hijack this log

M

mangofresh

New Member
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:03:33 PM, on 2/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\docume~1\jc\locals~1\temp\cg0 .exe
c:\docume~1\jc\locals~1\temp\cg0 .exe
C:\Documents and Settings\JC\Application Data\SystemProc\lsass.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\program files\common files\installshield\updateservice\issch .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
c:\docume~1\jc\locals~1\temp\jlono .exe
c:\documents and settings\jc\application data\octoshape\octoshape streaming services\octoshapeclient .exe
c:\program files\common files\symantec shared\ccapp .exe
c:\progra~1\symant~1\vptray .exe
C:\DOCUME~1\JC\LOCALS~1\Temp\smss.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\nvsvc32.exe
C:\DOCUME~1\JC\LOCALS~1\Temp\drweb.exe
c:\program files\gigabyte\gbtupd\GBTUpd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: (no name) - {b1b4736f-c15a-4114-aa48-579196e2ec02} - zusasawe.dll (file missing)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vnirucucaqiqe] rundll32.exe "C:\WINDOWS\egujofuloh.dll",Startup
O4 - HKLM\..\Run: [sogekomezu] Rundll32.exe "sazegoka.dll",s
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
O4 - HKCU\..\Run: [BMIMZMHMFM] c:\docume~1\jc\locals~1\temp\cg0 .exe
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] c:\docume~1\jc\locals~1\temp\jlono .exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JC\LOCALS~1\Temp\drweb.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\JC\Application Data\SystemProc\lsass.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{75D2E30B-06D2-471F-B47B-B772629BFF2E}: NameServer = 93.188.162.210,93.188.161.16
O17 - HKLM\System\CCS\Services\Tcpip\..\{79FDB883-0E65-4825-A5BA-7EFD2706DE50}: NameServer = 93.188.162.210,93.188.161.16
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.210,93.188.161.16
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.210,93.188.161.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.210,93.188.161.16
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8289 bytes

The infection won't let me install malwarebytes atm.
 
If you can't install malwarebytes boot to safe mode and run combofix. You may have to download it from a different computer and transfer it via a usb flash drive.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
ComboFix 10-02-01.02 - JC 02/01/2010 22:10:09.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2809 [GMT -5:00]
Running from: c:\documents and settings\JC\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JC\Application Data\AntiVirus Plus
c:\documents and settings\JC\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll
c:\documents and settings\JC\Application Data\avp.ico
c:\documents and settings\JC\Application Data\SystemProc
c:\documents and settings\JC\Application Data\SystemProc\lsass.exe
c:\documents and settings\JC\Local Settings\Application Data\{09FB72EA-1FF6-4D3E-96E4-AD680B8E8B77}
c:\documents and settings\JC\Local Settings\Application Data\{09FB72EA-1FF6-4D3E-96E4-AD680B8E8B77}\chrome.manifest
c:\documents and settings\JC\Local Settings\Application Data\{09FB72EA-1FF6-4D3E-96E4-AD680B8E8B77}\chrome\content\_cfg.js
c:\documents and settings\JC\Local Settings\Application Data\{09FB72EA-1FF6-4D3E-96E4-AD680B8E8B77}\chrome\content\overlay.xul
c:\documents and settings\JC\Local Settings\Application Data\{09FB72EA-1FF6-4D3E-96E4-AD680B8E8B77}\install.rdf
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\egujofuloh.dll
c:\windows\system32\alcwzrd .exe
c:\windows\system32\certstore.dat
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
c:\windows\system32\rthdcpl .exe
c:\windows\system32\rthdcpl.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\smss32 .exe
c:\windows\system32\soundman .exe
c:\windows\system32\spool\prtprocs\w32x86\00004c0e.tmp
c:\windows\system32\xraidsetup .exe
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_IAS
-------\Service_6to4
-------\Service_Ias


