Howdy pocketaces and welcome to DCF forums

Thank you for your patience. I will be helping you deal with the issues raised in your log from this point onwards

Before we start jumping into things, here is a quick basic note which I mention to everyone. The fix which I have provided for you is for this computer only, it should not be used on any other computer. Each fix is tailor made for the specific task in hand. If for some reason you have system restore disabled, then please re-enable it before proceeding, an infected restore is better than none. Please read through the fix first and set enough time aside to complete the task in one session. If there is anything you feel needs clarification then please ask - do not guess! Thanks.

If this is a business machine then please make sure that you have both the authority and full administration rights to the computer system.

To aid clarity all external links are in bold, blue and underlined where possible as follows -> www.example-link.com

On with the fix.....

Important! - Please follow these directions in the order they are set out for you.

I could not find any information regarding a file named info.exe so, unless you know what this file is, I would like you to run a further scan for me.

I would ask that you use Internet Explorer if possible
Navigate to either Virus Total -> http://www.virustotal.com/en/indexf.html or Jottis -> http://virusscan.jotti.org/
Click on the browse/choose button and navigate to the following filepath below

c:\info.exe

Once you have found the file then click on the send button, you may be placed in a queue, please be patient until your results are back
Please note that if you use opera you may have to use the F5 key to update the page
Copy and paste the results to a text file and save them to a secure location and post them as a reply in your next post

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected, and the backups. We will then restore these files.

Please download FindAWF and save it to your desktop

Double-click FindAWF.exe to start the tool.
Select option #1 - Scan for bak folders by typing 1 and press 'Enter'
When the tool has completed, a report will open up in notepad. Please post the results of the awf.txt here as a reply to this post.

**Do not run any other option unless directed to do so.**

Thank you very much for your help SJB.  I couldnt find the directory c:\info.exe on my computer by browsing, or running a search for it.  Closest thing I could find was a MRINFO at C:\I386.  I ran the other test and here are the results.

 

