,465,104 --a------ C:\temp\LiveDrvPack_Patch.exe

2008-04-26 20:15 . 2001-08-17 12:19 3,712 --a------ C:\WINDOWS\system32\drivers\ctljystk.sys

2008-04-26 02:06 . 2008-05-19 00:54 <DIR> d-------- C:\temp\new NDS

2008-04-26 00:17 . 2008-04-26 00:17 <DIR> d-------- C:\Program Files\Winnydows

2008-04-25 00:23 . 2008-04-25 00:24 <DIR> d-------- C:\Documents and Settings\Alex Rojas\Application Data\PC-FAX TX

2008-04-24 17:59 . 2001-08-17 13:53 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys

2008-04-24 17:59 . 2001-08-17 13:53 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

2008-04-24 17:59 . 2008-04-24 17:59 50 --a------ C:\WINDOWS\system32\bridf07a.dat

2008-04-24 17:58 . 2008-04-24 17:58 <DIR> d-------- C:\Program Files\Brother

2008-04-24 17:55 . 2008-04-24 17:55 <DIR> d-------- C:\Program Files\Nuance

2008-04-24 17:55 . 2006-10-24 15:34 31,567 --a------ C:\WINDOWS\maxlink.ini

2008-04-24 17:54 . 2008-04-24 17:54 <DIR> d-------- C:\Program Files\ScanSoft

2008-04-24 17:54 . 2008-04-24 17:54 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-04-24 17:54 . 2008-04-24 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ScanSoft

2008-04-24 17:47 . 2008-04-24 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Brother

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-24 02:17 --------- d-----w C:\Program Files\Symantec AntiVirus

2008-05-23 03:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater

2008-05-20 06:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-05-20 05:27 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Azureus

2008-05-20 03:58 --------- d-----w C:\Program Files\Total Video Converter

2008-05-20 02:56 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-19 01:36 --------- d-----w C:\Program Files\MSN Messenger

2008-05-16 03:16 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\LimeWire

2008-05-14 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-05-13 23:16 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-05-13 01:09 --------- d-----w C:\Program Files\Common Files\Adobe

2008-05-12 23:55 --------- d-----w C:\Program Files\Nero

2008-05-12 23:43 --------- d-----w C:\Program Files\Common Files\Ahead

2008-05-11 02:26 --------- d-----w C:\Program Files\Zune

2008-04-27 22:18 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-04-26 15:04 --------- d-s---w C:\Program Files\Xfire

2008-04-26 05:36 --------- d-----w C:\Program Files\Replay Converter

2008-04-26 03:44 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Xfire

2008-04-23 01:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\OrbNetworks

2008-04-19 19:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth

2008-04-19 18:58 --------- d-----w C:\Program Files\IVT Corporation

2008-04-19 05:24 --------- d-----w C:\Program Files\Reference Assemblies

2008-04-17 23:34 --------- d-----w C:\Program Files\Azureus

2008-04-16 05:45 --------- d-----w C:\Program Files\BatchDPG

2008-04-05 04:59 --------- d-----w C:\Program Files\LimeWire

2008-04-03 23:24 --------- d-----w C:\Program Files\DOSBox-0.72

2008-04-03 01:30 --------- d-----w C:\Program Files\Matroska Pack

2008-04-02 04:53 --------- d-----w C:\Program Files\7-Zip

2008-04-02 03:07 --------- d-----w C:\Program Files\AviSynth 2.5

2008-04-02 03:06 --------- d-----w C:\Program Files\eRightSoft

2008-04-02 02:52 --------- d-----w C:\Documents and Settings\Alex Rojas\Application Data\Media Player Classic

2008-04-01 21:31 --------- d-----w C:\Program Files\TechSmith

2008-04-01 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith

2008-03-30 04:39 --------- d-----w C:\Program Files\Memorex exPressit Label Design Studio

2008-03-30 04:36 --------- d-----w C:\Program Files\Common Files\SureThing Shared

2008-02-28 21:38 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe

2008-02-26 20:14 972,072 ----a-w C:\WINDOWS\UNRecode.exe

2008-02-25 06:29 2,293,848 ----a-w C:\Program Files\FLV PlayerFCSetup.exe

2008-02-25 06:28 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe

2008-02-25 06:28 3,955,352 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe

2008-02-25 06:12 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE

2008-02-25 06:12 282,624 ----a-r C:\WINDOWS\Setup1.exe

2007-05-21 02:12 630,784 ----a-w C:\Documents and Settings\Alex Rojas\GoToAssist_chat2way__317_en.exe

2007-03-15 21:37 56,912 ----a-w C:\Documents and Settings\Alex Rojas\g2mdlhlpx.exe

.

