Hello, I'm having an issue with a redirector that I just can't get cleared. I've already run Malewarebytes, Ad-Aware, and Spybot to search and remove the issues but nothing has worked to clear the problem. I've also run Trendmicro Anti-Virus to scan but it stopped finding anything. Here is a copy of the HJT log. Thank you in advance for any and all help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:22, on 2/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http//:www.google.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: OpenOffice.org 1.1.4.lnk = C:\Program Files\OpenOffice.org1.1.4\program\quickstart.exe
O4 - Global Startup: 20-20 Shortcut Bar.lnk = C:\2020V61\Mswin\60\SCBar.Exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.activation.rr.com/install/download/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {07070BFD-C501-4899-934D-0B96A9F70795} (Siebel Option Pack for IE 7.5.3) - http://zbnalpws001.na.webmd.net/callcenter_enu/16157/applets/SiebelOptionPack.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/qtinstall.info.apple.com/pthalo/us/win/QuickTimeFullInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191950735839
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe

--
End of file - 8038 bytes

hi,

Update Malwarebytes, do a full scan and post the log:

Start MBAM and check fo and download any updates

* select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click **Remove Selected.**
*A restart may be required to finish the clean up process*
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

please post the MBAM log in reply

Here is the log after I ran MBAM. Thank you for any help.

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 2

2/13/2009 12:49:19 PM
mbam-log-2009-02-13 (12-49-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 255180
Time elapsed: 1 hour(s), 47 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Administrator\My Documents\noiseninja21_3019.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINNT\system32\msqpdxbolnifwn.dll (Trojan.Agent) -> Delete on reboot.
C:\WINNT\system32\drivers\msqpdxrfixolsj.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Quarantined and deleted successfully.

hi,

ok thanks for the info. We will get one more download to use. Its called combofix. there is a guide to read first. Read through the guide, save to desktop, disable AV and antimalware, double click the icon and follow the prompts. The guide will explain it all.

the guide:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Here is the log after running ComboFix. Thank you for all your help.

ComboFix 09-02-15.01 - Administrator 2009-02-17 15:17:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.268 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\search.html
c:\winnt\Downloaded Program Files\33.exe
c:\winnt\patch.exe
c:\winnt\system32\404Fix.exe
c:\winnt\system32\addia.dll
c:\winnt\system32\addwq32.dll
c:\winnt\system32\Agent.OMZ.Fix.exe
c:\winnt\system32\apioq.dll
c:\winnt\system32\appdb32.dll
c:\winnt\system32\appnc32.dll
c:\winnt\system32\atlag32.dll
c:\winnt\system32\atlbb32.dll
c:\winnt\system32\crez32.dll
c:\winnt\system32\crth.dll
c:\winnt\system32\crwj.dll
c:\winnt\system32\dumphive.exe
c:\winnt\system32\fxcic.dll
c:\winnt\system32\IEDFix.C.exe
c:\winnt\system32\IEDFix.exe
c:\winnt\system32\ieyf32.dll
c:\winnt\system32\iphu.dll
c:\winnt\system32\mdm.exe
c:\winnt\system32\mscy.dll
c:\winnt\system32\msjk.dll
c:\winnt\system32\ntbr.dll
c:\winnt\system32\ntye32.dll
c:\winnt\system32\ntyn32.dll
c:\winnt\system32\o4Patch.exe
c:\winnt\system32\Process.exe
c:\winnt\system32\SrchSTS.exe
c:\winnt\system32\syskx32.dll
c:\winnt\system32\systd32.dll
c:\winnt\system32\tmp.reg
c:\winnt\system32\ummqo.dat
c:\winnt\system32\vabcj.dat
c:\winnt\system32\VACFix.exe
c:\winnt\system32\VCCLSID.exe
c:\winnt\system32\WS2Fix.exe
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_IAS


((((((((((((((((((((((((( Files Created from 2009-01-17 to 2009-02-17 )))))))))))))))))))))))))))))))
.