  Find AWF report by noahdfear ©2006
               Version 1.40

The current date is: Sun 02/03/2008
The current time is: 10:17:12.56

  bak folders found
  ~~~~~~~~~~~

 Directory of C:\BAK

               0 File(s)              0 bytes

 Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004  08:24 AM         1,694,208 msmsgs.exe
               1 File(s)      1,694,208 bytes

 Directory of C:\PROGRA~1\QUICKT~1\BAK

03/29/2005  05:41 PM            98,304 qttask.exe
               1 File(s)         98,304 bytes

 Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004  03:00 AM            15,360 ctfmon.exe
               1 File(s)         15,360 bytes

 Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004  01:42 PM         1,404,928 smax4pnp.exe
               1 File(s)      1,404,928 bytes

 Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

08/25/2004  10:52 AM           339,968 atiptaxx.exe
               1 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/12/2004  02:54 PM            57,344 DVDLauncher.exe
               1 File(s)         57,344 bytes

 Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/26/2005  11:02 PM            86,016 DMXLauncher.exe
               1 File(s)         86,016 bytes

 Directory of C:\PROGRA~1\INTEL\INTELA~1\BAK

06/29/2004  09:23 AM           135,168 iaanotif.exe
               1 File(s)        135,168 bytes

 Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003  06:12 PM           221,184 IntelMEM.exe
               1 File(s)        221,184 bytes

 Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004  11:33 PM            98,304 MskAgent.exe
08/03/2004  06:18 PM         1,083,392 MSKDetct.exe
               2 File(s)      1,181,696 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

03/07/2005  02:05 PM           278,528 mcagent.exe
03/07/2005  02:07 PM           180,224 McUpdate.exe
               2 File(s)        458,752 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

04/05/2005  01:41 PM           950,272 MpfTray.exe
               1 File(s)        950,272 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

03/02/2005  06:19 PM           143,360 mcmnhdlr.exe
03/18/2005  07:28 PM           196,608 mcvsshld.exe
               2 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

01/19/2006  10:06 AM            11,776 mimboot.exe
               1 File(s)         11,776 bytes

 Directory of C:\PROGRA~1\PURENE~1\NETWOR~1\BAK

06/23/2006  05:45 PM         1,029,712 nmapp.exe
               1 File(s)      1,029,712 bytes

 Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/29/2005  05:40 PM            26,112 RealPlay.exe
               1 File(s)         26,112 bytes

 Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

03/07/2007  09:58 AM         1,773,568 tgcmd.exe
               1 File(s)      1,773,568 bytes

 Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/05/2004  11:05 PM           127,035 tfswctrl.exe
               1 File(s)        127,035 bytes

 Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

01/06/2004  11:01 PM           110,592 sgtray.exe
               1 File(s)        110,592 bytes

 Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007  01:11 AM           132,496 jusched.exe
               1 File(s)        132,496 bytes

  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~

     14348 Jan 30 2008 "C:\Program Files\Messenger\msmsgs.exe"
   1667584 Aug  3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
   1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
   1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
     14348 Jan 30 2008 "C:\Program Files\QuickTime\qttask.exe"
     98304 Mar 29 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
   1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\SMAX4PNP.EXE"
     14348 Jan 30 2008 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
   1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
     14348 Jan 30 2008 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    339968 Aug 25 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
