I hope that someone will be able to help me out here... Please tell me if I'm leaving out any important information.

I recently had a hardware malfunction with my hard drive, and I lost almost 3 years worth of information. After purchasing a new HD, I used my gateway recovery disc to reinstall windows XP. I immediately downloaded Mozilla Firefox. I haven't visited any disreputable websites. I get all of my software from download.com, and I visit a few movie websites, toy collecting websites, etc... All sites that I have visited for years. Yet, for whatever reason, I keep getting pop-up advertisements from Internet Explorer. I'm not even using IE as my default browser. They come maybe three or four at a time. I left my computer signed online overnight after I first reinstalled, and I had almost a hundred and fifty pop-ups on the screen in the morning, according to the tab in the task bar, anyway. I've followed almost all of the steps here;.

If someone could please help me out with this log, I'll really appreciate it. I had a similar problem when I first got my computer. I've been using this computer for almost 3 years with no problem.

Logfile of HijackThis v1.99.1
Scan saved at 3:09:45 AM, on 1/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\DOBE~1\scanregw.exe
C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [5417482f] rundll32.exe "C:\WINDOWS\system32\owiimpjl.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\system32\DOBE~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.8\webbuying.exe
O4 - HKCU\..\Run: [Ait] "C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

If there is any other information that I can provide to make this easier, I'll be more than happy to. Please let me know if there's anything I can do.

I'm getting a lot of prompts for installers when I try to sign online now. My antivirus is blocking them, it seems, but Norton is saying "Unable to repair file"

You appear to be running two (2) antivirus product at the same time (Norton and Mcafee). If so that could create serious slowdowns and other complications. Please uninstall one of them.


Uninstall your current version of HijackThis and load the latest version:

Click here to download HJTInstall.exe (Trend Micro HijackThis v2.0.2).

• Save HJTsetup.exe to your desktop.
• Double click on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\HijackThis.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch HijackThis.
  
  
• Click on the Do a system scan and save a logfile button.
  • It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
• DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
• DO NOT have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Download ComboFix from one of the following links below:

Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a NEW HijackThis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

ComboFix SHOULD NOT be used unless requested by a forum helper.

I don't have McCaffee installed on my computer. I checked my program files and my remove hardware screen, but there's nothing there.

Also, I couldn't disable Norton on startup, and it kept recognizing ComboFix as a virus.

After ComboFix finally finished, Internet Explorer was set as my default browser (instead of Firefox), and I had a "video game rentals for free" icon on my desktop.

Ok, here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:52 PM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {34669ECD-5877-5AA2-5716-5800CDBB8BB8} - C:\WINDOWS\system32\sbnmr.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {629FA77F-62D2-4CA3-9374-43E6848A7949} - \
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [bm] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Cpue] "C:\WINDOWS\system32\DOBE~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [Ait] "C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7265 bytes

Here's the ComboFix log:

ComboFix 08-02.01.5 - Owner 2008-02-01 14:25:52.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT -5:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pmnomlj.dll
C:\WINDOWS\system32\ssqro.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Owner\My Documents\PPATCH~1
C:\Documents and Settings\Owner\My Documents\PPATCH~1\??rss.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dobe~1\?dobe\
C:\WINDOWS\system32\dobe~1\scanregw.exe
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\eeljubj.dll
C:\WINDOWS\system32\efcyxuv.dll
C:\WINDOWS\system32\gjbyduhq.dll
C:\WINDOWS\system32\hglnlwld.dll
C:\WINDOWS\system32\hsjqaknm.dll
C:\WINDOWS\system32\ljpmiiwo.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\orqss.ini
C:\WINDOWS\system32\orqss.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnomlj.dll
C:\WINDOWS\system32\qhudybjg.ini
C:\WINDOWS\system32\ssqro.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.com
hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR


((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-02-01 14:31 . 2008-02-01 14:31 <DIR> d-------- C:\Temp\tn3
2008-02-01 07:49 . 2008-02-01 07:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 07:46 . 2008-02-01 07:46 2 --a------ C:\WINDOWS\msoffice.ini
2008-02-01 06:47 . 2008-02-01 08:12 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\HouseCall 6.6
2008-02-01 03:59 . 2008-02-01 03:58 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-01 03:58 . 2008-02-01 04:51 <DIR> d-------- C:\Documents and Settings\Owner\.housecall6.6
2008-01-30 14:07 . 2008-01-30 14:07 72,566 --a------ C:\WINDOWS\system32\GameFly_2.ico
2008-01-30 04:05 . 2008-01-30 04:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-01-30 04:01 . 2008-01-30 04:02 <DIR> d-------- C:\Program Files\AIM6
2008-01-30 04:01 . 2008-01-30 04:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-01-30 03:59 . 2008-01-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-01-30 03:59 . 2008-01-30 03:59 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_010 05.Wdf
2008-01-30 03:58 . 2008-01-30 03:58 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-30 03:58 . 2008-01-30 04:00 <DIR> d-------- C:\Program Files\Zune
2008-01-30 03:57 . 2006-10-04 09:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-01-30 03:57 . 2006-10-04 09:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-01-30 03:57 . 2006-10-04 09:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-01-30 03:55 . 2008-01-31 08:47 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-30 03:55 . 2008-01-30 04:00 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-01-29 15:41 . 2008-02-01 03:33 644 --a------ C:\WINDOWS\wininit.ini
2008-01-29 15:33 . 2008-01-31 18:39 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-29 15:29 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-29 15:09 . 2008-01-29 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-29 14:21 . 2008-01-29 14:21 4,286 --a------ C:\WINDOWS\system32\everybodybets.32x32.4.ico
2008-01-29 07:52 . 2008-01-29 07:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-29 07:52 . 2008-01-29 07:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-29 07:51 . 2008-01-29 07:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 07:50 . 2008-01-29 07:50 <DIR> d--hs---- C:\TrustedAntivirus
2008-01-29 07:50 . 2008-01-29 07:50 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-01-29 07:49 . 2004-10-07 13:39 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-29 07:46 . 2008-01-29 07:46 36,864 --a------ C:\WINDOWS\mrofinu572.exe.tmp
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\WINDOWS\system32\wts1
2008-01-29 07:45 . 2008-01-29 08:09 <DIR> d-------- C:\WINDOWS\system32\vip4
2008-01-29 07:45 . 2008-01-29 08:31 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-29 07:45 . 2008-01-29 08:09 <DIR> d-------- C:\WINDOWS\system32\knis6
2008-01-29 07:45 . 2008-01-29 14:48 <DIR> d-------- C:\WINDOWS\system32\comg9
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\Temp\gTiis19
2008-01-29 07:45 . 2008-01-29 07:45 <DIR> d-------- C:\Temp\cXzz9
2008-01-29 07:45 . 2008-02-01 14:31 <DIR> d-------- C:\Temp
2008-01-29 07:45 . 2008-01-29 07:45 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-29 07:45 . 2008-01-29 07:45 86,016 --a------ C:\WINDOWS\system32\drivers\dmboott.sys
2008-01-29 04:35 . 2008-01-29 05:36 <DIR> d-------- C:\Program Files\Semagic
2008-01-29 04:34 . 2008-01-29 04:34 <DIR> d-------- C:\Program Files\DNA
2008-01-29 04:34 . 2008-01-29 04:34 <DIR> d-------- C:\Program Files\BitTorrent
2008-01-29 04:34 . 2008-02-01 14:30 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DNA
2008-01-29 04:28 . 2007-04-18 11:12 2,854,400 --a------ C:\WINDOWS\system32\SET7A.tmp
2008-01-29 04:27 . 2008-01-29 04:27 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-29 04:22 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-29 04:16 . 2006-08-21 04:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-29 04:16 . 2006-08-21 04:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-29 04:16 . 2006-08-21 07:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-29 03:17 . 2007-07-09 08:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-29 00:00 . 2008-01-29 03:07 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-01-29 00:00 . 2005-05-12 14:00 14,396,416 --a------ C:\WINDOWS\RTHDCPL.EXE
2008-01-29 00:00 . 2008-01-29 00:00 294,912 --a------ C:\WINDOWS\HideWin.exe
2008-01-29 00:00 . 2005-05-12 14:00 262,144 --a------ C:\WINDOWS\system32\RTSndMgr.CPL
2008-01-29 00:00 . 2005-05-12 14:00 40,960 --a------ C:\WINDOWS\system32\ChCfg.exe
2008-01-29 00:00 . 2006-10-08 21:51 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-28 23:59 . 2005-05-12 14:00 487,424 --------- C:\WINDOWS\RtlExUpd.dll
2008-01-28 23:58 . 2008-01-30 02:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-28 23:58 . 2007-07-12 18:31 765,952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
2008-01-28 23:58 . 2006-08-25 10:45 617,472 -----c--- C:\WINDOWS\system32\dllcache\comctl32.dll
2008-01-28 22:14 . 2008-01-28 22:14 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-28 22:13 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-28 22:13 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-28 22:12 . 2008-01-28 22:12 <DIR> d-------- C:\Program Files\SymNetDrv
2008-01-28 22:07 . 2004-08-19 20:37 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
2008-01-28 22:07 . 2004-08-19 20:43 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-01-28 22:07 . 2004-08-19 20:56 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\CyberLink
2008-01-28 22:07 . 2008-02-01 07:45 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\AOL
2008-01-28 20:48 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-28 20:48 . 2004-08-04 03:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-28 20:48 . 2004-08-04 01:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-28 20:48 . 2001-08-17 16:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-28 20:48 . 2001-08-17 17:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-11 17:54 . 2008-01-11 17:54 245,664 --a------ C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-01-11 17:54 . 2008-01-11 17:54 61,856 --a------ C:\WINDOWS\system32\ZuneBusEnum.exe
2008-01-11 17:39 . 2008-01-11 17:39 40,832 --a------ C:\WINDOWS\system32\drivers\zumbus.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-01 19:22 --------- d-----w C:\Program Files\Pure Networks
2008-02-01 12:46 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-01 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-01 12:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-02-01 12:44 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-02-01 12:03 --------- d-----w C:\Program Files\Norton AntiVirus
2008-01-30 09:02 --------- d-----w C:\Program Files\Viewpoint
2008-01-30 09:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-29 20:29 --------- d-----w C:\Program Files\Java
2008-01-29 05:00 --------- d-----w C:\Program Files\Realtek
2008-01-29 04:57 --------- d-----w C:\Program Files\BigFix
2008-01-29 03:12 --------- d-----w C:\Program Files\Symantec
2008-01-29 03:11 --------- d-----w C:\Program Files\Common Files\Symantec Shared
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34669ECD-5877-5AA2-5716-5800CDBB8BB8}]
C:\WINDOWS\system32\sbnmr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{629FA77F-62D2-4CA3-9374-43E6848A7949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-01-29 04:34 286528]
"Cpue"="C:\WINDOWS\system32\DOBE~1\scanregw.ex e" [ ]
"Ait"="C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 21:42 32768]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 20:59 70816]
"NAV CfgWiz"="C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 14:24 124096]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 13:50 155648]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [2004-01-26 12:46 53248]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-03-11 17:18 135168]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2008-01-28 22:12 95960]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 14:00 90112 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 14:00 2805248 C:\WINDOWS\ALCWZRD.EXE]
"bm"="C:\Program Files\Common Files\TrustedAntivirus\bm.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [2008-01-11 17:54 166304]

