Major Adware Issue

A few days ago, when trying to get ahold of a ROM, I ended up getting a nasty case of Adware. Now because of it, my computer runs slower, everytime I try to use links on google it redirects me to ads, and my computer crashes a lot more often. Apparently, from a scan I did I have numerous other malware issues, but this is the one giving me most trouble. Can someone help me with this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:37 PM, on 11/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Documents and Settings\Brandon Lederhouse\Desktop\Hijack(GP)This.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071219
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10657 bytes

Hello. I suspect you have a nasty rootkit on board.

• Download combofix from here, use one of the links from the bottom section - combofix.exe
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Slight issue with this. When I downloaded hijackthis, the first two links given didn't work for me, so I had to use the backup links. This time, I decided to download it directly from the bottom links, but when I ran it it mentioned something to the effect that it was slightly out of date and going to run in reduced efficency mode. I decided that I want a peak proformance out of this, so I then stopped the program, and decided to try one of the first two links again. Neither of them worked, but for some reason, now when I try to run ComboFix again, it keeps giving me an error stating:

You cannot rename ComboFix as

Please use another name, preferbaly made up of alphanumeric characters

I'm am starting to suspect that I'm simply thick. What on earth am I doing wrong here?

P.S. the error message actually spelled preferably like that.

Hello. Yep, you have the rootkit I suspected.
CF is updated daily, I'll ask the admin to add a link for my own.

I have uploaded an updated copy for you. The file is renamed to get around the rootkit restrictions.
http://rapidshare.com/files/165148005/C0mb0-Fix.exe.html
http://www.megaupload.com/?d=2Z04K37Y

Got the ComboFix log, however it might be slightly inaccurate because for some reason, it had an issue making the log. As a result, I had to run it 3 times before it worked properly, so the log probably isn't going to reflect all of the things it did.