((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 02:44 . 2010-02-02 02:44 52224 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 02:44 . 2010-02-02 02:44 117760 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-02 02:44 . 2010-02-02 03:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com
2010-02-02 02:26 . 2010-02-02 02:26 0 ----a-w- c:\windows\Blogikujika.bin
2010-02-02 02:26 . 2010-02-02 02:26 120 ----a-w- c:\windows\Amarozolo.dat
2010-02-02 02:24 . 2010-02-02 02:24 69120 ----a-w- c:\windows\system32\app_dll.dll
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\alcwzrd.exe
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\soundman.exe
2010-02-02 02:22 . 2010-02-02 02:22 39424 ----a-w- C:\yfoku.exe
2010-02-02 02:22 . 2010-02-02 02:22 52224 ----a-w- C:\ojjw.exe
2010-02-02 02:22 . 2010-02-02 02:22 34304 ----a-w- C:\sckw.exe
2010-01-24 04:18 . 2010-01-24 04:18 -------- d-----w- c:\program files\Veoh Networks
2010-01-24 03:51 . 2010-01-24 03:55 -------- d-----w- c:\documents and settings\JC\Application Data\vlc
2010-01-24 03:50 . 2010-01-24 03:50 -------- d-----w- c:\program files\VideoLAN
2010-01-12 03:48 . 2010-01-12 03:48 -------- d-----w- c:\program files\CPUID
2010-01-12 03:48 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-01-07 08:17 . 2010-01-07 17:02 -------- d-----w- c:\documents and settings\JC\Application Data\skypePM
2010-01-07 08:17 . 2010-01-07 08:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-07 08:15 . 2010-01-07 17:04 -------- d-----w- c:\documents and settings\JC\Application Data\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----r- c:\program files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-07 02:25 . 2010-01-07 02:25 388096 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 02:25 . 2010-01-07 02:25 -------- d-----w- c:\program files\TrendMicro
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2010-01-07 02:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:23 . 2010-02-02 02:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 02:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 03:16 . 2010-02-02 03:16 39424 ----a-w- c:\documents and settings\JC\rundll32 .exe
2010-02-02 03:16 . 2009-09-04 15:27 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-02 03:16 . 2009-09-04 15:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 03:16 . 2009-03-16 17:45 39424 ----a-w- c:\windows\system32\xraidsetup.exe
2010-02-02 03:16 . 2010-02-02 03:16 39424 ----a-w- c:\documents and settings\JC\alcwzrd.exe
2010-02-02 03:16 . 2010-02-02 03:16 39424 ----a-w- c:\documents and settings\JC\soundman.exe
2010-02-02 03:16 . 2010-02-02 03:16 39424 ----a-w- c:\documents and settings\JC\rthdcpl.exe
2010-02-02 03:16 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:15 . 2009-11-07 02:16 71960 ----a-w- c:\documents and settings\JC\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-02-02 03:14 . 2009-03-16 17:36 16608 ----a-w- c:\windows\gdrv.sys
2010-02-02 03:03 . 2009-03-16 17:45 39424 ----a-w- c:\windows\system32\xraidsetup .exe
2010-02-02 03:03 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:44 . 2009-03-16 17:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 02:37 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:23 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient.exe
2010-02-02 02:22 . 2010-02-02 02:22 42496 ----a-w- c:\windows\system32\info.tmp
2010-02-01 20:35 . 2009-04-03 15:52 -------- d-----w- c:\documents and settings\JC\Application Data\LimeWire
2010-01-18 08:46 . 2009-07-28 04:40 -------- d-----w- c:\program files\Warcraft III
2010-01-12 04:36 . 2009-03-16 16:51 -------- d-----w- c:\program files\World of Warcraft
2010-01-12 03:45 . 2009-03-16 17:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-12 03:45 . 2009-03-16 17:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 03:45 . 2009-11-20 01:45 -------- d-----w- c:\program files\LG Outlook Sync
2010-01-12 03:45 . 2009-11-20 01:48 -------- d-----w- c:\documents and settings\JC\Application Data\LG Electronics
2010-01-07 06:14 . 2009-03-16 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-26 00:58 . 2009-12-08 23:57 -------- d-----w- c:\program files\Garena
2009-12-22 05:42 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 01:13 . 2009-11-23 19:36 79488 ----a-w- c:\documents and settings\JC\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 14:46 . 2009-12-13 06:04 -------- d-----w- c:\documents and settings\JC\Application Data\U3
2009-12-08 16:50 . 2009-12-08 07:50 -------- d-----w- c:\program files\auto-clicker
2009-12-08 07:53 . 2009-12-08 07:53 -------- d-----w- c:\program files\AutoClick
2009-11-21 16:36 . 2004-08-04 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 03:52 . 2009-03-16 17:08 44976 ----a-w- c:\documents and settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-20 03:51 . 2009-11-20 03:51 53248 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}\ARPPRODUCTICON.exe
.
Code: 
<pre>
c:\program files\Adobe\acrotray .exe
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\GIGABYTE\GBTUpd\prerun .exe
c:\program files\SUPERAntiSpyware\superantispyware .exe
c:\program files\Symantec AntiVirus\vptray .exe
c:\windows\RaidTool\xinside .exe
c:\windows\system32\xraidsetup .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-01-07_04.27.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 03:14 . 2010-02-02 03:14 16384 c:\windows\temp\Perflib_Perfdata_720.dat
+ 2010-02-02 03:14 . 2010-02-02 03:14 16384 c:\windows\temp\Perflib_Perfdata_644.dat
+ 2009-11-20 03:49 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
- 2009-11-20 03:49 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 39424 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 16384 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 96256 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\fontsub.dll
- 2004-08-04 12:00 . 2009-06-16 14:55 82432 c:\windows\system32\fontsub.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 55808 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 55808 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 16384 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 96256 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 81920 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-09-25 05:56 81920 c:\windows\system32\dllcache\ieencode.dll
- 2009-03-16 17:01 . 2009-10-27 11:06 18432 c:\windows\system32\dllcache\iedw.exe
