Today my computer started giving me lots of popups when browsing with IE and Firefox. I tried running scans with the newest version of Adaware plus Ccleaner and Combofix to no avail. Several items were removed but I still have the same problem. This is my log from HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 20:05, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\devnz\gbpvr\GBPVRTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] J:\Setup.exe /RESTART
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LoadMSvcmm] "L:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: GBPVRTray.exe.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180754971590
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Movielink LLC - L:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Hello,

* Download Combofix to your desktop.
Doubleclick combofix.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot (in case it asks to reboot), combofix will open again to gather the necessary information for the log. This may take a bit. When done, Combofix will close and a log should open, combofix.txt.
Post the contents of this log in your next reply together with a new hijackthislog.
Do NOT post the ComboFix-quarantined-files.txt - unless I ask you to.

Hi, here are the requested logs:



"Brian" - 2007-07-28 21:43:21 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\buctytfv.exe


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-28 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-28 17:56 126,016 --a------ C:\WINDOWS\system32\ybfhwrya.dll
2007-07-27 18:07 <DIR> d-------- C:\Program Files\CCleaner
2007-07-27 17:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 16:51 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-27 16:47 126,016 --a------ C:\WINDOWS\system32\kaopcufh.dll
2007-07-27 16:41 69,184 --a------ C:\WINDOWS\system32\nqjeskiv.dll
2007-07-27 16:36 1,744,304 ---hs---- C:\WINDOWS\system32\jjllm.bak2
2007-07-26 13:01 69,184 --a------ C:\WINDOWS\system32\jtbxqwgf.dll
2007-07-26 00:46 228,960 --a------ C:\WINDOWS\system32\mlljj.dll
2007-07-26 00:46 1,733,919 ---hs---- C:\WINDOWS\system32\jjllm.bak1
2007-07-26 00:41 31,254 --a------ C:\WINDOWS\system32\cbxvvss.dll
2007-07-24 21:22 0 --a------ C:\WINDOWS\system32\msvcmm32.exe
2007-07-24 21:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Movielink
2007-07-24 21:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-24 21:00 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-07-24 21:00 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-07-24 21:00 <DIR> d-------- C:\Program Files\Windows Media Components
2007-07-15 13:35 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-11 20:23 <DIR> d-------- C:\DOCUME~1\Brian\browser - logitech
2007-07-11 20:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-11 20:21 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2007-07-11 20:21 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\InstallShield
2007-07-11 19:47 <DIR> d-------- C:\DOCUME~1\Brian\Logitech
2007-07-11 19:46 <DIR> d-------- C:\Program Files\Logitech
2007-07-11 19:46 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-06-30 06:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 17:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-06-28 05:07 <DIR> d-------- C:\DECCHECK


