Infected System Cleanup

After going thorough the Preparation Guide wanted to make sure the system is clear. The HJT log is showing up clear (at least I don't see anything alien in it). I also run ComboFix after completing the guide steps, this time it didn't remove anything just listed files and reg entries. There are files listed that I recognize should not be there, so I'm posting this log as well just to be sure I remove all alien remnants.

Also I removed all the restore points since Symantec kept finding viruses in the restore files, and after that I set a restore point so I would have a good one.

Here is my initial post with previous logs in Misplaced HJT Logs section.

This is the last HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:07 PM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204828051046
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GoToAssist Express Customer - Unknown owner - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 9936 bytes

This is my last ComboFix log:

ComboFix 08-03-07.3 - Mark M 2008-03-08 13:17:46.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.158 [GMT -6:00]
Running from: C:\Documents and Settings\Mark M\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-02-08 to 2008-03-08  )))))))))))))))))))))))))))))))
.

2008-03-07 21:57 . 2008-03-07 21:57	<DIR>	d--------	C:\WINDOWS\LastGood
2008-03-07 21:57 . 2008-03-07 22:32	<DIR>	d--------	C:\WINDOWS\BDOSCAN8
2008-03-07 21:51 . 2007-08-01 22:47	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-07 21:17 . 2008-03-07 21:51	<DIR>	d--------	C:\Documents and Settings\Mark M\.housecall6.6
2008-03-07 20:08 . 2008-03-07 20:08	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-03-07 20:08 . 2008-03-07 21:15	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-06 17:06 . 2008-03-06 17:11	30	--a------	C:\WINDOWS\system32\tiimjnst.xml
2008-03-06 14:34 . 2008-03-06 14:34	444	--a------	C:\WINDOWS\system32\d3d8caps.dat
2008-03-06 14:06 . 2008-03-06 13:56	2,825,842	--a------	C:\WINDOWS\system32\hcxqtods.xml
2008-03-06 14:00 . 2008-03-06 13:56	2,825,842	--a------	C:\WINDOWS\system32\zayhuegq.xml
2008-03-06 11:44 . 2008-03-06 11:40	2,825,842	--a------	C:\WINDOWS\system32\dqicunxm.xml
2008-03-06 11:29 . 2008-03-06 11:29	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-03-06 11:29 . 2008-03-06 11:29	<DIR>	d--------	C:\Documents and Settings\Mark M\Application Data\Malwarebytes
2008-03-06 11:29 . 2008-03-06 11:29	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-06 11:26 . 2008-03-06 11:26	<DIR>	d--------	C:\Program Files\Common Files\Download Manager
2008-03-06 11:03 . 2008-03-06 10:59	2,825,842	--a------	C:\WINDOWS\system32\ipzqrurp.xml
2008-03-06 08:14 . 2008-03-06 08:14	2,825,842	--a------	C:\WINDOWS\system32\oebisxyl.xml
2008-03-06 05:44 . 2008-03-06 05:38	2,825,842	--a------	C:\WINDOWS\system32\hdpmzvve.xml
2008-03-06 02:43 . 2008-03-07 16:20	27,579	--a------	C:\WINDOWS\system32\oodbs.lor
2008-03-06 01:30 . 2008-03-06 01:30	0	--a------	C:\WINDOWS\oodcnt.INI
2008-03-06 01:29 . 2008-03-06 05:46	<DIR>	d--------	C:\WINDOWS\system32\oodag
2008-03-06 01:28 . 2008-03-06 01:28	<DIR>	d--------	C:\Program Files\OO Software
2008-03-06 01:22 . 2008-03-06 01:20	2,825,842	--a------	C:\WINDOWS\system32\okktybxh.xml
2008-03-06 01:10 . 2008-03-06 08:44	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\GTek
2008-03-05 12:50 . 2008-03-05 12:46	2,825,842	--a------	C:\WINDOWS\system32\wtalqcge.xml
2008-03-05 12:49 . 2008-03-05 12:49	0	--a------	C:\WINDOWS\vpc32.INI
2008-03-05 11:43 . 2008-03-08 13:17	<DIR>	d--------	C:\tmp
2008-03-05 11:29 . 2008-03-06 01:26	<DIR>	d--------	C:\Temp\SAV
2008-03-05 11:29 . 2008-03-05 11:29	<DIR>	d--------	C:\Temp\O&O
2008-03-05 11:22 . 2008-03-08 13:14	<DIR>	d--------	C:\Program Files\Symantec AntiVirus
2008-03-05 10:03 . 2008-03-05 10:03	<DIR>	d--------	C:\Program Files\Citrix
2008-03-05 10:02 . 2008-03-05 10:02	65,848	--a------	C:\Documents and Settings\Mark M\g2ax_customer_downloadhelper_win32_x86.exe
2008-03-04 14:07 . 2008-03-04 14:04	2,825,825	--a------	C:\WINDOWS\system32\vihzacgp.xml
2008-03-04 11:55 . 2008-03-04 11:55	<DIR>	d--------	C:\Program Files\Windows Defender
2008-03-04 11:51 . 2008-03-04 11:51	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-03-04 11:15 . 2008-03-04 10:45	2,825,638	--a------	C:\WINDOWS\system32\uprxylnv.xml
2008-03-03 11:12 . 2008-03-03 11:12	1,158	--a------	C:\WINDOWS\mozver.dat
2008-03-01 16:35 . 2008-03-07 16:17	<DIR>	d--------	C:\Temp
2008-02-28 17:38 . 2008-02-28 17:38	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-02-28 17:38 . 2008-02-28 17:39	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-19 15:55 . 2008-02-19 15:55	<DIR>	d--------	C:\Program Files\Microsoft Research