ComboFix 08-11-18.02 - Brandon Lederhouse 2008-11-18 23:03:02.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.599 [GMT -5:00]
Running from: c:\documents and settings\Brandon Lederhouse\Desktop\C0mb0-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Brandon Lederhouse\Cookies\esajaqu.com
c:\documents and settings\Brandon Lederhouse\Cookies\iqylepinam.com
c:\documents and settings\Brandon Lederhouse\Cookies\obihamediq.vbs
c:\documents and settings\Brandon Lederhouse\Local Settings\Temporary Internet Files\tenehi.bat
c:\windows\brastk.exe
c:\windows\karna.dat
c:\windows\system32\_scui.cpl
c:\windows\system32\brastk.exe
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\drivers\svchost.exe
c:\windows\system32\drivers\TDSSxeuu.sys
c:\windows\system32\karna.dat
c:\windows\system32\TDSSehys.log
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSocun.dll
c:\windows\system32\TDSSqein.dll
c:\windows\system32\TDSSrojf.dll
c:\windows\system32\TDSSsahc.dll
c:\windows\system32\TDSSwrwn.log
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\wini10894.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSSERV.SYS
-------\Legacy_TDSSSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 18:07 . 2008-11-18 18:07 d-------- C:\-Combo--Fix-
2008-11-18 17:23 . 2008-11-18 17:23 d-------- c:\program files\AVG
2008-11-18 17:23 . 2008-11-18 17:33 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-17 19:58 . 2008-11-17 19:58 d-------- c:\program files\AntivirusPro2009
2008-11-17 19:58 . 2008-11-17 19:58 19,265 --a------ c:\documents and settings\All Users\Application Data\ocohac.bat
2008-11-17 19:58 . 2008-11-17 19:58 18,969 --a------ c:\documents and settings\Brandon Lederhouse\Application Data\zacinycuk.scr
2008-11-17 19:58 . 2008-11-17 19:58 18,784 --a------ c:\documents and settings\Brandon Lederhouse\Application Data\wucaxuq.com
2008-11-17 19:58 . 2008-11-17 19:58 17,961 --a------ c:\windows\system32\fuhujaru._sy
2008-11-17 19:58 . 2008-11-17 19:58 17,055 --a------ c:\program files\Common Files\kapeder.dat
2008-11-17 19:58 . 2008-11-17 19:58 16,958 --a------ c:\windows\uzaq.lib
2008-11-17 19:58 . 2008-11-17 19:58 16,791 --a------ c:\windows\eqokija.bat
2008-11-17 19:58 . 2008-11-17 19:58 16,452 --a------ c:\documents and settings\Brandon Lederhouse\Application Data\qorifak.exe
2008-11-17 19:58 . 2008-11-17 19:58 15,598 --a------ c:\documents and settings\Brandon Lederhouse\Application Data\cefukixyta.vbs
2008-11-17 19:58 . 2008-11-17 19:58 10,943 --a------ c:\documents and settings\Brandon Lederhouse\Application Data\eguhute.dll
2008-11-16 23:20 . 2008-11-16 23:20 d-------- c:\program files\Lavasoft
2008-11-16 23:20 . 2008-11-16 23:22 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 23:18 . 2008-11-16 23:18 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-16 23:07 . 2008-11-16 23:07 324 --a------ c:\documents and settings\Brandon Lederhouse\nah_log.dat
2008-11-16 22:55 . 2008-11-16 22:55 79,872 --a------ c:\documents and settings\Brandon Lederhouse\nah_qnhv.exe
2008-11-15 12:31 . 2008-11-15 12:31 d-------- c:\documents and settings\Brandon Lederhouse\Application Data\QQ Games Plugin
2008-11-15 12:30 . 2008-11-15 12:30 d-------- c:\documents and settings\Brandon Lederhouse\Application Data\Tencent
2008-11-15 12:29 . 2008-11-15 12:29 d-------- c:\program files\Tencent
2008-11-15 12:29 . 2008-11-15 12:29 21 --a------ c:\windows\atid.ini
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\program files\Common Files\Software Update Utility
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\program files\AIM Toolbar
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-04 15:25 . 2008-11-04 15:25 d---s---- c:\documents and settings\Brandon Lederhouse\UserData
2008-11-03 05:13 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-03 05:13 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-03 05:13 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-02 23:29 . 2008-11-02 23:29 d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-02 23:28 . 2008-11-02 23:30 d-------- c:\documents and settings\Brandon Lederhouse\Contacts
2008-11-02 23:23 . 2008-11-02 23:24 d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-02 23:22 . 2008-11-03 08:07 d-------- c:\program files\Windows Live
2008-11-02 23:22 . 2008-11-02 23:22 d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-02 00:19 . 2008-11-02 00:19 d-------- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-18 00:32 --------- d-----w c:\documents and settings\Brandon Lederhouse\Application Data\U3
2008-11-17 03:56 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-11-17 03:56 --------- d-----w c:\program files\Blubster
2008-11-15 17:30 --------- d-----w c:\program files\AIM6
2008-11-15 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-15 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-13 04:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-03 13:06 --------- d-----w c:\program files\Microsoft Works
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-15 16:57 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 05:48 --------- d-----w c:\program files\iTunes
2008-09-27 05:48 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 05:47 --------- d-----w c:\program files\iPod
2008-09-27 05:36 --------- d-----w c:\program files\Bonjour
2008-09-27 05:35 --------- d-----w c:\program files\QuickTime
2008-09-27 05:34 --------- d-----w c:\program files\Common Files\Apple
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-09 17:45 258,352 ----a-w c:\windows\system32\unicows.dll
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:42 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-30 01:06 1,350,664 ----a-w c:\windows\system32\msxml6.dll
2008-08-29 14:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-19 09:38 18,432 ------w c:\windows\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-19 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 68856]
"Google Update"="c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"nah_Shell"="c:\documents and settings\Brandon Lederhouse\nah_qnhv.exe" [2008-11-16 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-11 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" [2008-02-22 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-13 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-19 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19866:TCP"= 19866:TCP:BitComet 19866 TCP
"19866:UDP"= 19866:UDP:BitComet 19866 UDP

R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-12-19 28184]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-18 231704]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-12-25 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-brastk - c:\windows\system32\brastk.exe
HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Brandon Lederhouse\Application Data\Mozilla\Firefox\Profiles\d2mlq1us.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF -: plugin - c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdnu.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 23:05:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-18 23:06:21
ComboFix-quarantined-files.txt 2008-11-19 04:06:17

Pre-Run: 15,058,223,104 bytes free
Post-Run: 15,045,279,744 bytes free

228 --- E O F --- 2008-11-13 08:12:21

It's okay, CF tells us what it did last time it ran. I'm glad you tried more than once and stuck at it.
One last round should kill it off.