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 14:49:27 -------- d-----w C:\Program Files\D-Link Media Server
2007-07-12 00:21:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 23:46:10 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-30 22:59:51 -------- d-----w C:\Program Files\AC3Filter
2007-06-30 22:09:02 -------- d-----w C:\Program Files\ffdshow
2007-06-30 10:53:56 -------- d-----w C:\Program Files\WinTV
2007-06-30 02:27:48 -------- d-----w C:\Program Files\WatchHDTV TS1.120
2007-06-29 23:49:17 -------- d-----w C:\Program Files\McAfee
2007-06-28 12:11:19 305 ----a-w C:\WINDOWS\EReg077.dat
2007-06-28 09:02:15 -------- d-----w C:\Program Files\DVRMSToolbox
2007-06-26 01:17:57 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\CyberLink
2007-06-25 02:07:54 1,962,496 ----a-w C:\WINDOWS\system32\quartz.dll
2007-06-25 00:25:51 -------- d-----w C:\Program Files\7-Zip
2007-06-24 13:33:59 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Mp3tag
2007-06-24 13:33:56 -------- d-----w C:\Program Files\Mp3tag
2007-06-22 19:02:29 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-06-22 19:02:28 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-06-22 19:02:28 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-06-22 18:58:40 495 ----a-w C:\WINDOWS\EReg515.dat
2007-06-22 18:08:51 -------- d-----w C:\Program Files\Disney Interactive
2007-06-22 01:17:54 2,656 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-06-22 01:17:54 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-22 01:16:01 1,379 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
2007-06-22 01:13:01 17,871 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-22 01:12:54 -------- d-----w C:\Program Files\Illustrate
2007-06-22 01:08:35 -------- d-----w C:\Program Files\The Learning Company
2007-06-20 02:35:57 -------- d-----w C:\Program Files\Winamp
2007-06-17 20:42:45 -------- d-----w C:\Program Files\Hasbro Interactive
2007-06-16 02:08:16 -------- d-----w C:\Program Files\Common Files\HP
2007-06-16 02:06:52 85,266 ----a-w C:\WINDOWS\hpgins01.dat
2007-06-16 01:59:16 -------- d-----w C:\Program Files\IrfanView
2007-06-16 01:27:02 -------- d-----w C:\Program Files\HP
2007-06-15 22:27:14 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-15 21:56:20 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-15 11:25:09 -------- d-----w C:\Program Files\Common Files\Moonlight
2007-06-15 01:21:50 -------- d-----w C:\Program Files\TyShow
2007-06-12 11:00:48 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Leadertech
2007-06-12 10:30:28 -------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-06-12 00:41:04 -------- d-----w C:\Program Files\EPSON
2007-06-11 02:41:43 -------- d-----w C:\Program Files\WatchHDTV1.950
2007-06-10 17:33:27 -------- d-----w C:\Program Files\Ahead
2007-06-10 17:33:06 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-10 17:32:08 -------- d-----w C:\Program Files\CyberLink
2007-06-09 12:12:03 -------- d-----w C:\Program Files\MSBuild
2007-06-09 12:07:45 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 02:45:09 -------- d-----w C:\Program Files\devnz
2007-06-02 21:47:05 -------- d-----w C:\Program Files\Scholastic
2007-06-02 15:59:12 -------- d-----w C:\Program Files\Common Files\IviSDK
2007-06-02 15:49:48 66,048 ----a-w C:\WINDOWS\system32\hcwxds.dll
2007-06-02 15:49:48 367,744 ----a-w C:\WINDOWS\system32\drivers\hcw18bda.sys
2007-06-02 15:49:48 174,716 ----a-w C:\WINDOWS\system32\drivers\hcw18enc.rom
2007-06-02 15:49:48 16,382 ----a-w C:\WINDOWS\system32\drivers\hcw18mlC.rom
2007-06-02 15:49:48 141,200 ----a-w C:\WINDOWS\system32\drivers\hcw18apu.rom
2007-06-02 15:49:48 14,264 ----a-w C:\WINDOWS\system32\drivers\hcw18mlB.rom
2007-06-02 06:23:02 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-02 06:22:51 0 --sha-r C:\MSDOS.SYS
2007-06-02 06:22:51 0 --sha-r C:\IO.SYS
2007-06-02 06:22:51 0 ----a-w C:\CONFIG.SYS
2007-06-02 06:22:51 0 ----a-w C:\AUTOEXEC.BAT
2007-06-02 06:21:23 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 06:20:35 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-02 06:20:28 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 06:20:04 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 06:19:15 -------- d-----w C:\Program Files\Online Services
2007-06-02 06:19:11 -------- d-----w C:\Program Files\Messenger
2007-06-02 06:19:07 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-02 06:18:59 -------- d-----w C:\Program Files\Windows NT
2007-06-02 04:27:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-02 04:26:40 -------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-06-02 04:19:44 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Google
2007-06-02 04:17:28 36,932 ----a-w C:\WINDOWS\cmijack.dat
2007-06-02 04:12:37 -------- d-----w C:\Program Files\Google
2007-06-02 04:08:31 -------- d-----w C:\Program Files\C-Media
2007-06-02 04:08:06 139,264 ----a-w C:\WINDOWS\cmuninst.exe
2007-06-02 04:08:06 1,581,056 ----a-w C:\WINDOWS\mixer.exe
2007-06-02 04:08:05 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2007-06-02 04:08:05 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2007-06-02 04:08:05 379,726 ----a-w C:\WINDOWS\system32\drivers\cmaudio.sys
2007-06-02 04:08:05 32,768 ----a-w C:\WINDOWS\system32\cmnprop.dll
2007-06-02 04:08:05 20,333 ----a-w C:\WINDOWS\cmaudio.dat
2007-06-02 04:08:05 135,168 ----a-w C:\WINDOWS\cmuninst.dat
2007-06-02 04:07:37 -------- d-----w C:\Program Files\Common Files\McAfee
2007-06-02 04:07:14 -------- d-----w C:\Program Files\McAfee.com
2007-06-02 03:59:21 -------- d-----w C:\Program Files\TVersity
2007-06-01 23:10:34 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-01 23:10:32 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-01 14:59:26 749,641 ----a-w C:\WINDOWS\system32\hcwtvwnd.dll
2004-10-01 19:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3964D8D6-86D0-493A-B460-A805B5401114}]
2007-07-26 00:41 31254 --a------ C:\WINDOWS\system32\cbxvvss.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6039E6C-BDE9-4de5-BB40-768CAA584FDC}]
2007-07-27 16:41 69184 --a------ C:\WINDOWS\system32\nqjeskiv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0254716-D05B-47D5-BEEF-2BD2F67E0EC0}]
2007-07-26 00:46 228960 --a------ C:\WINDOWS\system32\mlljj.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2007-06-02 00:08 C:\WINDOWS\mixer.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 10:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"zzzHPSETUP"="J:\Setup.exe" []
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58]
"LoadMSvcmm"="L:\Program Files\Movielink\MovielinkManager\Movielink User.exe" [2007-07-16 13:27]
"MemoryManager"="C:\WINDOWS\system32\ybfhwrya.dll" [2007-07-28 17:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 04:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 00:11]

