Total Security 2009

This virus isn't letting me open up anything. Hijack this doesn't open and neither does any of the other virus protection programs. Right now it isn't letting me download anything.

Hello.
If you can't download anything on the infected machine, can you download tools on another machine with internet access and carry them across via USB?

That doesn't seem to be working either. Hijack this closes immediately and Malwarebytes doesn't even open.

Ok, I got Hijack this to work in safe mode. Here's the Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:24:39 PM, on 9/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {095c236f-5239-4f30-a162-099194baef8e} - penibeti.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147469161\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [16289064] C:\Documents and Settings\All Users\Application Data\16289064\16289064.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [dugufujere] Rundll32.exe "beretojo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} (QuickBooks Online Edition Utilities Class v10) - https://accounting.quickbooks.com/c1/v21.147/qboax10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.webex.com/client/T23L10NSP33EP8-PREMCONF/webex/ieatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: beretojo.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Rapport Management Service (RapportMgmtService) - Unknown owner - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7201 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O2 - BHO: (no name) - {095c236f-5239-4f30-a162-099194baef8e} - penibeti.dll (file missing)
  O4 - HKLM\..\Run: [16289064] C:\Documents and Settings\All Users\Application Data\16289064\16289064.exe
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
  O4 - HKLM\..\Run: [dugufujere] Rundll32.exe "beretojo.dll",s
  O18 - Filter hijack: text/html - (no CLSID) - (no file)
  O20 - AppInit_DLLs: beretojo.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Here's The Malwarebytes log.
Malwarebytes' Anti-Malware 1.40
Database version: 2631
Windows 5.1.2600 Service Pack 2

9/19/2009 9:30:33 PM
mbam-log-2009-09-19 (21-30-33).txt

Scan type: Quick Scan
Objects scanned: 188528
Time elapsed: 49 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\16289064 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\All Users\Application Data\16289064\16289064 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16289064\16289064.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16289064\pc16289064ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\futewege.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gogogahi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\japidahu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


We still seem to be having problems though and the virus keeps vanishing and re appearing.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

omboFix 09-09-20.04 - Owner 09/21/2009 23:54.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2039.1695 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DFRA.tmp
c:\documents and settings\All Users\Application Data\10711714
c:\documents and settings\All Users\Application Data\10711714\10711714
c:\documents and settings\All Users\Application Data\10711714\10711714.exe
c:\documents and settings\All Users\Application Data\10711714\pc10711714ins
c:\recycler\S-1-5-21-3351966399-2989048848-267923825-1003
c:\windows\Installer\1324b.msi
c:\windows\system32\AutoRun.inf
c:\windows\system32\bazabezi.exe
c:\windows\system32\befarise.dll
c:\windows\system32\begajetu.exe
c:\windows\system32\bosudeji.exe
c:\windows\system32\dorulelo.exe
c:\windows\system32\fawuruvo.exe
c:\windows\system32\fonasiju.exe
c:\windows\system32\hofalobu.dll
c:\windows\system32\mehovige.dll
c:\windows\system32\mijejabe.dll
c:\windows\system32\rimiyino.exe
c:\windows\system32\sihahere.dll
c:\windows\system32\varipovu.dll
c:\windows\system32\zayiveva.dll
c:\windows\system32\zekazide.exe
c:\windows\system32\zipavagi.exe
c:\windows\system32\zugahohe.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.

