Is anyone familiar with the domain virtua.com.br?

My AVG email scanner seems to be periodically popping up telling me it is connecting to said server, every 30 minutes or so but I'm not entirely sure why. Is my machine being zombied?

Any suggestions to help me figure out what is going on would be very helpful.

Download HJT and post a log here.

http://www.pcguide.com/vb/showthread.php?t=60009

The hijack this log, as per your request, is attached.

HJT ran really fast, I was surprised. It doesn't look like there is a lot there.

Thanks!

please post it in reply posts, split it in two if needed, it is much easier to read that way.
HJT is a registry tool that helps the readers to recommend the proper tools.

Sure thing. Here it is, in it's entirety:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:48 AM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUserRegSetup?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8931 bytes

Sorry for the delay:

1)Please do the following:


Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) to your Desktop (it needs to be run from the Desktop). Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you.


Note:

Do not mouseclick Combofix's window while it is running. That may cause the program to stall...

Then:

2)How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here (http://www.besttechie.net/tools/mbam-setup.exe) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.[/QUOTE]

Then:

Re-boot the system
Post the Combofix Log
Post the MBAM lof
Post a new HJT log
Tell us how the system is running.

combofix log:

ComboFix 08-07-19.1 - Dan 2008-07-19 19:53:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1972 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-17 19:36 . 2008-07-18 19:34 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-17 19:36 . 2008-07-17 19:36 <DIR> d-------- C:\Program Files\AVG
2008-07-17 19:36 . 2008-07-17 19:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-17 19:36 . 2008-07-17 19:36 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-17 19:36 . 2008-07-17 19:36 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-17 19:36 . 2008-07-17 19:36 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-16 00:52 . 2008-07-16 00:56 <DIR> d-------- C:\HJT
2008-07-15 23:07 . 2008-07-15 23:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 23:07 . 2007-11-27 22:51 35,216 --a------ C:\WINDOWS\system32\drivers\TMPassthru.sys
2008-07-14 21:56 . 2008-07-14 21:56 <DIR> d-------- C:\Program Files\iTunes
2008-07-14 21:56 . 2008-07-14 21:56 <DIR> d-------- C:\Program Files\iPod
2008-07-14 21:55 . 2008-07-14 21:56 <DIR> d-------- C:\Program Files\QuickTime
2008-07-11 00:15 . 2008-07-11 00:15 <DIR> d-------- C:\Program Files\zct
2008-07-11 00:15 . 2008-07-11 00:15 <DIR> d-------- C:\Program Files\retro_comp
2008-07-11 00:15 . 2008-07-11 00:15 <DIR> d-------- C:\Program Files\ggr
2008-07-06 19:37 . 2008-07-06 19:37 <DIR> d-------- C:\Program Files\busters
2008-06-30 22:56 . 2008-07-08 20:33 39 --a------ C:\WINDOWS\popcinfot.dat
2008-06-30 00:05 . 2008-06-30 00:05 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-06-30 00:05 . 2003-07-19 11:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-06-30 00:05 . 2005-01-03 02:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-06-27 21:57 . 2008-06-27 21:57 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-24 22:20 . 2008-06-24 22:20 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Ventrilo
2008-06-24 22:19 . 2008-06-24 22:19 <DIR> d-------- C:\Program Files\Ventrilo
2008-06-20 23:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-06-20 23:34 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-07-19 23:53 --------- d-----w C:\Documents and Settings\Dan\Application Data\Azureus
2008-07-19 00:36 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-07-18 23:34 --------- d-----w C:\Program Files\Steam
2008-07-18 23:33 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-07-16 03:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 03:00 --------- d-----w C:\Documents and Settings\Dan\Application Data\Apple Computer
2008-07-11 02:45 --------- d-----w C:\Documents and Settings\Dan\Application Data\dvdcss
2008-07-10 13:35 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-09 07:06 --------- d-----w C:\Documents and Settings\Dan\Application Data\DVD Flick
2008-07-09 07:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-07 00:50 --------- d-----w C:\Program Files\CDisplay
2008-07-05 06:13 --------- d-----w C:\Program Files\SpeedFan
2008-07-05 03:38 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2008-07-05 03:38 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-05 03:38 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-07-05 03:38 22,328 ----a-w C:\Documents and Settings\Dan\Application Data\PnkBstrK.sys
2008-07-05 03:38 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-07-05 01:08 --------- d-----w C:\Program Files\Azureus
2008-06-28 03:48 --------- d-----w C:\Program Files\Audiosurf
2008-06-25 02:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 02:47 --------- d-----w C:\Program Files\Sierra
2008-06-16 03:25 --------- d-----w C:\Documents and Settings\Dan\Application Data\KALiNKOsoft
2008-06-14 15:16 --------- d-----w C:\Documents and Settings\Dan\Application Data\Ubisoft
2008-06-14 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:34 --------- d-----w C:\Program Files\World Of Warcraft
2008-06-09 01:38 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-09 01:36 --------- d-----w C:\Program Files\AGEIA Technologies
2008-06-09 01:32 --------- d-----w C:\Documents and Settings\Dan\Application Data\Leadertech
2008-06-09 01:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-06-09 01:05 --------- d-----w C:\Program Files\MagicISO
2008-06-09 01:02 --------- d--h--r C:\Documents and Settings\Dan\Application Data\SecuROM
2008-06-09 00:55 --------- d-----w C:\Program Files\Electronic Arts
2008-06-07 04:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-02 05:18 --------- d-----w C:\Documents and Settings\Dan\Application Data\InfraRecorder
2008-06-02 03:55 --------- d-----w C:\Program Files\Java
2008-06-02 03:54 --------- d-----w C:\Program Files\Common Files\Java
2008-05-31 03:30 --------- d-----w C:\Documents and Settings\Dan\Application Data\ImgBurn
2008-05-31 01:20 --------- d-----w C:\Program Files\Common Files\Nero
2008-05-31 01:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-05-31 01:13 --------- d-----w C:\Program Files\InfraRecorder
2008-05-31 00:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-31 00:00 --------- d-----w C:\Program Files\DVD Flick
2008-05-27 03:39 --------- d-----w C:\Program Files\WoW Private Server
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2004-07-02 17:19 40,960 ----a-w C:\WINDOWS\inf\WG311v2\imdinst.exe
2004-06-18 04:41 386,688 ----a-w C:\WINDOWS\inf\WG311v2\netwg311_XP.sys
2004-04-04 18:07 84,912 ----a-w C:\WINDOWS\inf\WG311v2\FwRad17.bin
2004-04-04 18:07 83,320 ----a-w C:\WINDOWS\inf\WG311v2\FwRad16.bin
2004-02-04 17:53 62,865 ----a-w C:\WINDOWS\inf\WG311v2\odysseyIM3.sys
2004-02-04 17:53 12,739 ----a-w C:\WINDOWS\inf\WG311v2\odNetInstall.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 19:09 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-31 00:20 1271032]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51 172032]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50 204800]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 17:44 66680]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 16:18 124128]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-24 19:52 13524992]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-24 19:52 86016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-17 19:36 1232152]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 18:30 16855552 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-03-24 19:52 1626112 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v2 Smart Configuration.lnk - C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe [2004-10-14 13:32:18 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