C:\Documents and Settings\Brian\Start Menu\Programs\Startup\
GBPVRTray.exe.lnk - C:\DOCUME~1\Brian\APPLIC~1\Microsoft\Installer\{74D32E4A-F813-43DE-8402-0E012EE475F3}\Icon3C8F050B1.exe [2007-07-15 12:50:13]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-06-14 23:36:07]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-02 00:11:16]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-14 17:51:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-27 12:09:52]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3964D8D6-86D0-493A-B460-A805B5401114}"= C:\WINDOWS\system32\cbxvvss.dll [2007-07-26 00:41 31254]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvvss]
cbxvvss.dll 2007-07-26 00:41 31254 C:\WINDOWS\system32\cbxvvss.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljj]
C:\WINDOWS\system32\mlljj.dll 2007-07-26 00:46 228960 C:\WINDOWS\system32\mlljj.dll

R0 SI3112;SiI-3512 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\C:\WINDOWS\system32\drivers\AWRTRD.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-15 05:51:14 C:\WINDOWS\tasks\McDefragTask.job
2007-07-01 05:00:10 C:\WINDOWS\tasks\McQcTask.job
2007-07-25 01:24:03 C:\WINDOWS\tasks\Movielink Scheduler.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-28 21:46:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-28 21:47:46
C:\ComboFix-quarantined-files.txt ... 2007-07-28 21:47
C:\ComboFix2.txt ... 2007-07-28 17:52
C:\ComboFix3.txt ... 2007-07-27 17:37

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 21:55, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
L:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
L:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\devnz\gbpvr\GBPVRTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] J:\Setup.exe /RESTART
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LoadMSvcmm] "L:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: GBPVRTray.exe.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180754971590
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Movielink LLC - L:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Hi,

You used an outdated version of Combofix which explains why it didn't remove a lot. Anyway, no need to update, we'll deal with it using a script, so do next:

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:



Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Ok here are the new logs. I haven't had any popups yet.