     14348 Jan 30 2008 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
     57344 Oct 12 2004 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
     14348 Jan 30 2008 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
     86016 Jan 26 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
     14348 Jan 30 2008 "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
    135168 Jun 29 2004 "C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe"
     14348 Jan 30 2008 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    221184 Sep  3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    278528 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
    180224 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
    950272 Apr  5 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
    143360 Mar  2 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    196608 Mar 18 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
     14348 Jan 30 2008 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
     11776 Oct  2 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
     11776 Jan 19 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
     14348 Jan 30 2008 "C:\Program Files\Pure Networks\Network Magic\nmapp.exe"
   1029712 Jun 23 2006 "C:\Program Files\Pure Networks\Network Magic\bak\nmapp.exe"
     14348 Jan 30 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
     26112 Mar 29 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
     14348 Jan 30 2008 "C:\Program Files\support.com\bin\tgcmd.exe"
   1773568 Mar  7 2007 "C:\Program Files\support.com\bin\bak\tgcmd.exe"
     14348 Jan 30 2008 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
    127035 Dec  5 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
    127035 Dec  5 2004 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
     14348 Jan 30 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
    110592 Jan  6 2004 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
     14348 Jan 30 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

  end of report

Hi there

Double-click FindAWF.exe to start the tool.

Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
A text file will open up. Please copy/paste the following bolded text into the text file:

C:\Program Files\Messenger\bak\msmsgs.exe
C:\Program Files\QuickTime\bak\qttask.exe
C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe
C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe
C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe
C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
C:\Program Files\McAfee.com\Agent\bak\mcagent.exe
C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe
C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe
C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe
C:\Program Files\Pure Networks\Network Magic\bak\nmapp.exe
C:\Program Files\Real\RealPlayer\bak\RealPlay.exe
C:\Program Files\support.com\bin\bak\tgcmd.exe
C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe

Close the files.txt and click Yes to save the changes.
FindAWF will now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log. Copy and paste the contents of that log in your next reply along with a new HijackThis log.

Regarding the file I asked you to check...
Lets try unhiding system files to see if it will show itself

Open up your computer
From the tools menu select folder options
Click on the view tab
Scrol down to where it says hidden files and folder
Place a check in the box entitled show hidden files and folders
remove the check mark next to hide protected operating system files (recommended)
Click on apply
Click on ok

Now retry the scan at either virustotal or Jottis once more as shown in my earlier reply

I tired unhiding the files and folders as you said and I still couldnt find

c:\info.exe.

When I type it in it says that file cant be found.  Here are the other logs.

 

 

  Find AWF report by noahdfear ©2006
               Version 1.40
Option 2 run successfully

The current date is: Mon 02/04/2008
The current time is: 15:10:46.01

  bak folders found
  ~~~~~~~~~~~

