Inactive [InActive] Trojan.KillAV, Backdoor.Trojan & [DDS Logs included]

Hi guys,

First of all, thank you in advance for any help. You guys are amazing.

Basically, I first noticed my Firefox browser randomly closing my windows while I'd be viewing them or they would randomly crash. Then my Symantec Endpoint Protection started popping up a few weeks ago with detection of a Trojan virus but it would only be one or two infected files and while it said that the file (usually in the Windows System folder) was infected, it was able to quarantine them.

According to my Symantec Endpoint Quarantine logs, the infected files were as follows (each showing up multiple times in the log):

wpujm.tnl (C:\WINDOWS) --- Trojan.KillAV & Backdoor.Trojan
setup_u.exe (C:\WINDOWS\System32
A0030235.tnl (C:\WINDOWS\System Volume Information\_restore{.....)
A0031035.tnl (C:\WINDOWS\System Volume Information\_restore{.....)
A0032141.tnl (C:\WINDOWS\System Volume Information\_restore{.....)

Finally earlier today, I got completely fed up when my Symantec Protection popped up again but this time detected an alarming amount of files infected with Trojan.KillAV. I tried to do a System Restore back to several months ago when I know that my computer was clean but after trying it two times, each time I was met with a message saying that my computer could not be restored to the previous point. So, I'm guessing that function has been somehow disabled or infected, as well.

I'm currently running Windows XP Home Edition, Version 2002, just for reference.

I fear that the damage is only getting worse and I'm afraid that soon, everything must stop functioning properly, so I hope you guys can help me clean it up before that happens!

Thanks so much,
Ginsta

-------------------------------------------------------
Here's my DDS log:
-------------------------------------------------------

DDS (Ver_09-03-16.01) - NTFSx86
Run by Virginia at 0:07:16.89 on Sat 05/02/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.479.72 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Virginia.ZEPHYR\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0

\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_11\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh

networks\veoh\plugins\reg\VeohToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [µTorrent] "c:\program files\utorrent\utorrent.exe "
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe "
uRun: [uTorrent] "c:\program files\utorrent\utorrent.exe "
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_11\bin\jusched.exe "
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe "
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\virgin~1.zep\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural

color\NaturalColorLoad.exe
StartupFolder: c:\docume~1\virgin~1.zep\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-

000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0

\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10

\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\natura~1.lnk - c:\program files\sec\natural

color\NaturalColorLoad.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0

\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_11

\bin\npjpi150_11.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} - hxxp://www.clubbox.co.kr/neo.fld/NowStarter.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178227824718
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178227804078
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxp://vram9c.vcu.edu/dwa7W.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5364/mcfscan.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\virgin~1.zep\applic~1\mozilla\firefox\profiles\6rbi32nk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-10-23 8576]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-8-20 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-18 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-8-18 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-8-18 2238904]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-2

24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2009-3-21 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090501.035\NAVENG.SYS [2009-5-1 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090501.035\NAVEX15.SYS [2009-5-1 876144]
R3 WMP11V27;Instant Wireless PCI Card V2.7 Driver;c:\windows\system32\drivers\WMP11V27.sys [2006-5-10 171776]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-8-18 23888]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2006-5-10 31872]

=============== Created Last 30 ================

2009-04-18 02:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Digsby
2009-04-18 01:56 <DIR> --d----- c:\docume~1\virgin~1.zep\applic~1\Digsby
2009-04-18 01:52 <DIR> --d----- c:\program files\Digsby

==================== Find3M ====================

2009-02-04 15:32 41,696 a------- c:\docume~1\virgin~1.zep\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 0:08:14.90 ===============


-------------------------------------------------------
And my Attach log:
-------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/10/2006 8:52:30 PM
System Uptime: 5/1/2009 9:45:45 PM (3 hours ago)

Motherboard: First International Computer, Inc. | | VI35 Serials
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Socket 478

| 2666/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 114 GiB total, 6.357 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_90651509&REV_91\3&61AAA01&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_90651509&REV_91

\3&61AAA01&0&20
Service: SISNIC

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: SCSI/RAID Host Controller
Device ID: ROOT\VCDMPDRV\0000
Manufacturer: Unknown Manufacturer
Name: SCSI/RAID Host Controller
PNP Device ID: ROOT\VCDMPDRV\0000
Service: vcdmpdrv