Now open a new notepad file.
Copy and paste everything inside the quote box into the notepad file:

KILLALL::

Driver::
Viewpoint Manager Service

File::
c:\documents and settings\All Users\Application Data\ocohac.bat
c:\documents and settings\Brandon Lederhouse\Application Data\zacinycuk.scr
c:\documents and settings\Brandon Lederhouse\Application Data\wucaxuq.com
c:\windows\system32\fuhujaru._sy
c:\program files\Common Files\kapeder.dat
c:\windows\uzaq.lib
c:\windows\eqokija.bat
c:\documents and settings\Brandon Lederhouse\Application Data\qorifak.exe
c:\documents and settings\Brandon Lederhouse\Application Data\cefukixyta.vbs
c:\documents and settings\Brandon Lederhouse\Application Data\eguhute.dll
c:\documents and settings\Brandon Lederhouse\nah_log.dat
c:\documents and settings\Brandon Lederhouse\nah_qnhv.exe

Folder::
c:\program files\AntivirusPro2009
c:\program files\Viewpoint

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nah_Shell"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.

ComboFix 08-11-19.08 - Brandon Lederhouse 2008-11-20 23:14:55.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.443 [GMT -5:00]
Running from: c:\documents and settings\Brandon Lederhouse\Desktop\C0mb0-Fix.exe
Command switches used :: c:\documents and settings\Brandon Lederhouse\Desktop\CFscript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\ocohac.bat
c:\documents and settings\Brandon Lederhouse\Application Data\cefukixyta.vbs
c:\documents and settings\Brandon Lederhouse\Application Data\eguhute.dll
c:\documents and settings\Brandon Lederhouse\Application Data\qorifak.exe
c:\documents and settings\Brandon Lederhouse\Application Data\wucaxuq.com
c:\documents and settings\Brandon Lederhouse\Application Data\zacinycuk.scr
c:\documents and settings\Brandon Lederhouse\nah_log.dat
c:\documents and settings\Brandon Lederhouse\nah_qnhv.exe
c:\program files\Common Files\kapeder.dat
c:\windows\eqokija.bat
c:\windows\system32\fuhujaru._sy
c:\windows\uzaq.lib
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ocohac.bat
c:\documents and settings\Brandon Lederhouse\Application Data\cefukixyta.vbs
c:\documents and settings\Brandon Lederhouse\Application Data\eguhute.dll
c:\documents and settings\Brandon Lederhouse\Application Data\qorifak.exe
c:\documents and settings\Brandon Lederhouse\Application Data\wucaxuq.com
c:\documents and settings\Brandon Lederhouse\Application Data\zacinycuk.scr
c:\documents and settings\Brandon Lederhouse\nah_log.dat
c:\documents and settings\Brandon Lederhouse\nah_qnhv.exe
c:\program files\AntivirusPro2009
c:\program files\AntivirusPro2009\AntivirusPro2009.cfg
c:\program files\AntivirusPro2009\AntivirusPro2009.exe
c:\program files\AntivirusPro2009\AVEngn.dll
c:\program files\AntivirusPro2009\data\daily.cvd
c:\program files\AntivirusPro2009\htmlayout.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcm80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcp80.dll
c:\program files\AntivirusPro2009\Microsoft.VC80.CRT\msvcr80.dll
c:\program files\AntivirusPro2009\pthreadVC2.dll
c:\program files\AntivirusPro2009\Uninstall.exe
c:\program files\AntivirusPro2009\wscui.cpl
c:\program files\Common Files\kapeder.dat
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VETscriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Mts3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VETscriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
c:\windows\eqokija.bat
c:\windows\system32\fuhujaru._sy
c:\windows\uzaq.lib

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-10-21 to 2008-11-21 )))))))))))))))))))))))))))))))
.