"Brian" - 2007-07-29 6:08:15 [GMT -4:00] - ComboFix 07-07-24 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\Brian\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\cbxvvss.dll
C:\WINDOWS\system32\jjllm.bak1
C:\WINDOWS\system32\jjllm.bak2
C:\WINDOWS\system32\jtbxqwgf.dll
C:\WINDOWS\system32\kaopcufh.dll
C:\WINDOWS\system32\mlljj.dll
C:\WINDOWS\system32\msvcmm32.exe
C:\WINDOWS\system32\nqjeskiv.dll
C:\WINDOWS\system32\ybfhwrya.dll


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-29 )))))))))))))))))))))))))))))))


2007-07-28 18:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-07-27 18:07 <DIR> d-------- C:\Program Files\CCleaner
2007-07-27 17:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-27 16:51 <DIR> d-------- C:\Program Files\Lavasoft
2007-07-27 16:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-27 16:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-07-24 21:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Movielink
2007-07-24 21:00 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-07-24 21:00 <DIR> d-------- C:\WINDOWS\system32\windows media
2007-07-24 21:00 <DIR> d-------- C:\WINDOWS\RegisteredPackages
2007-07-24 21:00 <DIR> d-------- C:\Program Files\Windows Media Components
2007-07-15 13:35 1,156 --a------ C:\WINDOWS\mozver.dat
2007-07-11 20:23 <DIR> d-------- C:\DOCUME~1\Brian\browser - logitech
2007-07-11 20:21 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-07-11 20:21 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2007-07-11 20:21 <DIR> d-------- C:\DOCUME~1\Brian\APPLIC~1\InstallShield
2007-07-11 19:47 <DIR> d-------- C:\DOCUME~1\Brian\Logitech
2007-07-11 19:46 <DIR> d-------- C:\Program Files\Logitech
2007-07-11 19:46 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Shared
2007-06-30 06:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 17:48 <DIR> d-------- C:\Program Files\Windows Media Connect 2