==== System Restore Points ===================

RP77: 2/1/2009 5:16:27 AM - System Checkpoint
RP78: 2/3/2009 5:50:44 AM - System Checkpoint
RP79: 2/4/2009 6:28:36 AM - System Checkpoint
RP80: 2/6/2009 12:16:14 AM - System Checkpoint
RP81: 2/7/2009 12:16:32 AM - System Checkpoint
RP82: 2/8/2009 3:40:02 AM - System Checkpoint
RP83: 2/14/2009 5:26:28 AM - System Checkpoint
RP84: 2/15/2009 5:40:59 AM - System Checkpoint
RP85: 2/16/2009 6:41:11 AM - System Checkpoint
RP86: 2/19/2009 3:24:00 PM - System Checkpoint
RP87: 2/20/2009 5:13:24 PM - System Checkpoint
RP88: 2/23/2009 1:07:24 AM - System Checkpoint
RP89: 2/24/2009 2:58:08 AM - System Checkpoint
RP90: 2/25/2009 3:41:14 AM - System Checkpoint
RP91: 2/26/2009 4:41:14 AM - System Checkpoint
RP92: 3/4/2009 3:10:33 AM - System Checkpoint
RP93: 3/5/2009 4:06:22 AM - System Checkpoint
RP94: 3/6/2009 4:41:20 AM - System Checkpoint
RP95: 3/7/2009 5:41:25 AM - System Checkpoint
RP96: 3/8/2009 6:41:23 AM - System Checkpoint
RP97: 3/9/2009 7:41:20 AM - System Checkpoint
RP98: 3/10/2009 8:41:18 AM - System Checkpoint
RP99: 3/12/2009 4:30:13 AM - System Checkpoint
RP100: 3/14/2009 12:32:42 AM - System Checkpoint
RP101: 3/16/2009 6:08:18 AM - System Checkpoint
RP102: 3/17/2009 6:41:28 AM - System Checkpoint
RP103: 3/18/2009 7:41:26 AM - System Checkpoint
RP104: 3/19/2009 8:41:23 AM - System Checkpoint
RP105: 3/20/2009 4:11:44 PM - System Checkpoint
RP106: 3/21/2009 10:34:11 PM - System Checkpoint
RP107: 3/22/2009 10:55:39 PM - System Checkpoint
RP108: 3/24/2009 5:47:13 PM - System Checkpoint
RP109: 3/30/2009 5:28:59 AM - System Checkpoint
RP110: 3/31/2009 9:59:31 AM - System Checkpoint
RP111: 4/1/2009 12:39:18 AM - Installed Microsoft Office Word Viewer

2003
RP112: 4/2/2009 2:30:58 AM - Removed Microsoft Office Word Viewer 2003
RP113: 4/3/2009 3:52:02 AM - System Checkpoint
RP114: 4/4/2009 7:40:02 AM - System Checkpoint
RP115: 4/5/2009 8:06:40 AM - System Checkpoint
RP116: 4/7/2009 9:33:04 AM - System Checkpoint
RP117: 4/9/2009 11:07:03 AM - System Checkpoint
RP118: 4/13/2009 7:21:36 AM - System Checkpoint
RP119: 4/14/2009 7:32:10 AM - System Checkpoint
RP120: 4/15/2009 7:44:10 AM - System Checkpoint
RP121: 4/16/2009 1:26:22 PM - System Checkpoint
RP122: 4/17/2009 5:48:21 PM - System Checkpoint
RP123: 4/22/2009 5:13:49 AM - System Checkpoint
RP124: 4/25/2009 9:29:54 PM - System Checkpoint
RP125: 4/27/2009 6:56:17 AM - System Checkpoint
RP126: 4/28/2009 4:44:59 PM - System Checkpoint
RP127: 4/29/2009 4:46:32 PM - System Checkpoint
RP128: 4/30/2009 5:10:27 PM - System Checkpoint
RP129: 5/1/2009 9:34:28 PM - Restore Operation
RP130: 5/1/2009 9:54:26 PM - Restore Operation

==== Installed Programs ======================

µTorrent
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 7.0 Professional
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Setup
Adobe Shockwave Player
Adobe SING CS3
Adobe Stock Photos CS3
Adobe SVG Viewer
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Software Update
Canon MP Navigator 2.2
Canon MP530
Canon PIXMA iP6000D
Canon Utilities Easy-PhotoPrint
Combined Community Codec Pack 2007-02-22
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Digsby
Diskeeper 2008 Pro Premier
DivX Web Player
Easy-WebPrint
Exact Audio Copy 0.95b3
FLV Player 2.0 (build 25)
Guidua (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Indeo® Software
iPod for Windows 2005-10-12
iPod for Windows 2006-03-23
iTunes
J2SE Runtime Environment 5.0 Update 11
Last.fm 1.5.0.24910
LiveUpdate 3.3 (Symantec Corporation)
Microsoft .NET Framework 2.0
Microsoft Office Word Viewer 2003
Microsoft Office XP Professional with FrontPage
Microsoft Windows Journal Viewer
Mozilla Firefox (3.0.10)
MP3 To Ringtone Gold 3.50
Natural Color
Nero 6 Ultra Edition
OmniPage SE 2.0
Orbit Downloader
PDF Settings
PowerDVD
PowerISO
Presto! PageManager 7.15.11
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
SiS 900 PCI Fast Ethernet Adapter Driver
SSH Secure Shell
Stickies 6.5a
Symantec Endpoint Protection
The Rosetta Stone
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
VeohTV BETA
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xvid 1.1.2 final uninstall

