Another case of the spyware.ispynow problem...

I have the hijack log here. Please help,
This appeared out of nowhere, when i started my computer it became very laggy.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:22 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Microsoft Encarta\Encarta Reference Library 2003\EDICT.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Jessica\Application Data\U3\0FA0A5608182B8C2\LaunchPad.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
H:\e.cmd
H:\Documents\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00F194549B.exe] C:\DOCUME~1\Jessica\LOCALS~1\Temp\_A00F194549B.exe
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: __c00A5F4C - C:\WINDOWS\system32\__c00A5F4C.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Jessica\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11814 bytes

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  O4 - HKCU\..\Run: [A00F194549B.exe] C:\DOCUME~1\Jessica\LOCALS~1\Temp\_A00F194549B.exe
  O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\kamsoft.exe
  O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
  O20 - Winlogon Notify: __c00A5F4C - C:\WINDOWS\system32\__c00A5F4C.dat (file missing)
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

===

Delete these files in bold:
C:\WINDOWS\system32\kamsoft.exe
C:\WINDOWS\system32\drivers\svchost.exe <== delete only in the drivers folder

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Okay, I am unable to open combofix. I double click it as instructed but it will not pop up. I also couldn't find the kamsoft.exe in the system32 folder. Thanks

Hello.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINDOWS\system32\kamsoft.exe
C:\DOCUME~1\Jessica\LOCALS~1\Temp\_A00F194549B.exe
C:\WINDOWS\system32\drivers\svchost.exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Don't tick the box below.
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log.

Okay, here is what avenger had:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmqlt.sys
Start Type: 1 (System)

Rootkit scan completed.

File "C:\WINDOWS\system32\kamsoft.exe" deleted successfully.

Error: file "C:\DOCUME~1\Jessica\LOCALS~1\Temp\_A00F194549B.exe" not found!
Deletion of file "C:\DOCUME~1\Jessica\LOCALS~1\Temp\_A00F194549B.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\svchost.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\svchost.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

now here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:17 AM, on 12/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jessica\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080407
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [IRIS_S2P] C:\Program Files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O20 - Winlogon Notify: __c00A5F4C - C:\WINDOWS\system32\__c00A5F4C.dat (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe (file missing)
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Jessica\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 11406 bytes

I don't know if this might be of help but ViewMgr(.exe?) seems to get an error when i start up the computer.

Ignore the error, it's Viewpoint causing it.
Lets get rid of the bigger problem first.

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Drivers to disable:
TDSSserv.sys

Drivers to delete:
TDSSserv.sys

Files to delete:
C:\WINDOWS\system32\drivers\TDSSmqlt.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

• Under "Input script here:", paste in the script from the quote box above.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Don't tick the box below.
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

5. Please copy/paste the content of c:\avenger.txt into your reply.

Here it is:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "TDSSserv.sys" found!
ImagePath: \systemroot\system32\drivers\TDSSmqlt.sys
Start Type: 4 (Disabled)

Rootkit scan completed.

Driver "TDSSserv.sys" disabled successfully.
Driver "TDSSserv.sys" deleted successfully.
File "C:\WINDOWS\system32\drivers\TDSSmqlt.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Hello.
The rootkit is gone now, please try combofix again.

Here is combofix log:
ComboFix 08-11-30.02 - Jessica 2008-12-01 8:52:11.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.543 [GMT -5:00]
Running from: c:\documents and settings\Jessica\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\abk.bat
C:\Autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Jessica\Application Data\google\runhh6110411.exe
c:\documents and settings\Jessica\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\documents and settings\Jessica\nah_gmfh.exe
C:\e.cmd
C:\i.bat
C:\ij.bat
c:\windows\IE4 Error Log.txt
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\TDSSbrsr.dll
c:\windows\system32\TDSScfum.dll
c:\windows\system32\TDSSoiqh.dll
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSStkdv.log
c:\windows\system32\x64
C:\xcrashdump.dat

----- BITS: Possible infected sites -----

hxxp://www.spiralfrog.com
c:\windows\system32\winlogon.exe . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PACKET
-------\Legacy_TDSSSERV.SYS
-------\Service_Packet


((((((((((((((((((((((((( Files Created from 2008-11-01 to 2008-12-01 )))))))))))))))))))))))))))))))
.