R1 dmboott;dmboott;C:\WINDOWS\system32\drivers\dmboot t.sys [2008-01-29 07:45]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 17:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 17:54]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 17:54]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 03:07:56 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 03:07:56 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-29 03:10:11 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2008-01-29 03:10:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 14:31:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wscntfy.exe
.
************************************************** ************************
.
Completion time: 2008-02-01 14:38:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-01 19:38:44
.
2008-01-31 08:01:06 --- E O F ---

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

DO NOT RUN ANY OTHER OPTIONS UNTIL REQUESTED TO. This is very important to get an optimal and comprehensive fix. Warning : running option #2 on a non infected computer will remove your Desktop background.



Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm





SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O2 - BHO: (no name) - {34669ECD-5877-5AA2-5716-5800CDBB8BB8} - C:\WINDOWS\system32\sbnmr.dll (file missing)
O2 - BHO: (no name) - {629FA77F-62D2-4CA3-9374-43E6848A7949} - \

O4 - HKLM\..\Run: [BM] "C:\Program Files\Common Files\TrustedAntivirus\bm.exe" dm=http://trustedantivirus.com ad=http://trustedantivirus.com sd=http://ykeeper.trustedantivirus.com
O4 - HKCU\..\Run: [CPUE] "C:\WINDOWS\system32\DOBE~1\scanregw.exe" -vt yazb
O4 - HKCU\..\Run: [AIT] "C:\Documents and Settings\Owner\My Documents\??pPatch\??rss.exe"

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.