((((((((((((((((((((((((((((( snapshot@2008-05-23_ 0.42.08.92 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-05-23 04:29:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-05-24 02:19:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8fa68f51-9993-49c6-a747-ad1eafeb4cb9}]

2008-05-23 00:56 134144 --a------ C:\WINDOWS\system32\efwfkahy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]

"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 17:42 401491]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [ ]

"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]

"GoToMeeting"="C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe" [2007-11-03 09:02 31816]

"SetDefaultMIDI"="MIDIDef.exe" [2002-01-14 14:42 61440 C:\WINDOWS\MIDIDEF.EXE]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTrayp"="VTtrayp.exe" [2005-03-11 13:33 147456 C:\WINDOWS\system32\VTTrayp.exe]

"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]

"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]

"HostManager"="C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe" [2007-10-08 17:50 41824]

"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 08:50 71216]

"Pure Networks Port Magic"="C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 17:33 99480]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 18:30 45632]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]

"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]

"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]

"nwiz"="nwiz.exe" [2006-08-12 00:43 1519616 C:\WINDOWS\system32\nwiz.exe]

"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 08:00 143360]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-07 00:28 185896]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]

"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 21:12 30248]

"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 21:10 46632]

"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 13:46 255528]

"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 13:14 663552]

"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 15:58 65536]

"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]

"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664]

"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 16:29 2221352]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

"VTTimer"="VTTimer.exe" [2005-03-07 23:33 53248 C:\WINDOWS\system32\VTTimer.exe]

"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]

"SoundMan"="SOUNDMAN.EXE" [2005-09-22 12:42 90112 C:\WINDOWS\soundman.exe]

"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-03-26 07:07 228088]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-12 00:43 86016]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-12 00:43 7630848]

"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]

"DevconDefaultDB"="C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS" [ ]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]

C:\Documents and Settings\Alex Rojas\Start Menu\Programs\Startup\

AOL Desktop.lnk - C:\Program Files\Common Files\AOL\Launch\aollaunch.exe [2007-10-08 17:50:57 41824]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-04-19 14:58:35 1183744]

SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [2005-12-22 08:00:00 5513216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]

PCANotify.dll 2005-05-20 12:51 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"MSACM.CEGSM"= mobilev.acm

"VIDC.NTN1"= nuvision.ax

"vidc.yv12"= yv12vfw.dll

"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"C:\\Program Files\\America Online 9.0\\waol.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\AOLServiceHost.exe"=

"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=

"C:\\Program Files\\Xfire\\Xfire.exe"=

"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=

"C:\\Program Files\\LimeWire\\LimeWire.exe"=

"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=

"C:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\aolsoftware.exe"=

"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault\\mohpa.exe"=

"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\WINDOWS\\system32\\dpvsetup.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"C:\\Program Files\\Common Files\\AOL\\1156821003\\EE\\AOLDesktop.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=

"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

"C:\\Program Files\\Brother\\Brmfl07a\\FAXRX.exe"=

"C:\\WINDOWS\\system32\\PnkBstrA.exe"=

"C:\\WINDOWS\\system32\\PnkBstrB.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1778:UDP"= 1778:UDP:PCTV Service

"54925:UDP"= 54925:UDP:Brother Network Scanner

R2 pctvsvc;PCTV Service;C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe [2007-06-27 18:03]

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]

R3 BoosterKey;PCTV key Service;C:\WINDOWS\system32\DRIVERS\pctvkey.sys [2007-06-27 18:03]

R3 havanet;PCTV To Go NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2007-06-27 18:03]

R3 HAVATV;PCTV To Go Video Device;C:\WINDOWS\system32\DRIVERS\PCTV.sys [2007-06-27 18:03]

R3 HavaTV_10;PCTV To Go Remote Video Device;C:\WINDOWS\system32\DRIVERS\PCTV_10.sys [2007-06-27 18:03]

R3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 11:33]

R3 NuVision;Hauppauge WinTV USB (NTSC);C:\WINDOWS\system32\DRIVERS\NUVision.sys [2005-07-08 17:40]

R3 pctvbus;PCTV To Go Bus Enumerator;C:\WINDOWS\system32\DRIVERS\pctvbus.sys [2007-06-27 18:03]

.

Contents of the 'Scheduled Tasks' folder

"2008-03-16 00:51:34 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-23 22:20:06

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\AOL\1156821003\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

.

**************************************************************************

.