2008-12-01 00:39 . 2008-12-01 00:40 d-------- c:\documents and settings\Administrator\Application Data\U3
2008-11-30 22:57 . 2008-11-30 22:57 d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-30 20:36 . 2008-04-07 14:13 d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-30 20:36 . 2008-11-30 20:36 d-------- c:\documents and settings\Administrator
2008-11-30 20:20 . 2008-11-30 20:20 d-------- c:\documents and settings\All Users\Application Data\U3
2008-11-30 19:17 . 2008-11-30 19:17 d-------- c:\program files\Lavasoft
2008-11-30 19:17 . 2008-11-30 19:17 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-30 17:51 . 2008-12-01 08:19 2,274 --a------ c:\windows\system32\TDSSlxwp.dll
2008-11-20 20:01 . 2008-11-20 20:01 d-------- c:\documents and settings\Jessica\Application Data\acccore
2008-11-20 20:00 . 2008-11-20 20:00 d-------- c:\program files\Common Files\Software Update Utility
2008-11-20 19:59 . 2008-11-20 20:00 d-------- c:\program files\AIM6
2008-11-20 19:59 . 2008-11-20 19:59 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-15 01:40 . 2008-11-15 01:40 d-------- c:\documents and settings\Jessica\Application Data\SonyEricsson
2008-11-12 17:10 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:10 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:09 . 2008-11-11 20:09 d--hs---- c:\documents and settings\Jessica\PrivacIE
2008-11-08 01:03 . 2008-11-08 01:03 d-------- c:\documents and settings\Jessica\Application Data\Skinux
2008-11-08 01:01 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-08 01:01 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-08 01:01 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-08 01:01 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-08 01:00 . 2008-11-08 01:01 d-------- c:\program files\Common Files\Kodak
2008-11-08 00:58 . 2008-11-08 01:02 d-------- c:\program files\Kodak
2008-11-08 00:42 . 2008-11-08 01:02 d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-11-05 22:54 . 2004-08-04 05:00 180,770 --a------ c:\windows\system32\dllcache\c_20932.nls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-01 02:54 --------- d-----w c:\documents and settings\Jessica\Application Data\U3
2008-11-30 19:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 22:31 --------- d-----w c:\program files\Common Files\AOL
2008-11-29 19:04 --------- d-----w c:\program files\iPod
2008-11-29 18:43 --------- d-----w c:\program files\Sony Ericsson
2008-11-28 03:37 --------- d-----w c:\documents and settings\Jessica\Application Data\gtk-2.0
2008-11-21 22:54 --------- d-----w c:\documents and settings\Jessica\Application Data\Move Networks
2008-11-21 01:00 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-21 00:55 --------- d-----w c:\program files\AIM
2008-11-18 06:32 --------- d-----w c:\program files\Apple Software Update
2008-10-27 23:15 --------- d-----w c:\program files\Java
2008-10-24 17:49 --------- d-----w c:\program files\Safari
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-12 01:25 81,984 ----a-w c:\windows\bdod.bin
2008-10-04 05:30 --------- d--h--w c:\documents and settings\Jessica\Application Data\ijjigame
2008-10-03 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\EyePowerGames
2008-10-03 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-03 04:02 --------- d-----w c:\program files\Creative
2008-10-03 03:22 --------- d-----w c:\program files\ooVoo
2008-10-03 03:22 --------- d-----w c:\documents and settings\Jessica\Application Data\ooVoo Details
2008-08-23 04:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

------- Sigcheck -------

2004-08-04 05:00 295424 b60c877d16d9c880b952fda04adf16e6 c:\windows\$NtServicePackUninstall$\termsrv.dll
2008-04-13 19:12 295424 ff3477c03be7201c294c35f684b3479f c:\windows\ServicePackFiles\i386\termsrv.dll
2008-11-30 17:50 295424 63999d0abd8dabfd76a9c07f6e104868 c:\windows\system32\termsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2008-09-14 14174000]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-17 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"IRIS_S2P"="c:\program files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe" [2006-10-19 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-08-09 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-08-30 28672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-11-30 1078]
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-04-07 28184]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-04-09 24652]
R3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
S2 SessionLauncher;SessionLauncher;c:\docume~1\Jessica\LOCALS~1\Temp\DX9\SessionLauncher.exe []
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]
S3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-10-02 142656]
S3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-10-02 94976]
S3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-10-02 274400]
S3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-10-02 7168]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a070c9-5eb1-11dd-860e-000fb5437ecc}]
\Shell\AutoRun\command - F:\e.cmd
\Shell\explore\Command - F:\e.cmd
\Shell\open\Command - F:\e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2bd9a6-34bb-11dd-85c4-000fb5437ecc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2bd9a7-34bb-11dd-85c4-000fb5437ecc}]
\Shell\AutoRun\command - G:\f.bat
\Shell\explore\Command - G:\f.bat
\Shell\open\Command - G:\f.bat
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-22 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Notify-__c00A5F4C - c:\windows\system32\__c00A5F4C.dat