 

 Directory of C:\BAK

               0 File(s)              0 bytes

 Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004  08:24 AM         1,694,208 msmsgs.exe
               1 File(s)      1,694,208 bytes

 Directory of C:\PROGRA~1\QUICKT~1\BAK

03/29/2005  05:41 PM            98,304 qttask.exe
               1 File(s)         98,304 bytes

 Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004  03:00 AM            15,360 ctfmon.exe
               1 File(s)         15,360 bytes

 Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004  01:42 PM         1,404,928 smax4pnp.exe
               1 File(s)      1,404,928 bytes

 Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

08/25/2004  10:52 AM           339,968 atiptaxx.exe
               1 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/12/2004  02:54 PM            57,344 DVDLauncher.exe
               1 File(s)         57,344 bytes

 Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/26/2005  11:02 PM            86,016 DMXLauncher.exe
               1 File(s)         86,016 bytes

 Directory of C:\PROGRA~1\INTEL\INTELA~1\BAK

06/29/2004  09:23 AM           135,168 iaanotif.exe
               1 File(s)        135,168 bytes

 Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003  06:12 PM           221,184 IntelMEM.exe
               1 File(s)        221,184 bytes

 Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004  11:33 PM            98,304 MskAgent.exe
08/03/2004  06:18 PM         1,083,392 MSKDetct.exe
               2 File(s)      1,181,696 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

03/07/2005  02:05 PM           278,528 mcagent.exe
03/07/2005  02:07 PM           180,224 McUpdate.exe
               2 File(s)        458,752 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

04/05/2005  01:41 PM           950,272 MpfTray.exe
               1 File(s)        950,272 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

03/02/2005  06:19 PM           143,360 mcmnhdlr.exe
03/18/2005  07:28 PM           196,608 mcvsshld.exe
               2 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

01/19/2006  10:06 AM            11,776 mimboot.exe
               1 File(s)         11,776 bytes

 Directory of C:\PROGRA~1\PURENE~1\NETWOR~1\BAK

06/23/2006  05:45 PM         1,029,712 nmapp.exe
               1 File(s)      1,029,712 bytes

 Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/29/2005  05:40 PM            26,112 RealPlay.exe
               1 File(s)         26,112 bytes

 Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

03/07/2007  09:58 AM         1,773,568 tgcmd.exe
               1 File(s)      1,773,568 bytes

 Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/05/2004  11:05 PM           127,035 tfswctrl.exe
               1 File(s)        127,035 bytes

 Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

01/06/2004  11:01 PM           110,592 sgtray.exe
               1 File(s)        110,592 bytes

 Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007  01:11 AM           132,496 jusched.exe
               1 File(s)        132,496 bytes

  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~

     14348 Jan 30 2008 "C:\Program Files\Messenger\msmsgs.exe"
   1667584 Aug  3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
   1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
   1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
     14348 Jan 30 2008 "C:\Program Files\QuickTime\qttask.exe"
     98304 Mar 29 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
   1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\SMAX4PNP.EXE"
     14348 Jan 30 2008 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
   1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
     14348 Jan 30 2008 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    339968 Aug 25 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
     14348 Jan 30 2008 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
     57344 Oct 12 2004 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
     14348 Jan 30 2008 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
     86016 Jan 26 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
     14348 Jan 30 2008 "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
    135168 Jun 29 2004 "C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe"
     14348 Jan 30 2008 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    221184 Sep  3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    278528 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
    180224 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
    950272 Apr  5 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
    143360 Mar  2 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
     14348 Jan 30 2008 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    196608 Mar 18 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
     14348 Jan 30 2008 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
     11776 Oct  2 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
     11776 Jan 19 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
     14348 Jan 30 2008 "C:\Program Files\Pure Networks\Network Magic\nmapp.exe"
   1029712 Jun 23 2006 "C:\Program Files\Pure Networks\Network Magic\bak\nmapp.exe"
     14348 Jan 30 2008 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
     26112 Mar 29 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
     14348 Jan 30 2008 "C:\Program Files\support.com\bin\tgcmd.exe"
   1773568 Mar  7 2007 "C:\Program Files\support.com\bin\bak\tgcmd.exe"
    127035 Dec  5 2004 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
    127035 Dec  5 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
    127035 Dec  5 2004 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
     14348 Jan 30 2008 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
    110592 Jan  6 2004 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
     14348 Jan 30 2008 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

  end of report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:33 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\Analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ChkDsk32] c:\info.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\bak\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