Completion time: 2008-05-23 22:34:16 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-24 02:33:49

ComboFix2.txt 2008-05-23 04:44:30

Pre-Run: 26,229,133,312 bytes free

Post-Run: 26,214,862,848 bytes free

333 --- E O F --- 2008-05-20 02:56:05

________________________________________________________________________________

____________________

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:48:58 PM, on 5/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe

C:\WINDOWS\system32\ctfmon.exe

c:\program files\common files\aol\1156821003\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\America Online 9.0\shellmon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: {9bc4befa-e1da-747a-6c94-399915f86af8} - {8fa68f51-9993-49c6-a747-ad1eafeb4cb9} - C:\WINDOWS\system32\efwfkahy.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.win2k8

O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://192.168.2.175/img/NetCamPlayerWeb.ocx

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6022B0FE-B1BD-4306-9A21-E5C8171DDB3E} (CSMProviderEnv Class) - http://192.168.3.249/edgesight40/app/smgr/...ads/CSMCore.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156806161841

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--

End of file - 16175 bytes

[Andro1d]

Hello again,

Step 1

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 6 and save it to your desktop.
  
• Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 6...allows end-users to run Java applications".
  
• Click the "Download" button to the right.
  
• Read the License Agreement and then check the box that says: "Accept License Agreement". The page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u6-windows-i586-p.exe to install the newest version.
  

Step 2

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[arojas4570]

Hi there. Thanks again for all your help.

Here is the report from MBAM:

Malwarebytes' Anti-Malware 1.12

Database version: 783

Scan type: Full Scan (C:\|I:\|)

Objects scanned: 200801

Time elapsed: 1 hour(s), 15 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 15

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 5

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

C:\WINDOWS\system32\efwfkahy.dll (Trojan.vundo) -> Unloaded module successfully.

Registry Keys Infected:

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8fa68f51-9993-49c6-a747-ad1eafeb4cb9} (Trojan.vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fa68f51-9993-49c6-a747-ad1eafeb4cb9} (Trojan.vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\QooBox\Quarantine\C\WINDOWS\system32\iifcDWmK.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A3AD3022-2994-4224-8460-D25ACD5CC65E}\RP504\A0107192.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A3AD3022-2994-4224-8460-D25ACD5CC65E}\RP504\A0107309.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{A3AD3022-2994-4224-8460-D25ACD5CC65E}\RP505\A0107526.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\efwfkahy.dll (Trojan.vundo) -> Delete on reboot.

________________________________________________________________________________

_________________________________________

Just in case I added the HijackThis log as well:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:10:59 AM, on 5/24/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\lotus\notes\ntmulti.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Common Files\AOL\Loader\aolload.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Pinnacle\Drivers\pctvsvc.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

c:\program files\common files\aol\1156821003\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe

C:\Program Files\TVersity\Media Server\MediaServer.exe

C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe

C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Program Files\Common Files\AOL\1156821003\EE\AOLDesktop.exe

C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\America Online 9.0\waol.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\Common Files\AOL\1156821003\EE\aolsoftware.exe

C:\Program Files\America Online 9.0\shellmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1156821003\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

O4 - HKLM\..\Run: [DevconDefaultDB] C:\WINDOWS\READREG /PSCONV={NO} /NO_DEFPS

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: AOL Desktop.lnk = C:\Program Files\Common Files\AOL\Launch\aollaunch.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://*.win2k8

O16 - DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} (NetCamPlayerWeb Control) - http://192.168.2.175/img/NetCamPlayerWeb.ocx

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {6022B0FE-B1BD-4306-9A21-E5C8171DDB3E} (CSMProviderEnv Class) - http://192.168.3.249/edgesight40/app/smgr/...ads/CSMCore.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1156806161841

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PCTV Service (pctvsvc) - Pinnacle Systems Inc. - C:\Program Files\Pinnacle\PCTV To Go Setup Wizard\..\Drivers\pctvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--

End of file - 16201 bytes

[Andro1d]

Hello again,

Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O15 - Trusted Zone: http://*.win2k8

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Other than that...

Nice job your log looks clean!

How is it running?

Please use the following suggestion to help prevent reinfection.

Also, you may delete any tools I had you download during the cleaning process.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)Now we need to make a new System Restore Point for your PC, please do the following

• Click Start, Settings, Control Panel
  
• Double-click the System icon
  
• Click the Performance tab, File System, Troubleshooting tab
  
• Check "Turn off System Restore" and click "Apply". Please give a moment as it will delete the old System Restore points
  
• Then uncheck "Turn off System Restore" which will create a new System Restore point
  
• Click OK
  

I highly recommend downloading the following programs, to keep malware of your computer to begin with.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

Firewall A firewall is definitely a must have to protect your computer from hackers. I recommend Comodo, Online Armor, or Outpost.

**Tutorial on Firewalls can be found HERE**

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by Microsoft.

And finally a little How did I get infected in the first place?(by Tony Klein)

Good luck and safe surfing

[arojas4570]

Hi there.. I wanted to thank you for all your work. My machine is back to normal and I really couldn't have done it without you.

Thanks again.

Alex

[Andro1d]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.