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Jessica\Application Data\Mozilla\Firefox\Profiles\lhrijx94.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.aol.com/?src=aim
FF -: plugin - c:\documents and settings\Jessica\Application Data\Mozilla\Firefox\Profiles\lhrijx94.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Virtools\3D Life Player\npvirtools.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 08:55:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\Softwin\BitDefender10\vsserv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
**************************************************************************
.
Completion time: 2008-12-01 8:57:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-01 13:57:18

Pre-Run: 138,929,725,440 bytes free
Post-Run: 139,362,766,848 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

245 --- E O F --- 2008-11-13 07:18:16



Is it fixed now? the windows security thing doesn't pop up now .

Hello.
Press Start > Contrl Panel > open "add/remove prorgrams"
Uninstall any of these by selecting each and pressing the "Remove" button to the right.

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Any other "Viewpoint" products


Now lets get rid of leftovers:

Now open a new notepad file.
Input this into the notepad file:

Driver::
Viewpoint Manager Service
SessionLauncher

File::
c:\windows\system32\TDSSlxwp.dll
F:\e.cmd
G:\f.bat

Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46a070c9-5eb1-11dd-860e-000fb5437ecc}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2bd9a7-34bb-11dd-85c4-000fb5437ecc}]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

Okay here is the log.
ComboFix 08-12-01.01 - Jessica 2008-12-01 19:07:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.547 [GMT -5:00]
Running from: c:\documents and settings\Jessica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\windows\system32\TDSSlxwp.dll
F:\e.cmd
G:\f.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\Viewpoint
C:\e.cmd
c:\windows\system32\gasretyw0.dll
c:\windows\system32\gasretyw1.dll
c:\windows\system32\kamsoft.exe
c:\windows\system32\TDSSlxwp.dll
H:\autorun.inf
H:\e.cmd
H:\ij.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SESSIONLAUNCHER
-------\Service_SessionLauncher


((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.

2008-12-01 00:39 . 2008-12-01 00:40 d-------- c:\documents and settings\Administrator\Application Data\U3
2008-11-30 22:57 . 2008-11-30 22:57 d-------- c:\documents and settings\Administrator\Application Data\Apple Computer
2008-11-30 20:36 . 2008-04-07 14:13 d-------- c:\documents and settings\Administrator\Application Data\InstallShield
2008-11-30 20:36 . 2008-11-30 20:36 d-------- c:\documents and settings\Administrator
2008-11-30 20:20 . 2008-11-30 20:20 d-------- c:\documents and settings\All Users\Application Data\U3
2008-11-30 19:17 . 2008-11-30 19:17 d-------- c:\program files\Lavasoft
2008-11-30 19:17 . 2008-11-30 19:17 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-20 20:01 . 2008-11-20 20:01 d-------- c:\documents and settings\Jessica\Application Data\acccore
2008-11-20 20:00 . 2008-11-20 20:00 d-------- c:\program files\Common Files\Software Update Utility
2008-11-20 19:59 . 2008-11-20 20:00 d-------- c:\program files\AIM6
2008-11-20 19:59 . 2008-11-20 19:59 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-15 01:40 . 2008-11-15 01:40 d-------- c:\documents and settings\Jessica\Application Data\SonyEricsson
2008-11-12 17:10 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 17:10 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:09 . 2008-11-11 20:09 d--hs---- c:\documents and settings\Jessica\PrivacIE
2008-11-08 01:03 . 2008-11-08 01:03 d-------- c:\documents and settings\Jessica\Application Data\Skinux
2008-11-08 01:01 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-11-08 01:01 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-08 01:01 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\dllcache\usbscan.sys
2008-11-08 01:01 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-11-08 01:00 . 2008-11-08 01:01 d-------- c:\program files\Common Files\Kodak
2008-11-08 00:58 . 2008-11-08 01:02 d-------- c:\program files\Kodak
2008-11-08 00:42 . 2008-11-08 01:02 d-------- c:\documents and settings\All Users\Application Data\Kodak
2008-11-05 22:54 . 2004-08-04 05:00 180,770 --a------ c:\windows\system32\dllcache\c_20932.nls