--
End of file - 7723 bytes

Hi there

I want you to re-run option 2 of the fix once more...

Double-click FindAWF.exe to start the tool.

Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'
A text file will open up. Please copy/paste the following bolded text into the text file:

"C:\Program Files\Messenger\bak\msmsgs.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
"C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
"C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
"C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
"C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
"C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe"
"C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
"C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
"C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
"C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
"C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
"C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
"C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
"C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
"C:\Program Files\Pure Networks\Network Magic\bak\nmapp.exe"
"C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
"C:\Program Files\support.com\bin\bak\tgcmd.exe"
"C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
"C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
"C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

Close the files.txt and click Yes to save the changes.
FindAWF will now terminate the bad processes if running, delete the bad files and restore/replace them with the good files.
Then it will open a log. Copy and paste the contents of that log in your next reply along with a new HijackThis log.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:40 PM, on 2/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\Analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ChkDsk32] c:\info.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\bak\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

--
End of file - 7724 bytes

  Find AWF report by noahdfear ©2006
               Version 1.40
Option 2 run successfully

The current date is: Tue 02/05/2008
The current time is: 21:12:09.18

  bak folders found
  ~~~~~~~~~~~

 Directory of C:\BAK

               0 File(s)              0 bytes

 Directory of C:\PROGRA~1\MESSEN~1\BAK

10/13/2004  08:24 AM         1,694,208 msmsgs.exe
               1 File(s)      1,694,208 bytes

 Directory of C:\PROGRA~1\QUICKT~1\BAK

03/29/2005  05:41 PM            98,304 qttask.exe
               1 File(s)         98,304 bytes

 Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004  03:00 AM            15,360 ctfmon.exe
               1 File(s)         15,360 bytes

 Directory of C:\PROGRA~1\ANALOG~1\CORE\BAK

10/14/2004  01:42 PM         1,404,928 smax4pnp.exe
               1 File(s)      1,404,928 bytes

 Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

08/25/2004  10:52 AM           339,968 atiptaxx.exe
               1 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/12/2004  02:54 PM            57,344 DVDLauncher.exe
               1 File(s)         57,344 bytes

 Directory of C:\PROGRA~1\DELL\MEDIAE~1\BAK

01/26/2005  11:02 PM            86,016 DMXLauncher.exe
               1 File(s)         86,016 bytes

 Directory of C:\PROGRA~1\INTEL\INTELA~1\BAK

06/29/2004  09:23 AM           135,168 iaanotif.exe
               1 File(s)        135,168 bytes

 Directory of C:\PROGRA~1\INTEL\MODEME~1\BAK

09/03/2003  06:12 PM           221,184 IntelMEM.exe
               1 File(s)        221,184 bytes

 Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004  11:33 PM            98,304 MskAgent.exe
08/03/2004  06:18 PM         1,083,392 MSKDetct.exe
               2 File(s)      1,181,696 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

03/07/2005  02:05 PM           278,528 mcagent.exe
03/07/2005  02:07 PM           180,224 McUpdate.exe
               2 File(s)        458,752 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

04/05/2005  01:41 PM           950,272 MpfTray.exe
               1 File(s)        950,272 bytes

 Directory of C:\PROGRA~1\MCAFEE.COM\VSO\BAK

03/02/2005  06:19 PM           143,360 mcmnhdlr.exe
03/18/2005  07:28 PM           196,608 mcvsshld.exe
               2 File(s)        339,968 bytes

 Directory of C:\PROGRA~1\MUSICM~1\MUSICM~3\BAK

01/19/2006  10:06 AM            11,776 mimboot.exe
               1 File(s)         11,776 bytes

 Directory of C:\PROGRA~1\PURENE~1\NETWOR~1\BAK

06/23/2006  05:45 PM         1,029,712 nmapp.exe
               1 File(s)      1,029,712 bytes

 Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

03/29/2005  05:40 PM            26,112 RealPlay.exe
               1 File(s)         26,112 bytes

 Directory of C:\PROGRA~1\SUPPORT.COM\BIN\BAK

03/07/2007  09:58 AM         1,773,568 tgcmd.exe
               1 File(s)      1,773,568 bytes

 Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

12/05/2004  11:05 PM           127,035 tfswctrl.exe
               1 File(s)        127,035 bytes

 Directory of C:\PROGRA~1\COMMON~1\SONIC\UPDATE~1\BAK

01/06/2004  11:01 PM           110,592 sgtray.exe
               1 File(s)        110,592 bytes

 Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

09/25/2007  01:11 AM           132,496 jusched.exe
               1 File(s)        132,496 bytes

  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~

   1694208 Oct 13 2004 "C:\Program Files\Messenger\msmsgs.exe"
   1667584 Aug  3 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
   1694208 Oct 13 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
   1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
     98304 Mar 29 2005 "C:\Program Files\QuickTime\qttask.exe"
     98304 Mar 29 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
   1404928 Oct 14 2004 "C:\DRIVERS\AUDIO\SMAX4PNP.EXE"
   1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
   1404928 Oct 14 2004 "C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe"
    339968 Aug 25 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    339968 Aug 25 2004 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
     57344 Oct 12 2004 "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
     57344 Oct 12 2004 "C:\Program Files\CyberLink\PowerDVD\bak\DVDLauncher.exe"
     86016 Jan 26 2005 "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
     86016 Jan 26 2005 "C:\Program Files\Dell\Media Experience\bak\DMXLauncher.exe"
    135168 Jun 29 2004 "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
    135168 Jun 29 2004 "C:\Program Files\Intel\Intel Application Accelerator\bak\iaanotif.exe"
    221184 Sep  3 2003 "C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe"
    221184 Sep  3 2003 "C:\Program Files\Intel\Modem Event Monitor\bak\IntelMEM.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"
    278528 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\mcagent.exe"
    278528 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\mcagent.exe"
    180224 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\McUpdate.exe"
    180224 Mar  7 2005 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
    950272 Apr  5 2005 "C:\Program Files\McAfee.com\Personal Firewall\MpfTray.exe"
    950272 Apr  5 2005 "C:\Program Files\McAfee.com\Personal Firewall\bak\MpfTray.exe"
    143360 Mar  2 2005 "C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe"
    143360 Mar  2 2005 "C:\Program Files\McAfee.com\VSO\bak\mcmnhdlr.exe"
    196608 Feb  5 2008 "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
    196608 Mar 18 2005 "C:\Program Files\McAfee.com\VSO\bak\mcvsshld.exe"
     11776 Jan 19 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe"
     11776 Oct  2 2006 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mimboot.exe"
     11776 Jan 19 2006 "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak\mimboot.exe"
   1029712 Jun 23 2006 "C:\Program Files\Pure Networks\Network Magic\nmapp.exe"
   1029712 Jun 23 2006 "C:\Program Files\Pure Networks\Network Magic\bak\nmapp.exe"
     26112 Mar 29 2005 "C:\Program Files\Real\RealPlayer\RealPlay.exe"
     26112 Mar 29 2005 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe"
   1773568 Mar  7 2007 "C:\Program Files\support.com\bin\tgcmd.exe"
   1773568 Mar  7 2007 "C:\Program Files\support.com\bin\bak\tgcmd.exe"
    127035 Dec  5 2004 "C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe"
    127035 Dec  5 2004 "C:\Program Files\Sonic\DLA\install\tfswctrl.exe"
    127035 Dec  5 2004 "C:\WINDOWS\SYSTEM32\dla\bak\tfswctrl.exe"
    110592 Jan  6 2004 "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe"
    110592 Jan  6 2004 "C:\Program Files\Common Files\Sonic\Update Manager\bak\sgtray.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\bak\jusched.exe"

  end of report

Hi there pocketaces

Great work so far :)

Double-click FindAWF.exe to start the tool.

Select option #3 - Remove bak folders by typing 3 and press 'Enter'
A text file will open up. Please copy/paste the following bolded text into the text file:

C:\Program Files\Messenger\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Analog Devices\Core\bak
C:\Program Files\ATI Technologies\ATI Control Panel\bak
C:\Program Files\CyberLink\PowerDVD\bak
C:\Program Files\Dell\Media Experience\bak
C:\Program Files\Intel\Intel Application Accelerator\bak
C:\Program Files\Intel\Modem Event Monitor\bak
C:\Program Files\McAfee\SpamKiller
C:\Program Files\McAfee.com\Agent\bak
C:\Program Files\McAfee.com\Personal Firewall\bak
C:\Program Files\McAfee.com\VSO\bak
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\bak
C:\Program Files\Pure Networks\Network Magic\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\support.com\bin\bak
C:\Program Files\Common Files\Sonic\Update Manager\bak
C:\Program Files\Java\jre1.6.0_03\bin\bak
C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
C:\WINDOWS\SYSTEM32\dla\bak

Then close folders.txt and let it save the changes.
FindAWF will now remove the bak folders and open a log aferwards.
Copy and paste the contents of that log in your next reply along with a new HijackThis log.

Thanks, you make it easy your instructions are perfect.  Thanks for all the help so far.

 

  Find AWF report by noahdfear ©2006
               Version 1.40
Option 3 run successfully

The current date is: Thu 02/07/2008
The current time is: 18:21:59.83

  bak folders found
  ~~~~~~~~~~~