DELETE FILES:

C:\Program Files\Common Files\TrustedAntivirus\bm.exe





POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

SmitFraudFix v2.278

Scan done at 17:58:23.93, Sat 02/02/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Messenger\msmsgs.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 167.206.254.1
DNS Server Search Order: 167.206.254.2

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2C13DEA1-EDED-480A-8D4C-5DBA05388D9C}: DhcpNameServer=167.206.254.1 167.206.254.2
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D72952E6-E336-496A-B8A7-AF6E1418C07D}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2C13DEA1-EDED-480A-8D4C-5DBA05388D9C}: DhcpNameServer=167.206.254.1 167.206.254.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2C13DEA1-EDED-480A-8D4C-5DBA05388D9C}: DhcpNameServer=167.206.254.1 167.206.254.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.1 167.206.254.2
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.1 167.206.254.2
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=167.206.254.1 167.206.254.2


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

I can't find this file to delete it anywhere, after running hijack this:
C:\Program Files\Common Files\TrustedAntivirus\bm.exe

Here's the new HijackThis log, too.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:09 PM, on 2/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6877 bytes

No signs of smitfraud infection.



Let us see/review what is loaded on your PC:

• Run HijackThis and Click Open the Misc Tools section button.
• Then click the Open Uninstall Manager… button.
• Click the Save list… button. Save uninstall_list to your desktop.
  
  
• Open the Uninstall list file and post in your next reply, please.

Download SUPERAntiSpyware (SAS) free home version:

http://www.superantispyware.com/supe...freevspro.html


Install it and double-click the icon on your desktop to run it:

• It will ask if you want to update the program definitions, click "Yes",
• Let it through your firewall!
• Under "Configuration and Preferences", click the Preferences BUTTON.
• Click the Scanning Control TAB.
• Under "Scanner Options" make sure the following and additional items are checked:
  • Close browsers before scanning
  • Scan for tracking cookies (default)
  • Terminate memory threats before quarantining.
  • Ignore System Restore/Volume Information on ME and XP
  • Optional scan item:
    • Scan Alternate Data Streams (OPTIONAL Selection – deeper, trickier infection issues - longer scan).
  • Click the Close button to leave the control center screen.
• On the main screen, under "Scan for Harmful Software" click Scan your computer.
  
  • On the left check "C:\Fixed Drive".
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click "OK".
  • Make sure everything in the white box has a check next to it, then click "Next".
  • It will quarantine what it found and if it asks if you want to reboot, click "Yes".
• To retrieve the removal information - please do the following:
  • After reboot, double-click the "SUPERAntiSpyware icon" on your desktop.
  • Click "Preferences". Click the Statistics/Logs TAB.
  • Under "Scanner Logs", double-click "SUPERAntiSpyware Scan Log".
  • It will open in your default text editor (such as Notepad/Wordpad).
  • Please highlight everything , then right-click and choose copy.
• Click close and close again to exit the program.
• Please paste:
  • The SAS LOG information.

Let us know how your PC is performing - any remaining issues.




HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Look again for:

C:\Program Files\Common Files\TrustedAntivirus\bm.exe

Uninstall List:
Ad-Aware 2007
Adobe Reader 6.0
AIM 6
ATI Display Driver
BigFix
CC_ccStart
ccCommon
Digital Media Reader
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HouseCall 6.6
hp deskjet 3600
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Adapters and Drivers
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 3
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Picture It! Photo Premium 9
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (2.0.0.11)
MSRedist
MSXML 4.0 SP2 (KB936181)
Multimedia Keyboard Driver
MUSICMATCH® Jukebox
Nero BurnRights
Nero OEM
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
PowerArchiver 2007
PowerDVD
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Semagic (remove only)
SoftV92 Data Fax Modem with SmartCP
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SUPERAntiSpyware Free Edition
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Zune
Zune Language Pack (ES)
Zune Language Pack (FR)




SAS LOG:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/03/2008 at 04:08 PM

Application Version : 3.9.1008

Core Rules Database Version : 3394
Trace Rules Database Version: 1386

Scan type : Complete Scan
Total Scan Time : 00:18:14

Memory items scanned : 473
Memory threats detected : 0
Registry items scanned : 5017
Registry threats detected : 2
File items scanned : 22865
File threats detected : 94