2009-02-02 11:23 . 2009-02-02 11:23 <DIR> d-------- c:\program files\ERUNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-17 20:21 --------- d-----w c:\program files\OpenOffice.org1.1.4
2009-02-13 15:59 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-14 21:11 38,496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-01-13 19:24 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-01-13 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-12 23:44 --------- d-----w c:\program files\Lavasoft
2009-01-12 23:42 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-06 15:11 --------- d-----w c:\program files\Trend Micro
2008-12-31 13:50 --------- d-----w c:\program files\Java
2008-12-31 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-30 21:10 --------- d-----w c:\program files\Spybot - Search & Destroy
2005-11-22 00:42 784 ----a-w c:\documents and settings\Administrator\Application Data\mpauth.dat
2005-01-07 01:37 271 --sh--w c:\program files\desktop.ini
2005-01-07 01:37 21,952 ---ha-w c:\program files\folder.htt
2001-10-21 05:00 3,030 ----a-w c:\program files\rcsatokyle11.map
2005-02-10 21:18 56 --sh--r c:\winnt\system32\68EFABD40D.sys
2005-02-10 21:18 1,682 --sha-w c:\winnt\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"Zinio DLM"="c:\program files\Zinio\ZinioReader.exe" [2007-05-04 3756102]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-31 136600]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-12 335872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-07-14 180269]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Synchronization Manager"="mobsync.exe" [2004-08-04 c:\winnt\system32\mobsync.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\winnt\system32\Ati2mdxx.exe]
"PCTVOICE"="pctspk.exe" [2003-02-24 c:\winnt\system32\pctspk.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 214528]
"tscuninstall"="c:\winnt\system32\tscupgrd.exe" [2004-08-03 44544]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-11 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OpenOffice.org 1.1.4.lnk - c:\program files\OpenOffice.org1.1.4\program\quickstart.exe [2004-10-28 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
20-20 Shortcut Bar.lnk - c:\2020v61\Mswin\60\SCBar.Exe [2008-01-29 139264]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-06-11 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2005-01-15 1470296]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2005-01-27 795648]
Wireless-G Notebook Adapter with SpeedBooster Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe [2005-06-27 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.pcle"= ALIBCODE.DLL
"SENTINEL"= snti386.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 NICSer_WPC54GS;NICSer_WPC54GS;c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe [2005-06-27 455680]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [2005-01-06 66591]
.
Contents of the 'Scheduled Tasks' folder

2009-02-13 c:\winnt\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
SafeBoot-sglfb.sys
SafeBoot-tga.sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
DPF: {07070BFD-C501-4899-934D-0B96A9F70795} - hxxp://zbnalpws001.na.webmd.net/callcenter_enu/16157/applets/SiebelOptionPack.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z0r8th27.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 15:22:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:93,94,f8,41,a4,a7,e8,c1,c6,1b,5d,c1,68,87,25,3e,2e,2b,e4,b4,a1,
46,83,dd,ec,d2,bc,5f,6e,b9,ee,56,fd,61,1b,fc,58,88,21,f7,1c,17,78,86,6c,77,\
"rkeysecu"=hex:f3,51,b6,b8,11,1e,1d,60,c8,2d,95,47,61,b1,57,56
.
------------------------ Other Running Processes ------------------------
.
c:\winnt\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\wdfmgr.exe
c:\winnt\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54CFG.exe
.
**************************************************************************
.
Completion time: 2009-02-17 15:26:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-17 20:26:26

Pre-Run: 3,888,734,208 bytes free
Post-Run: 3,835,850,752 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

185 --- E O F --- 2007-10-12 08:26:04

hi,

Its been awhile.We will use combofix to remove a file:

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:



File::
c:\winnt\system32\68EFABD40D.sys


Name the Notepad file CFScript.txt and Save it to your desktop.
now locate the file you just saved and the combofix icon, both on your desktop
using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log
please post the new combofix log and a new hjt log.