+ 2009-03-16 17:01 . 2009-12-16 12:57 18432 c:\windows\system32\dllcache\iedw.exe
+ 2004-08-04 12:00 . 2009-10-15 17:21 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-04 12:00 . 2009-06-16 14:55 82432 c:\windows\system32\dllcache\fontsub.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 55808 c:\windows\system32\dllcache\extmgr.dll
- 2009-03-16 17:06 . 2009-03-16 17:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-03-16 17:06 . 2010-02-02 03:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-02 02:37 . 2010-02-02 03:02 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-03-16 17:06 . 2009-03-16 17:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-03-16 17:45 . 2010-02-02 03:16 39424 c:\windows\RaidTool\xinside.exe
+ 2010-02-02 02:44 . 2010-02-02 02:44 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-02 02:44 . 2010-02-02 02:44 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2004-08-04 12:00 . 2004-08-04 12:00 41472 c:\windows\bvjedmol.dll
+ 2010-02-02 02:44 . 2010-02-02 02:44 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
- 2009-03-16 21:39 . 2009-10-27 10:45 352768 c:\windows\system32\xpsp3res.dll
+ 2009-03-16 21:39 . 2009-12-16 13:33 352768 c:\windows\system32\xpsp3res.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 624640 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2009-10-16 03:51 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 12:00 . 2009-06-16 14:55 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\shlwapi.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 532480 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 532480 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 146432 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 146432 c:\windows\system32\msrating.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 449024 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 449024 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 251392 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 205312 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 357888 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 357888 c:\windows\system32\dxtmsft.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 662016 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 662016 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 624640 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 624640 c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00 . 2009-06-16 14:55 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-10-16 03:51 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2004-08-04 12:00 . 2009-12-08 09:13 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 532480 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 146432 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 146432 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 251392 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 251392 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 205312 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 357888 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 151040 c:\windows\system32\dllcache\cdfview.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2004-08-04 12:00 . 2009-11-21 16:36 470528 c:\windows\system32\dllcache\aclayers.dll
+ 2010-02-02 02:37 . 2010-02-02 03:00 262144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
- 2004-08-04 12:00 . 2009-10-29 05:48 151040 c:\windows\system32\cdfview.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 151040 c:\windows\system32\cdfview.dll
+ 2010-01-07 08:15 . 2010-01-07 08:15 794112 c:\windows\Installer\6221ad.msi
+ 2010-01-07 08:15 . 2010-01-07 08:15 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
+ 2004-08-04 12:00 . 2009-12-22 05:42 1506304 c:\windows\system32\shdocvw.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 1506304 c:\windows\system32\shdocvw.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 3063808 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 1506304 c:\windows\system32\dllcache\shdocvw.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 1506304 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 3063808 c:\windows\system32\dllcache\mshtml.dll
- 2004-08-04 12:00 . 2009-09-25 05:56 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 1054208 c:\windows\system32\dllcache\danim.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 1023488 c:\windows\system32\dllcache\browseui.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 1023488 c:\windows\system32\dllcache\browseui.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 1054208 c:\windows\system32\danim.dll
- 2004-08-04 12:00 . 2009-09-25 05:56 1054208 c:\windows\system32\danim.dll
- 2004-08-04 12:00 . 2009-10-29 05:48 1023488 c:\windows\system32\browseui.dll
+ 2004-08-04 12:00 . 2009-12-22 05:42 1023488 c:\windows\system32\browseui.dll
+ 2010-02-02 02:44 . 2010-02-02 02:44 1583616 c:\windows\Installer\7f638.msi
+ 2010-01-07 08:15 . 2010-01-07 08:15 1565696 c:\windows\Installer\6221a8.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe -inv:bootrun" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-02 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2010-02-02 39424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-02-02 39424]
"GBTUpd"="c:\program files\gigabyte\gbtupd\PreRun.exe" [2010-02-02 39424]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2010-02-02 39424]
"AlcWzrd"="ALCWZRD.EXE" [2010-02-02 39424]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-02-02 39424]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-02-02 39424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-02-02 39424]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2010-02-02 39424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Vnirucucaqiqe"="c:\windows\egujofuloh.dll" [N/A]
"sogekomezu"="sazegoka.dll" [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"RTHDBPL"="c:\documents and settings\JC\Application Data\SystemProc\lsass.exe" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\resources\Themes\EXE\RONIZ.PO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli bvjedmol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\kjcx0\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\JC\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Documents and Settings\\JC\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 
Start by removing these from your trusted zone.