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@shopping.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@scanner.malware-scan[1].txt
C:\Documents and Settings\Owner\Cookies\owner@hornymatches[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.glispa[2].txt
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.zanox[1].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adengage[3].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6115.46.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[3].txt
C:\Documents and Settings\Owner\Cookies\owner@systemerrorfixer[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[3].txt
C:\Documents and Settings\Owner\Cookies\owner@secure.systemerrorfix er[1].txt
C:\Documents and Settings\Owner\Cookies\owner@indiads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.clickxchange[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.geeksfind[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[5].txt
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt
C:\Documents and Settings\Owner\Cookies\owner@login.revenueloop[4].txt
C:\Documents and Settings\Owner\Cookies\owner@sale.trustedantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@dl1.ads2media[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ad2networks.advertser ve[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stat.dealtime[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atlas.entrepreneur[1].txt
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt
C:\Documents and Settings\Owner\Cookies\owner@gomyhit[5].txt
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ar.atwola[2].txt
C:\Documents and Settings\Owner\Cookies\owner@diablomedia[1].txt
C:\Documents and Settings\Owner\Cookies\owner@statsgod[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trustedantivirus[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6314.1210.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6314.1.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.auctionads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6115.8.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt
C:\Documents and Settings\Owner\Cookies\owner@stats.sellmosoft[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Owner\Cookies\owner@anad.tacoda[1].txt
C:\Documents and Settings\Owner\Cookies\owner@aff.primaryads[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@6314.365.clickshield[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.outerinfoads[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[1].txt
C:\Documents and Settings\Owner\Cookies\owner@adlegend[2].txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.adengage[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[2].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[3].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[4].txt
C:\Documents and Settings\Owner\Cookies\owner@adsrevenue[1].txt
C:\Documents and Settings\Owner\Cookies\owner@affiliate.eadvtracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@angleinteractive.dire cttrack[2].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@bizadverts[1].txt
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[1].txt
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt
C:\Documents and Settings\Owner\Cookies\owner@directtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt
C:\Documents and Settings\Owner\Cookies\owner@hitbox[3].txt
C:\Documents and Settings\Owner\Cookies\owner@login.revenueloop[2].txt
C:\Documents and Settings\Owner\Cookies\owner@login.revenueloop[3].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[1].txt
C:\Documents and Settings\Owner\Cookies\owner@lynxtrack[3].txt
C:\Documents and Settings\Owner\Cookies\owner@marketlive.122.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@networksolutions.112. 2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[2].txt
C:\Documents and Settings\Owner\Cookies\owner@precisionclick[1].txt
C:\Documents and Settings\Owner\Cookies\owner@publishers.clickbooth[1].txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar[2].txt
C:\Documents and Settings\Owner\Cookies\owner@spamblockerutility[2].txt
C:\Documents and Settings\Owner\Cookies\owner@spamblockerutility[3].txt
C:\Documents and Settings\Owner\Cookies\owner@tacoda[2].txt

RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk

Rogue.ErrorFighter
HKLM\Software\ugac
HKLM\Software\ugac#DomainName

Trojan.Unclassified/17PHolmes-A
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU1000106.EXE. VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\MROFINU572.EXE.VIR
C:\WINDOWS\MROFINU572.EXE.TMP

Adware.ClickSpring
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\DOBE~1\SCA NREGW.EXE.VIR

Trojan.Unclassifed/AffiliateBundle
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\EFCYXUV.DL L.VIR


I am still getting pop-ups from internet explorer when I first open a new Firefox window. Every so often while I'm online, I'll get a new pop-up. Always from Internet Explorer, and always for the same batch of websites (Sports Betting, mmorpg.com, Free Wii, Free BJs membership, etc...)

I booted into safe mode, and I STILL couldn't find that trustdantivirus program ANYWHERE. Not even the folder. I tried using the search, also.

Uninstall the following entry in Add/Remove Programs (Control Panel):

Java 2 Runtime Environment, SE v1.4.2




You might want to printout or save the following instructions to your desktop for subsequent referral since several reboots will be required.

Please download VundoFix.exe to your desktop.

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Tell us how your PC is now doing.