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-25 14:49:27 -------- d-----w C:\Program Files\D-Link Media Server
2007-07-12 00:21:03 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-11 23:46:10 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-30 22:59:51 -------- d-----w C:\Program Files\AC3Filter
2007-06-30 22:09:02 -------- d-----w C:\Program Files\ffdshow
2007-06-30 10:53:56 -------- d-----w C:\Program Files\WinTV
2007-06-30 02:27:48 -------- d-----w C:\Program Files\WatchHDTV TS1.120
2007-06-29 23:49:17 -------- d-----w C:\Program Files\McAfee
2007-06-28 12:11:19 305 ----a-w C:\WINDOWS\EReg077.dat
2007-06-28 09:02:15 -------- d-----w C:\Program Files\DVRMSToolbox
2007-06-26 01:17:57 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\CyberLink
2007-06-25 02:07:54 1,962,496 ----a-w C:\WINDOWS\system32\quartz.dll
2007-06-25 00:25:51 -------- d-----w C:\Program Files\7-Zip
2007-06-24 13:33:59 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Mp3tag
2007-06-24 13:33:56 -------- d-----w C:\Program Files\Mp3tag
2007-06-22 19:02:29 21,840 ----a-w C:\WINDOWS\system32\SIntfNT.dll
2007-06-22 19:02:28 17,212 ----a-w C:\WINDOWS\system32\SIntf32.dll
2007-06-22 19:02:28 12,067 ----a-w C:\WINDOWS\system32\SIntf16.dll
2007-06-22 18:58:40 495 ----a-w C:\WINDOWS\EReg515.dat
2007-06-22 18:08:51 -------- d-----w C:\Program Files\Disney Interactive
2007-06-22 01:17:54 2,656 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP FLAC Codec.dat
2007-06-22 01:17:54 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-22 01:16:01 1,379 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
2007-06-22 01:13:01 17,871 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-22 01:12:54 -------- d-----w C:\Program Files\Illustrate
2007-06-22 01:08:35 -------- d-----w C:\Program Files\The Learning Company
2007-06-20 02:35:57 -------- d-----w C:\Program Files\Winamp
2007-06-17 20:42:45 -------- d-----w C:\Program Files\Hasbro Interactive
2007-06-16 02:08:16 -------- d-----w C:\Program Files\Common Files\HP
2007-06-16 02:06:52 85,266 ----a-w C:\WINDOWS\hpgins01.dat
2007-06-16 01:59:16 -------- d-----w C:\Program Files\IrfanView
2007-06-16 01:27:02 -------- d-----w C:\Program Files\HP
2007-06-15 22:27:14 -------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-06-15 21:56:20 -------- d-----w C:\Program Files\Microsoft ActiveSync
2007-06-15 11:25:09 -------- d-----w C:\Program Files\Common Files\Moonlight
2007-06-15 01:21:50 -------- d-----w C:\Program Files\TyShow
2007-06-12 11:00:48 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Leadertech
2007-06-12 10:30:28 -------- d-----w C:\Program Files\DVDFab HD Decrypter 3
2007-06-12 00:41:04 -------- d-----w C:\Program Files\EPSON
2007-06-11 02:41:43 -------- d-----w C:\Program Files\WatchHDTV1.950
2007-06-10 17:33:27 -------- d-----w C:\Program Files\Ahead
2007-06-10 17:33:06 -------- d-----w C:\Program Files\Common Files\Ahead
2007-06-10 17:32:08 -------- d-----w C:\Program Files\CyberLink
2007-06-09 12:12:03 -------- d-----w C:\Program Files\MSBuild
2007-06-09 12:07:45 -------- d-----w C:\Program Files\Reference Assemblies
2007-06-04 19:18:48 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 19:17:02 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 19:14:56 6,272 ----a-w C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 02:45:09 -------- d-----w C:\Program Files\devnz
2007-06-02 21:47:05 -------- d-----w C:\Program Files\Scholastic
2007-06-02 15:59:12 -------- d-----w C:\Program Files\Common Files\IviSDK
2007-06-02 15:49:48 66,048 ----a-w C:\WINDOWS\system32\hcwxds.dll
2007-06-02 15:49:48 367,744 ----a-w C:\WINDOWS\system32\drivers\hcw18bda.sys
2007-06-02 15:49:48 174,716 ----a-w C:\WINDOWS\system32\drivers\hcw18enc.rom
2007-06-02 15:49:48 16,382 ----a-w C:\WINDOWS\system32\drivers\hcw18mlC.rom
2007-06-02 15:49:48 141,200 ----a-w C:\WINDOWS\system32\drivers\hcw18apu.rom
2007-06-02 15:49:48 14,264 ----a-w C:\WINDOWS\system32\drivers\hcw18mlB.rom
2007-06-02 06:23:02 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-02 06:22:51 0 --sha-r C:\MSDOS.SYS
2007-06-02 06:22:51 0 --sha-r C:\IO.SYS
2007-06-02 06:22:51 0 ----a-w C:\CONFIG.SYS
2007-06-02 06:22:51 0 ----a-w C:\AUTOEXEC.BAT
2007-06-02 06:21:23 -------- d--h--w C:\Program Files\WindowsUpdate
2007-06-02 06:20:35 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-02 06:20:28 -------- d-----w C:\Program Files\Movie Maker
2007-06-02 06:20:04 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-06-02 06:19:15 -------- d-----w C:\Program Files\Online Services
2007-06-02 06:19:11 -------- d-----w C:\Program Files\Messenger
2007-06-02 06:19:07 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-02 06:18:59 -------- d-----w C:\Program Files\Windows NT
2007-06-02 04:27:44 -------- d-----w C:\Program Files\Yahoo!
2007-06-02 04:26:40 -------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-06-02 04:19:44 -------- d-----w C:\DOCUME~1\Brian\APPLIC~1\Google
2007-06-02 04:17:28 36,932 ----a-w C:\WINDOWS\cmijack.dat
2007-06-02 04:12:37 -------- d-----w C:\Program Files\Google
2007-06-02 04:08:31 -------- d-----w C:\Program Files\C-Media
2007-06-02 04:08:06 139,264 ----a-w C:\WINDOWS\cmuninst.exe
2007-06-02 04:08:06 1,581,056 ----a-w C:\WINDOWS\mixer.exe
2007-06-02 04:08:05 712,704 ----a-w C:\WINDOWS\system32\Audio3D.dll
2007-06-02 04:08:05 712,704 ----a-w C:\WINDOWS\system32\a3d.dll
2007-06-02 04:08:05 379,726 ----a-w C:\WINDOWS\system32\drivers\cmaudio.sys
2007-06-02 04:08:05 32,768 ----a-w C:\WINDOWS\system32\cmnprop.dll
2007-06-02 04:08:05 20,333 ----a-w C:\WINDOWS\cmaudio.dat
2007-06-02 04:08:05 135,168 ----a-w C:\WINDOWS\cmuninst.dat
2007-06-02 04:07:37 -------- d-----w C:\Program Files\Common Files\McAfee
2007-06-02 04:07:14 -------- d-----w C:\Program Files\McAfee.com
2007-06-02 03:59:21 -------- d-----w C:\Program Files\TVersity
2007-06-01 23:10:34 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-01 23:10:32 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-01 14:59:26 749,641 ----a-w C:\WINDOWS\system32\hcwtvwnd.dll
2004-10-01 19:00:16 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2007-06-02 00:08 C:\WINDOWS\mixer.exe]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 18:22]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-08 10:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"zzzHPSETUP"="J:\Setup.exe" []
"Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\WMCCFG.exe" [2006-10-18 21:58]
"LoadMSvcmm"="L:\Program Files\Movielink\MovielinkManager\Movielink User.exe" [2007-07-16 13:27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 04:06]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-02 00:11]