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 23:26	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-06 07:23	---------	d-----w	C:\Program Files\Google
2008-03-05 17:41	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-05 17:40	---------	d-----w	C:\Program Files\Symantec
2008-03-05 17:23	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-28 23:39	---------	d-----w	C:\Program Files\Lavasoft
2008-02-28 23:39	---------	d-----w	C:\Documents and Settings\Mark M\Application Data\Lavasoft
2008-02-26 18:20	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Dell
2008-01-26 17:21	---------	d-----w	C:\Program Files\Dell Support Center
2008-01-26 17:21	---------	d-----w	C:\Program Files\Common Files\supportsoft
2008-01-26 17:21	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-25 20:55	3,350	-csha-w	C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-11 05:53	44,544	----a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 21:01	53,248	----a-w	C:\WINDOWS\bdoscandel.exe
2007-12-19 23:01	347,136	----a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51	179,584	------w	C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 17:32	12,632	----a-w	C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21	3,592,192	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-03-07_16.24.55.34   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-08 03:57:50	45,056	----a-w	C:\WINDOWS\BDOSCAN8\avxdisk.dll
+ 2008-03-08 03:57:50	10,240	----a-w	C:\WINDOWS\BDOSCAN8\avxs.dll
+ 2008-03-08 03:57:50	27,136	----a-w	C:\WINDOWS\BDOSCAN8\avxt.dll
+ 2008-03-08 03:58:00	181,760	----a-w	C:\WINDOWS\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48	118,784	----a-w	C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48	53,248	----a-w	C:\WINDOWS\BDOSCAN8\ipsupd.dll
+ 2008-03-08 03:58:02	142,848	----a-w	C:\WINDOWS\BDOSCAN8\libfn.dll
+ 2008-03-08 03:57:53	86,016	----a-w	C:\WINDOWS\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48	118,784	----a-w	C:\WINDOWS\Downloaded Program Files\bdupd.dll
+ 2007-09-21 21:53:44	385,536	----a-w	C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
+ 2008-01-09 21:01:48	53,248	----a-w	C:\WINDOWS\Downloaded Program Files\ipsupd.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-08 10:19 67128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 17:48 32881]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 16:19 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 01:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 10:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 10:44 81920]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"InstantAccess"="C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.exe" [1998-12-10 12:57 37376]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 08:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 08:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 08:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-24 10:49 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-11-16 12:14 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 18:08 106496]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"RegisterDropHandler"="C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE" [1998-12-10 11:33 23040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 16:38 39264]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-03-08 10:19:46 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll 2008-03-05 10:02 45368 C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2001-11-02 10:50 24636 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 11:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 19:42 1404928 C:\Program Files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sprtsvc_dellsupportcenter"=2 (0x2)
"DSBrokerService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\winaw32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

S3 GoToAssist Express Customer;GoToAssist Express Customer;"C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe" Start=service []
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2002-11-08 03:50]
S3 pmxscan;USB ScanModule V5.1 Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S4 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 09:23]

*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-02-17 03:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-08 07:49:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 13:19:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\PROGRA~1\TEXTBR~1.0\Bin\TBMHOOK.dll
.
Completion time: 2008-03-08 13:20:09
ComboFix-quarantined-files.txt  2008-03-08 19:19:53
ComboFix2.txt  2008-03-07 22:25:12
.
2008-03-07 21:20:12	--- E O F ---

And now I'm able to access Windows updates on that PC, which I was unable to do before.

Thanks for your assistence,

Waldis

Attached File(s)

hijackthis_03_07_2008_B.log (9.7K)
Number of downloads: 2
ComboFix_03_08_2008.txt (13.44K)
Number of downloads: 2

BleepingComputer.com: Infected System Cleanup

Forum Guidelines