2008-11-20 21:58 . 2008-11-20 21:58 105 --a------ c:\windows\UMXADDIN.INI
2008-11-20 21:57 . 2008-11-20 21:57 d-------- c:\program files\NewSoft
2008-11-20 21:57 . 2003-01-03 01:28 74 --------- c:\windows\PMINI.ini
2008-11-20 21:53 . 2008-11-20 21:53 d--h----- C:\CanonMP
2008-11-20 21:52 . 2008-11-20 21:52 d-------- c:\windows\StartHtmico
2008-11-20 21:52 . 2008-11-20 21:53 d-------- c:\windows\MP780,750
2008-11-19 17:17 . 2008-11-19 17:17 d-------- c:\program files\TubeTilla
2008-11-18 18:07 . 2008-11-18 18:07 d-------- C:\-Combo--Fix-
2008-11-18 17:23 . 2008-11-18 17:23 d-------- c:\program files\AVG
2008-11-18 17:23 . 2008-11-18 17:33 d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-16 23:20 . 2008-11-16 23:20 d-------- c:\program files\Lavasoft
2008-11-16 23:20 . 2008-11-16 23:22 d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-16 23:18 . 2008-11-16 23:18 d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-15 12:31 . 2008-11-15 12:31 d-------- c:\documents and settings\Brandon Lederhouse\Application Data\QQ Games Plugin
2008-11-15 12:30 . 2008-11-15 12:30 d-------- c:\documents and settings\Brandon Lederhouse\Application Data\Tencent
2008-11-15 12:29 . 2008-11-15 12:29 d-------- c:\program files\Tencent
2008-11-15 12:29 . 2008-11-15 12:29 21 --a------ c:\windows\atid.ini
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\program files\Common Files\Software Update Utility
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\program files\AIM Toolbar
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\documents and settings\All Users\Application Data\AIM Toolbar
2008-11-15 12:28 . 2008-11-15 12:28 d-------- c:\documents and settings\All Users\Application Data\acccore
2008-11-04 15:25 . 2008-11-04 15:25 d---s---- c:\documents and settings\Brandon Lederhouse\UserData
2008-11-03 05:13 . 2008-07-18 22:07 270,880 --a------ c:\windows\system32\mucltui.dll
2008-11-03 05:13 . 2008-07-18 22:07 210,976 --a------ c:\windows\system32\muweb.dll
2008-11-03 05:13 . 2008-07-18 22:07 29,728 --a------ c:\windows\system32\mucltui.dll.mui
2008-11-02 23:29 . 2008-11-02 23:29 d-------- c:\program files\Microsoft SQL Server Compact Edition
2008-11-02 23:28 . 2008-11-02 23:30 d-------- c:\documents and settings\Brandon Lederhouse\Contacts
2008-11-02 23:23 . 2008-11-02 23:24 d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-11-02 23:22 . 2008-11-03 08:07 d-------- c:\program files\Windows Live
2008-11-02 23:22 . 2008-11-02 23:22 d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-02 00:19 . 2008-11-02 00:19 d-------- c:\program files\Audacity

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-21 02:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-21 02:57 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-11-21 02:55 --------- d-----w c:\program files\Canon
2008-11-19 22:16 --------- d-----w c:\program files\Blubster
2008-11-18 00:32 --------- d-----w c:\documents and settings\Brandon Lederhouse\Application Data\U3
2008-11-15 17:30 --------- d-----w c:\program files\AIM6
2008-11-15 17:29 --------- d-----w c:\documents and settings\All Users\Application Data\AOL Downloads
2008-11-15 17:28 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-11-03 13:06 --------- d-----w c:\program files\Microsoft Works
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-09-27 05:48 --------- d-----w c:\program files\iTunes
2008-09-27 05:48 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 05:47 --------- d-----w c:\program files\iPod
2008-09-27 05:36 --------- d-----w c:\program files\Bonjour
2008-09-27 05:35 --------- d-----w c:\program files\QuickTime
2008-09-27 05:34 --------- d-----w c:\program files\Common Files\Apple
.