 Directory of C:\BAK

               0 File(s)              0 bytes

 Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004  03:00 AM            15,360 ctfmon.exe
               1 File(s)         15,360 bytes

 Directory of C:\PROGRA~1\MCAFEE\SPAMKI~1\BAK

06/16/2004  11:33 PM            98,304 MskAgent.exe
08/03/2004  06:18 PM         1,083,392 MSKDetct.exe
               2 File(s)      1,181,696 bytes

  Duplicate files of bak directory contents
  ~~~~~~~~~~~~~~~~~~~~~~~

     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\ctfmon.exe"
     15360 Aug  4 2004 "C:\WINDOWS\SYSTEM32\bak\ctfmon.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\MskAgent.exe"
     98304 Jun 16 2004 "C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe"
   1083392 Aug  3 2004 "C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe"

  end of report

Hi there

Start the FindAWF tool - select Option 4 > Enter.
When done, Press E, then Enter to EXIT.

You should update your version of the Sun Java Platform (JRE) to the latest version which is Sun Java Runtime Environment 6 Update 4:

Updating Java: Download the latest version of Sun Java Runtime Environment 6 Update 4 from the link below

http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html

Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your Desktop, double-click on the newly-downloaded Java file to install the newest version

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.
  

If you use Firefox browser

• Click Firefox at the top and choose: Select All Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

If you use Opera browser

• Click Opera at the top and choose: Select All Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go to HERE to run Panda's ActiveScan

• 
  * You will need to use Internet Explorer for this task
  
  
• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Once done - reboot your computer

Post back with the pandascan log and a new HJT log

Thanks

Got a situation with the pandascan...I have run one before so I dont think its user error, but when its running about half way through it detects 2 rootkits and 9 spyware, then the browser shuts down along with any other browser windows open.  I have ran it atleast 6-7 times and every time without fail it does it there.  Once it told me one of my files needed a more in depth analysis and to send it to the lab and scan again in a few hours, and when I did it just closed like usual.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:51 PM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\Analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ChkDsk32] c:\info.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

--
End of file - 8574 bytes

Hi there pocketaces

Please download ComboFix.exe

Save ComboFix to the desktop.

1. Double click on combo.exe and follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new HijackThis log.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. Do not proceed with the rest of the fix if you fail to run combofix

If your computer did not restart then please restart it now. Once it has restarted please generate a fresh HJT log
Post this along with the results from combofix in your next reply

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:28:09 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Analyze.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://thottbot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [ChkDsk32] c:\info.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe

--
End of file - 8246 bytes

ComboFix 08-02-12.1 - Scott 2008-02-11 16:20:28.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.2643 [GMT -8:00]
Running from: C:\Documents and Settings\Scott\Desktop\ComboFix.exe
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Scott\Application Data\ShoppingReport
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Scott\Application Data\ShoppingReport\cs\res3\WhiteList.dbs
C:\Program Files\ShoppingReport
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
C:\Program Files\ShoppingReport\Uninst.exe

----- BITS: Possible infected sites -----

hxxp://downloads.networkmagic.com
.
(((((((((((((((((((((((((   Files Created from 2008-01-12 to 2008-02-12  )))))))))))))))))))))))))))))))
.

2008-02-10 17:09 . 2008-02-10 17:11 1,071,804,928 --a------ C:\637.tmp
2008-02-10 17:02 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\itlucpcnebll.sys
2008-02-10 15:07 . 2008-02-10 15:09 1,071,804,928 --a------ C:\404.tmp
2008-02-10 15:01 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pvymovhdhmiq.sys
2008-02-10 14:52 . 2008-02-10 14:54 1,071,804,928 --a------ C:\242.tmp
2008-02-10 14:47 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-02-10 14:46 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ntcxvupyxvfm.sys
2008-02-10 14:30 . 2008-02-10 14:30 50,688 --a------ C:\Program Files\ATF-Cleaner.exe
2008-02-10 14:28 . 2008-02-10 14:28 

 d-------- C:\Program Files\Java
2008-02-10 14:28 . 2008-02-10 14:28   d-------- C:\Program Files\Common Files\Java
2008-02-10 14:28 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-02-10 14:01 . 2008-02-10 14:05 15,852,952 --a------ C:\Program Files\jre-6u4-windows-i586-p.exe
2008-02-09 15:32 . 2008-02-11 16:02 870,128 --a------ C:\WINDOWS\SYSTEM32\mcs.rma
2008-02-09 15:32 . 2008-02-09 15:32 8,413 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys
2008-02-09 15:32 . 2008-02-11 16:02 4 --a------ C:\WINDOWS\SYSTEM32\BFD3F1
2008-02-09 15:30 . 2008-02-09 15:33   d-------- C:\Program Files\Rhapsody
2008-02-09 15:29 . 2008-02-09 15:29 19,420,680 --a------ C:\Program Files\RhapsodyReal.exe