O15 - Trusted Zone: http://*.buy-internet-security10.com
O15 - Trusted Zone: http://*.is-soft-download.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-internet-security10.com (HKLM)


Rerun hijackthis and place a check next to those entries and then click on fix checked.

You are still infected with these entries.

O4 - HKLM\..\Run: [Vnirucucaqiqe] rundll32.exe "C:\WINDOWS\egujofuloh.dll",Startup
O4 - HKLM\..\Run: [sogekomezu] Rundll32.exe "sazegoka.dll",s
O4 - HKCU\..\Run: [BMIMZMHMFM] c:\docume~1\jc\locals~1\temp\cg0 .exe
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] c:\docume~1\jc\locals~1\temp\jlono .exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\JC\LOCALS~1\Temp\drweb.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1

combofix should take care of those though.
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/16/2009 12:40 PM 68136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 7:00 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [1/11/2010 10:48 PM 12672]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp --> c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/6/2010 9:23 PM 38224]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 5:04 PM 551680]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 6:32 PM 116416]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-02 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 03:16]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internet-security10.com
Trusted Zone: is-soft-download.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-internet-security10.com
TCP: {75D2E30B-06D2-471F-B47B-B772629BFF2E} = 93.188.162.210,93.188.161.16
TCP: {79FDB883-0E65-4825-A5BA-7EFD2706DE50} = 93.188.162.210,93.188.161.16
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{b1b4736f-c15a-4114-aa48-579196e2ec02} - zusasawe.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 22:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\JC\Application Data\SystemProc\lsass.exe??#???????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(1040)
c:\windows\bvjedmol.dll

- - - - - - - > 'explorer.exe'(3520)
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\msls31.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\bvjedmol.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\common files\installshield\updateservice\issch .exe
c:\documents and settings\jc\application data\octoshape\octoshape streaming services\octoshapeclient .exe
c:\program files\superantispyware\superantispyware .exe
c:\program files\common files\symantec shared\ccapp .exe
c:\progra~1\symant~1\vptray .exe
.
**************************************************************************
.
Completion time: 2010-02-01 22:18:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 03:18
ComboFix2.txt 2010-01-20 07:52
ComboFix3.txt 2010-01-07 17:47
ComboFix4.txt 2010-01-07 04:28

Pre-Run: 358,839,996,416 bytes free
Post-Run: 359,028,948,992 bytes free

- - End Of File - - 441606BEA04FF0681E6201FC97D2E004

I'm actually running malwarebytes right now.
 
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 10:30:23 PM, on 2/1/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
c:\program files\common files\installshield\updateservice\issch .exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
c:\program files\common files\symantec shared\ccapp .exe
c:\documents and settings\jc\application data\octoshape\octoshape streaming services\octoshapeclient .exe
c:\progra~1\symant~1\vptray .exe
c:\program files\superantispyware\superantispyware .exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vnirucucaqiqe] rundll32.exe "C:\WINDOWS\egujofuloh.dll",Startup
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6675 bytes
 
I need to see the malwarebytes log please. There were items in your combofix log that I need to see if malwarebytes has removed.
 
Malwarebytes' Anti-Malware 1.44
Database version: 3675
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/1/2010 10:44:04 PM
mbam-log-2010-02-01 (22-44-01).txt

Scan type: Quick Scan
Objects scanned: 108928
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\JC\Local Settings\temp\wmpscfgs.exe (Trojan.Agent) -> No action taken.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\JC\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

I have already restarted my computer when malwarebytes suggest. The same 3 infections are still there.
 
Did you have malwarebytes remove those infections?

Give me a few minutes and i'll prepare a combofix script for you and i'll post it.
 
1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code: 
Killall::

File::
c:\windows\Blogikujika.bin
c:\windows\Amarozolo.dat
C:\yfoku.exe
C:\ojjw.exe
C:\sckw.exe
c:\documents and settings\JC\rundll32 .exe
c:\windows\system32\info.tmp

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!