C:\Documents and Settings\Brian\Start Menu\Programs\Startup\
GBPVRTray.exe.lnk - C:\DOCUME~1\Brian\APPLIC~1\Microsoft\Installer\{74D32E4A-F813-43DE-8402-0E012EE475F3}\Icon3C8F050B1.exe [2007-07-15 12:50:13]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoStart IR.lnk - C:\Program Files\WinTV\Ir.exe [2007-06-14 23:36:07]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-02 00:11:16]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-14 17:51:12]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-04-27 12:09:52]

R0 SI3112;SiI-3512 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3112.sys
R0 SiFilter;SATALink driver accelerator;C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
R0 SiRemFil;SATALink External Device Filter;C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
R0 uagp35;Microsoft AGPv3.5 Filter;C:\WINDOWS\system32\DRIVERS\uagp35.sys
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R3 cmpci;C-Media PCI Audio Driver (WDM);C:\WINDOWS\system32\drivers\cmaudio.sys
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\fetnd5.sys
R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\WINDOWS\system32\drivers\hcw18bda.sys
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\C:\WINDOWS\system32\drivers\NSDriver.sys
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\C:\WINDOWS\system32\drivers\AWRTPD.sys
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\C:\WINDOWS\system32\drivers\AWRTRD.sys
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 MPE;BDA MPE Filter;C:\WINDOWS\system32\DRIVERS\MPE.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"


Contents of the 'Scheduled Tasks' folder
2007-07-15 05:51:14 C:\WINDOWS\tasks\McDefragTask.job
2007-07-01 05:00:10 C:\WINDOWS\tasks\McQcTask.job
2007-07-25 01:24:03 C:\WINDOWS\tasks\Movielink Scheduler.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 06:16:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-29 6:19:28 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-29 06:18
C:\ComboFix2.txt ... 2007-07-28 21:47
C:\ComboFix3.txt ... 2007-07-28 17:52

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 07:35, on 7/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Ahead\InCD\InCD.exe
L:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\Program Files\devnz\gbpvr\GBPVRTray.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
L:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zzzHPSETUP] J:\Setup.exe /RESTART
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [LoadMSvcmm] "L:\Program Files\Movielink\MovielinkManager\Movielink User.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: GBPVRTray.exe.lnk = ?
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1180754971590
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GB-PVR Recording Service - WelltonWay - C:\Program Files\devnz\gbpvr\GBPVRRecordingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Movielink Core Service - Movielink LLC - L:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~2.EXE
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

Hi,

Your log looks clean again.

Delete the C:\Qoobox folder

Let me know how things are now..

Hello and thank you! Everything is back to normal. Thank you for your help!

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.