2008-01-31 17:06 . 2008-01-31 17:06 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 17:06 . 2008-01-31 17:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-30 17:38 . 2008-01-30 17:38   d-------- C:\WINDOWS\SYSTEM32\bak
2008-01-26 15:15 . 2008-01-26 15:15 1,158 --a------ C:\WINDOWS\mozver.dat
2008-01-25 20:41 . 2008-01-25 20:41   d-------- C:\Program Files\Ventrilo
2008-01-25 20:41 . 2008-01-25 20:41   d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-25 20:40 . 2008-01-25 20:41 2,732,032 --a------ C:\Program Files\ventrilo-3.0.1-Windows-i386.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-11 01:01 --------- d-----w C:\Program Files\Common Files\Pure Networks Shared
2008-02-10 22:13 --------- d-----w C:\Program Files\PokerStars
2008-02-10 22:13 --------- d-----w C:\Program Files\PartyGaming
2008-02-08 02:21 --------- d-----w C:\Program Files\QuickTime
2008-01-26 04:25 --------- d-----w C:\Program Files\World of Warcraft
2008-01-22 01:27 --------- d-----w C:\Program Files\Real
2008-01-12 07:32 --------- d-----w C:\Program Files\Pure Networks
2008-01-12 07:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2007-12-28 20:53 --------- d-----w C:\Program Files\DivX
2007-12-14 06:00 --------- d-----w C:\Program Files\RebirthRO
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\SYSTEM32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\SYSTEM32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w C:\WINDOWS\SYSTEM32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w C:\WINDOWS\SYSTEM32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w C:\WINDOWS\SYSTEM32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w C:\WINDOWS\SYSTEM32\DivX.dll
2007-12-11 19:44 593,920 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w C:\WINDOWS\SYSTEM32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w C:\WINDOWS\SYSTEM32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w C:\WINDOWS\SYSTEM32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w C:\WINDOWS\SYSTEM32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w C:\WINDOWS\SYSTEM32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\SYSTEM32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\SYSTEM32\DivXWMPExtType.dll
2007-07-24 22:33 1,021,336,623 ----a-w C:\Program Files\RebirthRO_FULL_CLIENT.exe
2007-01-15 18:39 21,719 ----a-w C:\Program Files\CharacterProfiler.zip
2007-01-15 00:23 2,010,624 ----a-w C:\Program Files\ventrilo-2.3.0-Windows-i386.exe
2005-07-08 02:22 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe
2005-06-16 22:03 2,077,424 ----a-w C:\Program Files\WindowsXP-KB894391-x86-ENU.exe
2005-04-05 04:43 4,354,084 ----a-w C:\Program Files\spybotsd13.exe
.

(((((((((((((((((((((((((((((((((((((((((((((   AWF   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w            98,304 2004-06-17 07:33:02  C:\Program Files\McAfee\SpamKiller\bak\MskAgent.exe
----a-w            98,304 2004-06-17 07:33:02  C:\Program Files\McAfee\SpamKiller\MskAgent.exe

----a-w         1,083,392 2004-08-04 02:18:16  C:\Program Files\McAfee\SpamKiller\bak\MSKDetct.exe
----a-w         1,083,392 2004-08-04 02:18:16  C:\Program Files\McAfee\SpamKiller\MSKDetct.exe

----a-w            15,360 2004-08-04 11:00:00  C:\WINDOWS\SYSTEM32\bak\ctfmon.exe
----a-w            15,360 2004-08-04 11:00:00  C:\WINDOWS\SYSTEM32\ctfmon.exe

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"Aim6"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 13:42 1404928]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 09:23 135168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 10:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 14:54 57344]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 23:01 110592]
"VSOCheckTask"="c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" [2005-03-02 18:19 143360]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-03-07 14:05 278528]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [2005-03-07 14:07 180224]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-29 17:40 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-29 17:41 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-05 23:05 127035]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-26 23:02 86016]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [2008-02-05 21:12 196608]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-04-05 13:41 950272]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 10:06 11776]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2007-03-07 09:58 1773568]
"ChkDsk32"="c:\info.exe" [ ]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2004-06-16 23:33 98304]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2004-08-03 18:18 1083392]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2006-06-23 17:45 1029712]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]

S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\Scott\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-11 23:53:40 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (SCOTTS-Scott).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-12 00:19:00 C:\WINDOWS\Tasks\McAfee.com Update Check (D1HVT571-Owner).job"
- c:\PROGRA~1\mcafee.com\agent\mcupdate.ex
- c:\PROGRA~1\mcafee.com\agent
"2008-02-12 00:19:00 C:\WINDOWS\Tasks\McAfee.com Update Check (SCOTTS-Scott).job"
- C:\PROGRA~1\mcafee.com\agent\McUpdate.ex
- C:\PROGRA~1\mcafee.com\agent
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 16:21:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-11 16:22:05
ComboFix-quarantined-files.txt  2008-02-12 00:22:02
ComboFix2.txt  2007-12-10 02:27:02
ComboFix3.txt  2007-12-09 21:01:37
.
2008-01-09 11:35:43 --- E O F ---