CFScript-1.gif


ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
 
ComboFix 10-02-01.02 - JC 02/01/2010 23:42:51.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2644 [GMT -5:00]
Running from: c:\documents and settings\JC\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\JC\Desktop\cfscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

FILE ::
"c:\documents and settings\JC\rundll32 .exe"
"C:\ojjw.exe"
"C:\sckw.exe"
"c:\windows\Amarozolo.dat"
"c:\windows\Blogikujika.bin"
"c:\windows\system32\info.tmp"
"C:\yfoku.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JC\alcwzrd.exe
c:\documents and settings\JC\rthdcpl.exe
c:\documents and settings\JC\rundll32 .exe
c:\documents and settings\JC\rundll32.exe
c:\documents and settings\JC\soundman.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\xraidsetup .exe
.
---- Previous Run -------
.
c:\documents and settings\JC\alcwzrd .exe
c:\documents and settings\JC\alcwzrd.exe
c:\documents and settings\JC\rthdcpl .exe
c:\documents and settings\JC\rthdcpl.exe
c:\documents and settings\JC\soundman .exe
c:\documents and settings\JC\soundman.exe
c:\windows\Amarozolo.dat
c:\windows\Blogikujika.bin
c:\windows\system32\xraidsetup .exe

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 04:25 . 2010-02-02 04:25 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:44 . 2010-02-02 02:44 52224 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 02:44 . 2010-02-02 02:44 117760 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-02 02:44 . 2010-02-02 04:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com
2010-02-02 02:24 . 2010-02-02 02:24 69120 ----a-w- c:\windows\system32\app_dll.dll
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\alcwzrd.exe
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\soundman.exe
2010-01-24 04:18 . 2010-01-24 04:18 -------- d-----w- c:\program files\Veoh Networks
2010-01-24 03:51 . 2010-01-24 03:55 -------- d-----w- c:\documents and settings\JC\Application Data\vlc
2010-01-24 03:50 . 2010-01-24 03:50 -------- d-----w- c:\program files\VideoLAN
2010-01-12 03:48 . 2010-01-12 03:48 -------- d-----w- c:\program files\CPUID
2010-01-12 03:48 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-01-07 08:17 . 2010-01-07 17:02 -------- d-----w- c:\documents and settings\JC\Application Data\skypePM
2010-01-07 08:17 . 2010-01-07 08:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-07 08:15 . 2010-01-07 17:04 -------- d-----w- c:\documents and settings\JC\Application Data\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----r- c:\program files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-07 02:25 . 2010-01-07 02:25 388096 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 02:25 . 2010-01-07 02:25 -------- d-----w- c:\program files\TrendMicro
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2010-01-07 02:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:23 . 2010-02-02 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 02:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 04:48 . 2010-02-02 04:48 39424 ----a-w- c:\documents and settings\JC\rundll32.exe
2010-02-02 04:48 . 2010-02-02 04:48 39424 ----a-w- c:\documents and settings\JC\rundll32 .exe
2010-02-02 04:48 . 2009-09-04 15:27 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-02 04:48 . 2009-09-04 15:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 04:48 . 2009-03-16 17:45 39424 ----a-w- c:\windows\system32\xraidsetup.exe
2010-02-02 04:48 . 2010-02-02 04:48 39424 ----a-w- c:\documents and settings\JC\alcwzrd.exe
2010-02-02 04:48 . 2010-02-02 04:48 39424 ----a-w- c:\documents and settings\JC\soundman.exe
2010-02-02 04:48 . 2010-02-02 04:48 39424 ----a-w- c:\documents and settings\JC\rthdcpl.exe
2010-02-02 04:48 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 04:47 . 2009-11-07 02:16 71960 ----a-w- c:\documents and settings\JC\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-02-02 04:47 . 2009-03-16 17:36 16608 ----a-w- c:\windows\gdrv.sys
2010-02-02 04:25 . 2009-03-16 17:45 39424 ----a-w- c:\windows\system32\xraidsetup .exe
2010-02-02 03:39 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:29 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:16 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:03 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:44 . 2009-03-16 17:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 02:37 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:23 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient.exe
2010-02-01 20:35 . 2009-04-03 15:52 -------- d-----w- c:\documents and settings\JC\Application Data\LimeWire
2010-01-18 08:46 . 2009-07-28 04:40 -------- d-----w- c:\program files\Warcraft III
2010-01-12 04:36 . 2009-03-16 16:51 -------- d-----w- c:\program files\World of Warcraft
2010-01-12 03:45 . 2009-03-16 17:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-12 03:45 . 2009-03-16 17:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 03:45 . 2009-11-20 01:45 -------- d-----w- c:\program files\LG Outlook Sync
2010-01-12 03:45 . 2009-11-20 01:48 -------- d-----w- c:\documents and settings\JC\Application Data\LG Electronics
2010-01-07 06:14 . 2009-03-16 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-26 00:58 . 2009-12-08 23:57 -------- d-----w- c:\program files\Garena
2009-12-22 05:42 . 2004-08-04 12:00 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 01:13 . 2009-11-23 19:36 79488 ----a-w- c:\documents and settings\JC\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 14:46 . 2009-12-13 06:04 -------- d-----w- c:\documents and settings\JC\Application Data\U3
2009-12-08 16:50 . 2009-12-08 07:50 -------- d-----w- c:\program files\auto-clicker
2009-12-08 07:53 . 2009-12-08 07:53 -------- d-----w- c:\program files\AutoClick
2009-11-21 16:36 . 2004-08-04 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 03:52 . 2009-03-16 17:08 44976 ----a-w- c:\documents and settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-20 03:51 . 2009-11-20 03:51 53248 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}\ARPPRODUCTICON.exe
.
Code: 
<pre>
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\GIGABYTE\GBTUpd\prerun .exe
c:\program files\SUPERAntiSpyware\superantispyware .exe
c:\program files\Symantec AntiVirus\vptray .exe
c:\windows\RaidTool\xinside .exe
c:\windows\system32\xraidsetup .exe
</pre>