==== Event Viewer Messages From Past Week ========

4/26/2009 9:00:01 AM, error: Schedule [7901] - The At10.job command

failed to start due to the following error: %%2147942402
4/26/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command

failed to start due to the following error: %%2147942402
4/26/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command

failed to start due to the following error: %%2147942402
4/26/2009 7:00:01 AM, error: Schedule [7901] - The At8.job command

failed to start due to the following error: %%2147942402
4/26/2009 7:00:01 AM, error: Schedule [7901] - The At32.job command

failed to start due to the following error: %%2147942402
4/26/2009 6:00:01 AM, error: Schedule [7901] - The At7.job command

failed to start due to the following error: %%2147942402
4/26/2009 6:00:01 AM, error: Schedule [7901] - The At31.job command

failed to start due to the following error: %%2147942402
4/26/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command

failed to start due to the following error: %%2147942402
4/26/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command

failed to start due to the following error: %%2147942402
4/26/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command

failed to start due to the following error: %%2147942402
4/26/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command

failed to start due to the following error: %%2147942402
4/26/2009 4:00:01 AM, error: Schedule [7901] - The At5.job command

failed to start due to the following error: %%2147942402
4/26/2009 4:00:01 AM, error: Schedule [7901] - The At29.job command

failed to start due to the following error: %%2147942402
4/26/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command

failed to start due to the following error: %%2147942402
4/26/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command

failed to start due to the following error: %%2147942402
4/26/2009 3:00:01 PM, error: Schedule [7901] - The At40.job command

failed to start due to the following error: %%2147942402
4/26/2009 3:00:01 PM, error: Schedule [7901] - The At16.job command

failed to start due to the following error: %%2147942402
4/26/2009 3:00:01 AM, error: Schedule [7901] - The At4.job command

failed to start due to the following error: %%2147942402
4/26/2009 3:00:01 AM, error: Schedule [7901] - The At28.job command

failed to start due to the following error: %%2147942402
4/26/2009 2:00:01 PM, error: Schedule [7901] - The At39.job command

failed to start due to the following error: %%2147942402
4/26/2009 2:00:01 PM, error: Schedule [7901] - The At15.job command

failed to start due to the following error: %%2147942402
4/26/2009 2:00:01 AM, error: Schedule [7901] - The At3.job command

failed to start due to the following error: %%2147942402
4/26/2009 2:00:01 AM, error: Schedule [7901] - The At27.job command

failed to start due to the following error: %%2147942402
4/26/2009 12:47:00 AM, error: Schedule [7901] - The At1.job command

failed to start due to the following error: %%2147942402
4/26/2009 12:00:01 PM, error: Schedule [7901] - The At37.job command

failed to start due to the following error: %%2147942402
4/26/2009 12:00:01 PM, error: Schedule [7901] - The At13.job command

failed to start due to the following error: %%2147942402
4/26/2009 11:00:01 AM, error: Schedule [7901] - The At36.job command

failed to start due to the following error: %%2147942402
4/26/2009 11:00:01 AM, error: Schedule [7901] - The At12.job command

failed to start due to the following error: %%2147942402
4/26/2009 10:00:01 AM, error: Schedule [7901] - The At11.job command

failed to start due to the following error: %%2147942402
4/26/2009 1:00:08 PM, error: Schedule [7901] - The At38.job command

failed to start due to the following error: %%2147942402
4/26/2009 1:00:06 PM, error: Schedule [7901] - The At14.job command

failed to start due to the following error: %%2147942402
4/26/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command

failed to start due to the following error: %%2147942402
4/25/2009 9:00:02 PM, error: Schedule [7901] - The At46.job command

failed to start due to the following error: %%2147942402
4/25/2009 9:00:02 PM, error: Schedule [7901] - The At22.job command

failed to start due to the following error: %%2147942402
4/25/2009 8:00:01 PM, error: Schedule [7901] - The At45.job command

failed to start due to the following error: %%2147942402
4/25/2009 8:00:01 PM, error: Schedule [7901] - The At21.job command

failed to start due to the following error: %%2147942402
4/25/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command

failed to start due to the following error: %%2147942402
4/25/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command

failed to start due to the following error: %%2147942402
4/25/2009 6:00:02 PM, error: Schedule [7901] - The At43.job command

failed to start due to the following error: %%2147942402
4/25/2009 6:00:02 PM, error: Schedule [7901] - The At19.job command

failed to start due to the following error: %%2147942402
4/25/2009 11:00:01 PM, error: Schedule [7901] - The At48.job command

failed to start due to the following error: %%2147942402
4/25/2009 11:00:01 PM, error: Schedule [7901] - The At24.job command

failed to start due to the following error: %%2147942402
4/25/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command

failed to start due to the following error: %%2147942402
4/25/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command

failed to start due to the following error: %%2147942402

==== End Of File ===========================

 

Hi and welcome

Sorry for the delay.


Do this first.
Open Notepad, at the top click on Format......uncheck word wrap.


Download worksnow from HERE:

[color= "purple"]* IMPORTANT !!! Save worksnow to your Desktop[/color]

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
  
• Double click on worksnow & follow the prompts.
  
  Note: worksnow will run without the Recovery Console installed.
  
• As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color= "blue"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.[/color]

​

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.[color= "red"]Do not mouse-click Combofix's window while it is running. That may cause it to stall.[/color]
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.