((((((((((((((((((((((((((((( snapshot@2008-11-18_23.05.58.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-11-19 22:17:36 7,358 ----a-r c:\windows\Installer\{5701A652-0DCF-40FE-8040-5C09368EEFD6}\controlPanelIcon.exe
- 2007-12-31 23:37:19 53,248 ----a-r c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe
+ 2008-11-21 02:57:08 53,248 ----a-r c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe
- 2007-12-31 23:37:19 4,710 ----a-r c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\Op.exe
+ 2008-11-21 02:57:08 4,710 ----a-r c:\windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\Op.exe
+ 2003-10-22 12:43:32 229,376 ----a-r c:\windows\MP780,750\uninstall.exe
+ 1997-11-17 07:26:18 468,992 ----a-w c:\windows\twain_32\CNQSG\CEFPIX.DLL
+ 1997-11-17 07:30:30 87,552 ----a-w c:\windows\twain_32\CNQSG\Cfpapi.dll
+ 1997-11-07 09:55:36 112,128 ----a-w c:\windows\twain_32\CNQSG\cfpJpeg.dll
+ 2001-03-03 06:34:12 49,152 ----a-w c:\windows\twain_32\CNQSG\ExtDDI.dll
+ 2001-08-23 21:25:28 1,706,800 ----a-w c:\windows\twain_32\CNQSG\gdiplus.dll
+ 1996-04-26 10:21:40 20,992 ----a-w c:\windows\twain_32\CNQSG\Hiffl32.dll
+ 1996-04-26 10:24:40 83,968 ----a-w c:\windows\twain_32\CNQSG\Iffjpg32.dll
+ 1996-04-26 10:23:30 25,600 ----a-w c:\windows\twain_32\CNQSG\Iffpcx32.dll
+ 1995-07-17 07:13:22 118,272 ----a-w c:\windows\twain_32\CNQSG\Ifftif32.dll
+ 2000-03-08 09:28:14 270,336 ----a-w c:\windows\twain_32\CNQSG\libtiff.dll
+ 2004-03-04 19:01:10 1,966,080 ----a-w c:\windows\twain_32\CNQSG\pafcv2.dll
+ 2003-05-12 22:00:00 110,592 ----a-w c:\windows\twain_32\CNQSG\paftopdf.dll
+ 2003-04-28 19:32:00 151,552 ----a-w c:\windows\twain_32\CNQSG\PCAT.dll
+ 2004-09-25 00:01:48 1,257,472 ----a-w c:\windows\twain_32\CNQSG\SGST.exe
+ 2004-07-05 22:05:06 81,920 ----a-w c:\windows\twain_32\CNQSG\SGSTRES.dll
+ 2002-05-24 08:04:20 389,180 ----a-w c:\windows\twain_32\CNQSG\Ucs32P.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03402f96-3dc7-4285-bc50-9e81fefafe43}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CLASSES_ROOT\clsid\{03402f96-3dc7-4285-bc50-9e81fefafe43}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{f8ec99b3-c2ca-4a5f-9505-c049766dc883}]
[HKEY_CLASSES_ROOT\AIMTb.AOLTBSearch]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{61539ecd-cc67-4437-a03c-9aaccbd14326}"= "c:\program files\AIM Toolbar\aimtb.dll" [2008-10-07 1275176]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2007-12-19 486856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-19 68856]
"Google Update"="c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-09 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-05-09 1392640]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-11 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"nwiz"="nwiz.exe" [2008-02-22 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 c:\windows\system32\nvhotkey.dll]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-09 c:\windows\stsystra.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-13 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-12-19 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Blubster\\Blubster.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19866:TCP"= 19866:TCP:BitComet 19866 TCP
"19866:UDP"= 19866:UDP:BitComet 19866 UDP

R1 DLARTL_M;DLARTL_M;c:\windows\system32\Drivers\DLARTL_M.SYS [2007-12-19 28184]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-18 231704]
R2 datunidr;DellAutomatedPCTuneUp UniDriver;c:\windows\system32\DRIVERS\datunidr.sys [2007-08-23 5376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80b14ae0-a6c2-11dd-8c5c-001d09aeeb80}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-21 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 22:24]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 23:22:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\Brandon Lederhouse\Local Settings\Application Data\ApplicationHistory\EULALauncher.exe.3f62b452.ini.inuse

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-11-20 23:29:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-21 04:29:15
ComboFix2.txt 2008-11-19 04:06:22

Pre-Run: 10,637,684,736 bytes free
Post-Run: 10,745,290,752 bytes free

283 --- E O F --- 2008-11-13 08:12:21

Hello.
Looks much better.
I see QQ. This is sometimes installed by chinese malware.

Did you install this? If you did, no problems. If not, uninstall it.

How is the machine now?

Due to lack of feedback, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.