((((((((((((((((((((((((((((( SnapShot_2010-02-02_03.15.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 04:47 . 2010-02-02 04:47 16384 c:\windows\temp\Perflib_Perfdata_cc.dat
+ 2010-02-02 04:47 . 2010-02-02 04:47 16384 c:\windows\temp\Perflib_Perfdata_744.dat
+ 2009-03-16 17:45 . 2010-02-02 04:48 39424 c:\windows\RaidTool\xinside.exe
- 2009-03-16 17:45 . 2010-02-02 03:16 39424 c:\windows\RaidTool\xinside.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe -inv:bootrun" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-02 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2010-02-02 39424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-02-02 39424]
"GBTUpd"="c:\program files\gigabyte\gbtupd\PreRun.exe" [2010-02-02 39424]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2010-02-02 39424]
"AlcWzrd"="ALCWZRD.EXE" [2010-02-02 39424]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-02-02 39424]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-02-02 39424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-02-02 39424]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2010-02-02 39424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Vnirucucaqiqe"="c:\windows\egujofuloh.dll" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\resources\Themes\EXE\RONIZ.PO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\kjcx0\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\JC\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Documents and Settings\\JC\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/16/2009 12:40 PM 68136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 7:00 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [1/11/2010 10:48 PM 12672]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp --> c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 5:04 PM 551680]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 6:32 PM 116416]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-02 c:\windows\Tasks\At1.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At10.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At11.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At12.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At13.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At14.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At15.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At16.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At17.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At18.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At19.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At2.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At20.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At21.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At22.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At23.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At24.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At3.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At4.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At5.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At6.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At7.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At8.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]

2010-02-02 c:\windows\Tasks\At9.job
- c:\program files\internet explorer\wmpscfgs.exe [2010-02-02 04:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-01 23:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\browselc.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\common files\installshield\updateservice\issch .exe
c:\documents and settings\jc\application data\octoshape\octoshape streaming services\octoshapeclient .exe
c:\program files\superantispyware\superantispyware .exe
c:\program files\common files\symantec shared\ccapp .exe
c:\progra~1\symant~1\vptray .exe
.
**************************************************************************
.
Completion time: 2010-02-01 23:50:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 04:50
ComboFix2.txt 2010-02-02 03:18
ComboFix3.txt 2010-01-20 07:52
ComboFix4.txt 2010-01-07 17:47
ComboFix5.txt 2010-02-02 04:16

Pre-Run: 358,305,038,336 bytes free
Post-Run: 358,267,805,696 bytes free

- - End Of File - - D6E8FCCB14A4FD95A19AE22DD0228C25

I have this random white box on the bottom right of my desktop. And this has been here since the infection. But it went away for a short period of time after comboxfix restarted but when I restarted again its here again. Not sure if its related to the infection or not though.
 
Download OTMoveIt.exe from here.

http://www.4shared.com/file/18916319/f33adc94/OTMoveIt.html

Save it to your desktop.
Please double-click OTMoveIt.exe to run it. Copy the contents of the codebox below to the clipboard[/b] by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: 
:files
c:\windows\Tasks\*.job

Return to OTMoveIt, right click in the Paste List of Files/Folders to Move window and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Once done, run ComboFix again and post both its log and the OTMoveIt log.
 
