I THINK I've got the UAC RootKit (maybe others too) killed but I've still got issues... issues I never had before.
Finally got Norton 360 installed, updated and run. After a full system scan last night, 360 showed it found 2 copies of 'Suspicious MH690.A' in a System Restore file and quarantined them. Still I'm getting browser re-directs.
+ 126.96.36.199 is one of the re-direct IP's (I think)
I'm not sure if there's a keystroke logger involved but I'm REALLY afraid to log into my server using Remote Desktop (or anything else for that matter) until I know I've killed everything.
Until today, I wasn't able to get HiJackThis to even run but I downloaded a fresh copy and got it to run... the HiJackThis.log is attached.
I used GMER, Malwarebytes, Avenger, and a couple of others to help identify the RootKit and get files / reg entries deleted.
Also, I tried to run ComboFix but canceled it each time - I couldn't seem to kill all of the Norton 360 / Symantec files running in the background so I was apprehensive about risking an HD crash.
I'd really appreciate any help getting my system clean...