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 00:09 81,984 ----a-w c:\windows\system32\bdod.bin
2008-12-01 02:54 --------- d-----w c:\documents and settings\Jessica\Application Data\U3
2008-11-30 22:50 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-30 19:21 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-11-29 22:31 --------- d-----w c:\program files\Common Files\AOL
2008-11-29 19:04 --------- d-----w c:\program files\iPod
2008-11-29 18:43 --------- d-----w c:\program files\Sony Ericsson
2008-11-28 03:37 --------- d-----w c:\documents and settings\Jessica\Application Data\gtk-2.0
2008-11-21 22:54 --------- d-----w c:\documents and settings\Jessica\Application Data\Move Networks
2008-11-21 00:55 --------- d-----w c:\program files\AIM
2008-11-18 06:32 --------- d-----w c:\program files\Apple Software Update
2008-10-27 23:15 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-27 23:15 --------- d-----w c:\program files\Java
2008-10-24 17:49 --------- d-----w c:\program files\Safari
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-12 01:25 81,984 ----a-w c:\windows\bdod.bin
2008-10-04 05:30 --------- d--h--w c:\documents and settings\Jessica\Application Data\ijjigame
2008-10-03 05:20 --------- d-----w c:\documents and settings\All Users\Application Data\EyePowerGames
2008-10-03 04:02 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-03 04:02 --------- d-----w c:\program files\Creative
2008-10-03 03:22 --------- d-----w c:\program files\ooVoo
2008-10-03 03:22 --------- d-----w c:\documents and settings\Jessica\Application Data\ooVoo Details
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2004-07-02 16:19 40,960 ----a-w c:\windows\inf\WG311v2\imdinst.exe
2004-06-18 03:41 386,688 ----a-w c:\windows\inf\WG311v2\netwg311_XP.sys
2004-04-04 17:07 84,912 ----a-w c:\windows\inf\WG311v2\FwRad17.bin
2004-04-04 17:07 83,320 ----a-w c:\windows\inf\WG311v2\FwRad16.bin
2004-02-04 16:53 62,865 ----a-w c:\windows\inf\WG311v2\odysseyIM3.sys
2004-02-04 16:53 12,739 ----a-w c:\windows\inf\WG311v2\odNetInstall.dll
2008-08-23 04:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-01_ 8.56.53.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-02 00:10:37 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4d0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"oovoo.exe"="c:\program files\ooVoo\oovoo.exe" [2008-09-14 14174000]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-10-27 136600]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-01-17 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]
"IRIS_S2P"="c:\program files\Samsung\Samsung CLX-3160 Series\SPanel\PSU\Scan2pc.exe" [2006-10-19 253952]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2006-08-09 507904]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"BDMCon"="c:\progra~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 240112]
"DMXLauncher"="c:\program files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 113136]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-08-30 28672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-07-07 282624]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-11-30 1078]
NETGEAR WG311v2 Smart Configuration.lnk - c:\program files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"443:TCP"= 443:TCP:ooVoo TCP port 443
"443:UDP"= 443:UDP:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675

R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2008-04-07 28184]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 166384]
R3 RoxMediaDB10;RoxMediaDB10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 1083888]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 309744]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 72176]
S3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;c:\windows\system32\DRIVERS\V0380Afx.sys [2008-10-02 142656]
S3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;c:\windows\system32\DRIVERS\V0380Aud.sys [2008-10-02 94976]
S3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-10-02 274400]
S3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-10-02 7168]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a65e4a-bfb0-11dd-86b0-000fb5437ecc}]
\Shell\AutoRun\command - F:\e.cmd
\Shell\explore\Command - F:\e.cmd
\Shell\open\Command - F:\e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad2bd9a6-34bb-11dd-85c4-000fb5437ecc}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-11-22 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 19:12]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-01 19:10:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\program files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\documents and settings\Jessica\Application Data\U3\0FA0A5608182B8C2\LaunchPad.exe
c:\program files\Softwin\BitDefender10\vsserv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
.
**************************************************************************
.
Completion time: 2008-12-01 19:13:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-02 00:12:29
ComboFix2.txt 2008-12-01 13:57:37

Pre-Run: 139,346,948,096 bytes free
Post-Run: 139,326,914,560 bytes free

231 --- E O F --- 2008-11-13 07:18:16

Hello.
Looks good, what problems remain?

Seems like no more problems thanks!!!!!!!!! if anything happens I'll contact you.

Me again.
A leftover is still showing.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20a65e4a-bfb0-11dd-86b0-000fb5437ecc}]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• Double click fix.reg to run it.
  
• Select yes to the registry merge prompt.
  

oh okay i did that too. thanks

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.