ComboFix 10-02-01.02 - JC 02/02/2010 0:45.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2675 [GMT -5:00]
Running from: c:\documents and settings\JC\My Documents\Downloads\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JC\alcwzrd .exe
c:\documents and settings\JC\alcwzrd.exe
c:\documents and settings\JC\rthdcpl .exe
c:\documents and settings\JC\rthdcpl.exe
c:\documents and settings\JC\rundll32 .exe
c:\documents and settings\JC\rundll32.exe
c:\documents and settings\JC\soundman .exe
c:\documents and settings\JC\soundman.exe
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\xraidsetup .exe

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 05:39 . 2010-02-02 05:39 -------- d-----w- C:\_OTMoveIt
2010-02-02 04:25 . 2010-02-02 04:25 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:44 . 2010-02-02 02:44 52224 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-02 02:44 . 2010-02-02 02:44 117760 ----a-w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-02 02:44 . 2010-02-02 05:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-02 02:44 . 2010-02-02 02:44 -------- d-----w- c:\documents and settings\JC\Application Data\SUPERAntiSpyware.com
2010-02-02 02:24 . 2010-02-02 02:24 69120 ----a-w- c:\windows\system32\app_dll.dll
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\alcwzrd.exe
2010-02-02 02:23 . 2010-02-02 03:03 39424 ----a-w- c:\windows\system32\soundman.exe
2010-01-24 04:18 . 2010-01-24 04:18 -------- d-----w- c:\program files\Veoh Networks
2010-01-24 03:51 . 2010-01-24 03:55 -------- d-----w- c:\documents and settings\JC\Application Data\vlc
2010-01-24 03:50 . 2010-01-24 03:50 -------- d-----w- c:\program files\VideoLAN
2010-01-12 03:48 . 2010-01-12 03:48 -------- d-----w- c:\program files\CPUID
2010-01-12 03:48 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-01-07 08:17 . 2010-01-07 17:02 -------- d-----w- c:\documents and settings\JC\Application Data\skypePM
2010-01-07 08:17 . 2010-01-07 08:17 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-07 08:15 . 2010-01-07 17:04 -------- d-----w- c:\documents and settings\JC\Application Data\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\program files\Common Files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----r- c:\program files\Skype
2010-01-07 08:15 . 2010-01-07 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-07 02:25 . 2010-01-07 02:25 388096 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-07 02:25 . 2010-01-07 02:25 -------- d-----w- c:\program files\TrendMicro
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\JC\Application Data\Malwarebytes
2010-01-07 02:23 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 02:23 . 2010-02-02 03:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-07 02:23 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 02:23 . 2010-01-07 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 05:43 . 2009-09-04 15:27 -------- d-----w- c:\program files\Symantec AntiVirus
2010-02-02 05:43 . 2009-09-04 15:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-02 05:43 . 2009-03-16 17:45 39424 ----a-w- c:\windows\system32\xraidsetup.exe
2010-02-02 05:42 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 05:41 . 2009-11-07 02:16 71960 ----a-w- c:\documents and settings\JC\Application Data\Mozilla\Plugins\npoctoshape.dll
2010-02-02 05:41 . 2009-03-16 17:36 16608 ----a-w- c:\windows\gdrv.sys
2010-02-02 04:48 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:39 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:29 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:16 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 03:03 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:44 . 2009-03-16 17:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 02:37 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe
2010-02-02 02:23 . 2009-11-07 02:16 39424 ----a-w- c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient.exe
2010-02-01 20:35 . 2009-04-03 15:52 -------- d-----w- c:\documents and settings\JC\Application Data\LimeWire
2010-01-18 08:46 . 2009-07-28 04:40 -------- d-----w- c:\program files\Warcraft III
2010-01-12 04:36 . 2009-03-16 16:51 -------- d-----w- c:\program files\World of Warcraft
2010-01-12 03:45 . 2009-03-16 17:37 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-12 03:45 . 2009-03-16 17:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-12 03:45 . 2009-11-20 01:45 -------- d-----w- c:\program files\LG Outlook Sync
2010-01-12 03:45 . 2009-11-20 01:48 -------- d-----w- c:\documents and settings\JC\Application Data\LG Electronics
2010-01-07 06:14 . 2009-03-16 23:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-26 00:58 . 2009-12-08 23:57 -------- d-----w- c:\program files\Garena
2009-12-22 05:42 . 2004-08-04 12:00 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 01:13 . 2009-11-23 19:36 79488 ----a-w- c:\documents and settings\JC\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 14:46 . 2009-12-13 06:04 -------- d-----w- c:\documents and settings\JC\Application Data\U3
2009-12-08 16:50 . 2009-12-08 07:50 -------- d-----w- c:\program files\auto-clicker
2009-12-08 07:53 . 2009-12-08 07:53 -------- d-----w- c:\program files\AutoClick
2009-11-21 16:36 . 2004-08-04 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 03:52 . 2009-03-16 17:08 44976 ----a-w- c:\documents and settings\JC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-20 03:51 . 2009-11-20 03:51 53248 ----a-r- c:\documents and settings\JC\Application Data\Microsoft\Installer\{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}\ARPPRODUCTICON.exe
.
Code: 
<pre>
c:\program files\Common Files\InstallShield\UpdateService\issch .exe
c:\program files\Common Files\InstallShield\UpdateService\isuspm .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\GIGABYTE\GBTUpd\prerun .exe
c:\program files\SUPERAntiSpyware\superantispyware .exe
c:\program files\Symantec AntiVirus\vptray .exe
c:\windows\RaidTool\xinside .exe
</pre>