combofix log part 2

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\World Of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steamapps\\ddepuy632\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"C:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 nvgts;nvgts;C:\WINDOWS\system32\DRIVERS\nvgts.sys [2007-08-09 06:11]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-17 19:36]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-17 19:36]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-17 19:36]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-17 19:36]
R2 RUBotted;Trend Micro RUBotted Service;C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 00:18]
R3 TMPassthruMP;TMPassthruMP;C:\WINDOWS\system32\DRIV ERS\TMPassthru.sys [2007-11-27 22:51]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []

MBAM log

Malwarebytes' Anti-Malware 1.21
Database version: 967
Windows 5.1.2600 Service Pack 2

8:01:03 PM 7/19/2008
mbam-log-7-19-2008 (20-01-03).txt

Scan type: Quick Scan
Objects scanned: 39706
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:28 PM, on 7/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUserRegSetup?clid=1033
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 8288 bytes

The system is running just fine, but that isn't the issue. It was running fine from the get go. What I am trying to find out here is whether I have a botnet to worry about, which I won't know for sure until I let the machine run with Vuze open for a while. I will post back tomorrow and let you know.

It looks like everything is just fine now. Can anyone point out to me what running these apps actually did? Combofix seems like it works on a very low level, it kind of takes over the whole OS. Did it remove an app that was allowing the botnetting to continue?

MBAM didn't seem to actually DO anything; and from what I can tell HJT just tells you what you're dealing with but doesn't try to change or remove anything.

MBAM and Combofix are pretty potent removal tools...they may have a little overlap, but they each, primarily attack different things.

HJT is diagnostics, primarily, although it can remove things you tell it to.