2009-09-22 03:35 . 2009-09-22 03:36 -------- d-----w- C:\Combo-Fix
2009-08-29 23:48 . 2009-08-29 23:48 -------- d-----w- c:\documents and settings\NetworkService\Application Data\HPAppData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 03:46 . 2009-07-24 23:55 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2009-09-22 03:34 . 2007-04-14 05:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-22 03:34 . 2009-08-20 17:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-22 03:34 . 2009-08-20 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 19:46 . 2007-08-04 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-08-23 19:45 . 2006-07-04 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\CA
2009-08-23 19:41 . 2007-08-04 21:32 -------- d-----w- c:\program files\Kodak
2009-08-18 19:14 . 2009-08-18 19:14 -------- d-----w- c:\program files\iTunes
2009-08-18 19:14 . 2009-08-18 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-18 19:14 . 2009-08-18 19:14 -------- d-----w- c:\program files\iPod
2009-08-18 19:14 . 2007-10-07 18:59 -------- d-----w- c:\program files\Common Files\Apple
2009-08-18 18:47 . 2009-08-18 18:47 -------- d-----w- c:\program files\Bonjour
2009-08-18 18:46 . 2009-06-22 17:32 -------- d-----w- c:\program files\QuickTime
2009-08-15 21:38 . 2009-08-15 21:38 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-08-15 21:38 . 2009-08-15 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 17:26 . 2008-12-23 01:14 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-08-03 04:06 . 2009-08-03 04:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2009-08-03 03:59 . 2009-08-03 03:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trusteer
2007-11-05 03:43 . 2007-11-05 03:43 621808 ----a-w- c:\program files\AmazonMP3Installer.exe
2007-04-21 16:42 . 2007-04-21 16:42 19994184 ----a-w- c:\program files\QuickTimeInstaller.exe
2006-01-07 17:35 . 2006-01-07 17:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2001-06-20 21:19 . 2001-06-19 21:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2005-06-19 21:17 . 2005-06-19 21:17 0 -csha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784]
"Aim6"="c:\program files\AIM6\aim6.exe" [2006-11-07 50736]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-11-01 32768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2000-06-07 794112]
"HostManager"="c:\program files\Common Files\AOL\1147469161\ee\AOLHostManager.exe" [2005-08-02 159832]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-17 113664]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-11-1 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Common Files\\AOL\\1147469161\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:3\\Program Files\\BitLord\\BitLord.exe"=
"C:3\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:0\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:1\\Program Files\\LimeWire\\LimeWire.exe"=
"C:2\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [7/18/2009 9:42 AM 57320]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [7/18/2009 9:42 AM 239336]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [7/13/2005 5:27 PM 15104]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [3/19/2006 9:54 AM 70016]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [7/18/2009 9:42 AM 664808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/25/2007 11:15 AM 24652]
S3 WUSB54GV4SRV;Linksys Wireless-G USB Network Adapter Driver;c:\windows\system32\drivers\rt2500usb.sys [6/19/2005 4:24 PM 79616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
Trusted Zone: turbotax.com
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-10711714 - c:\documents and settings\All Users\Application Data\10711714\10711714.exe
HKLM-Run-hawuritaj - c:\windows\system32\heyehupi.dll
SharedTaskScheduler-{d00c50ed-315e-444e-ab3a-8da6f8b26bdd} - c:\windows\system32\heyehupi.dll
SSODL-zinasudun-{d00c50ed-315e-444e-ab3a-8da6f8b26bdd} - c:\windows\system32\heyehupi.dll
AddRemove-HijackThis - L:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-22 00:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-22 0:20
ComboFix-quarantined-files.txt 2009-09-22 04:19

Pre-Run: 45,548,707,840 bytes free
Post-Run: 49,288,429,568 bytes free

181 --- E O F --- 2008-04-12 07:15

Hello.
Next,

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

2780 Games XP Championship
32 Bit HP CIO Components Installer
555 Games XP Championship
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.3
AIM 6.0
Amazon MP3 Downloader 1.0.0+6
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Explorer
AOL Instant Messenger
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
BigFix
Bonjour
Brain Games
DesignPro 5.0 Limited Edition
Digital Media Reader
Drivers Install For Linksys Easylink Advisor
ebgcInfra
ebgcRes
ebgcRes
ebgcSDK
ebgcSDK
HijackThis 2.0.2
HP Customer Participation Program 9.0
HP Deskjet All-In-One Software 9.0
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Update
HPSSupply
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.6 (0032)
Macromedia Shockwave Player
MegaStat 9.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2000 SR-1 Professional
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
MINITAB 14 Student
MSN Messenger 7.5
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Ohio Wesleyan University 2005 Directory
Picasa 2
PowerDVD
Pure Networks Port Magic
QuickTime
Rapport
RealArcade
RealPlayer
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
SINGWIN32
SoftV92 Data Fax Modem with SmartCP
Super TextTwist
SupportSoft Assisted Service
TPS Electronic Financial Worksheets 2.24
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 reƖ
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wohiper
TurboTax 2008 wrapper
TurboTax Deluxe 2005
TurboTax Deluxe Deduction Maximizer 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
URGE
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebEx
WexTech AnswerWorks
Windows Backup Utility
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
Word Slinger

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Next,

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   Registry::
   [HKEY_LOCAL_MACHINE\software\microsoft\security center]
   "UpdatesDisableNotify"=-
   
   RegLock::
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
   [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
   [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
   

   
   
4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.