((((((((((((((((((((((((((((( SnapShot_2010-02-02_03.15.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-02 05:41 . 2010-02-02 05:41 16384 c:\windows\temp\Perflib_Perfdata_574.dat
+ 2010-02-02 05:41 . 2010-02-02 05:41 16384 c:\windows\temp\Perflib_Perfdata_374.dat
+ 2009-03-16 17:45 . 2010-02-02 05:43 39424 c:\windows\RaidTool\xinside.exe
- 2009-03-16 17:45 . 2010-02-02 03:16 39424 c:\windows\RaidTool\xinside.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe -inv:bootrun" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-02 39424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2010-02-02 39424]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2010-02-02 39424]
"GBTUpd"="c:\program files\gigabyte\gbtupd\PreRun.exe" [2010-02-02 39424]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2010-02-02 39424]
"AlcWzrd"="ALCWZRD.EXE" [2010-02-02 39424]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-02-02 39424]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2010-02-02 39424]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-02-02 39424]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2010-02-02 39424]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"Vnirucucaqiqe"="c:\windows\egujofuloh.dll" [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB600N\WUSB600N.exe [2008-1-9 6922240]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\resources\Themes\EXE\RONIZ.PO.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\kjcx0\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\JC\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Documents and Settings\\JC\\Application Data\\Octoshape\\Octoshape Streaming Services\\OctoshapeClient.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [3/16/2009 12:40 PM 68136]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/4/2009 7:00 PM 102448]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [1/11/2010 10:48 PM 12672]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp --> c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [12/14/2007 5:04 PM 551680]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/24/2006 6:32 PM 116416]
.
Contents of the 'Scheduled Tasks' folder

2010-01-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\Firefox\Profiles\7ualz6w7.default\extensions\[email protected]\plugins\npDyyno.dll
FF - plugin: c:\documents and settings\JC\Application Data\Mozilla\plugins\npoctoshape.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 00:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JC\LOCALS~1\Temp\YTC541.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(984)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-02-02 00:48:53
ComboFix-quarantined-files.txt 2010-02-02 05:48
ComboFix2.txt 2010-02-02 04:50
ComboFix3.txt 2010-02-02 03:18
ComboFix4.txt 2010-01-20 07:52
ComboFix5.txt 2010-02-02 05:43

Pre-Run: 358,275,375,104 bytes free
Post-Run: 358,239,948,800 bytes free

- - End Of File - - F7F9AA7390CD1973B809B2F21E6E1966
 
File/Folder :files not found.
File move failed. c:\windows\Tasks\*.job scheduled to be moved on reboot.

Created on 02/02/2010 00:53:37
 
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:05:12 AM, on 2/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
c:\program files\gigabyte\gbtupd\GBTUpd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vnirucucaqiqe] rundll32.exe "C:\WINDOWS\egujofuloh.dll",Startup
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: app_dll.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6668 bytes

I don't think its gone though. when I ran malwarebytes it had the same 3 and asks to restart my computer. When I do, and run it again, its there again. And I still have that random white box on the bottom right screen with a tiny little red x on the top left of the white box. But its not that big a of a problem.
 
I ran maleware and spyware. Found all sorts of stuff. Heres a fresh log of hijackthis after those 2 scans.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:09:39 PM, on 2/2/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\World of Warcraft\Launcher.exe
C:\Program Files\World of Warcraft\WoW-3.3.0.11159-to-3.3.2.11403-enUS-downloader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GBTUpd] c:\program files\gigabyte\gbtupd\PreRun.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Vnirucucaqiqe] rundll32.exe "C:\WINDOWS\egujofuloh.dll",Startup
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\JC\Application Data\Octoshape\Octoshape Streaming Services\octoshapeclient .exe" -inv:bootrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [taskmandb.exe] C:\DOCUME~1\JC\LOCALS~1\Temp\taskmandb.exe
O4 - Startup: V CAST Media Monitor.lnk = C:\Program Files\V CAST Media Manager\MEMonitor.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: app_dll.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 6683 bytes
 
You must log in or register to reply here.
Back
Top