0

Hi All - Need some help if possible.

What i've done so far...

1. Downloaded and have RUN AFT-Cleaner
2. Downloaded and have RUN Malwarebytes (will post log below)
3. Ran the EST online scanner (will attach screenshot of results)

Have also
1. disabled System Restore
2. gone through add/remove programs to ensure no unknown apps

Malwarebyte Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1585
Windows 5.1.2600 Service Pack 2

12/31/2008 1:23:12 PM
mbam-log-2008-12-31 (13-23-12).txt

Scan type: Full Scan (C:\|D:\|S:\|X:\|)
Objects scanned: 527700
Time elapsed: 56 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 17

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hejitavo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jarugede.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\lojaloke.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65940327-f4c6-4b9a-ad8a-3456d6272b1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{65940327-f4c6-4b9a-ad8a-3456d6272b1a} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\derazusame (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\e472ab28 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme74198b4 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\hejitavo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hejitavo.dll

It seems as though this damn thing gets cleaned up, but upon reboot it mutates as something else... Just cant just get to the source it seems...

I can also post HJT log if necessary.

Thanks in advance!
Brian

Attachments est_log.jpg 66.81 KB
4
Contributors
5
Replies
7
Views
8 Years
Discussion Span
Last Post by crunchie
0

3. Ran the EST online scanner (will attach screenshot of results)

You need to have the ESET Scanner clean those items and then save the log and post that here. Two of those files found by ESET are .tmp files and should have been removed by AFT Cleaner
We definitely need a HJT log.
I would have preferred that you NOT have turned off System Restore. You generally would not be re-infected by something in System Restore AND if one of these programs should make changes you would need to undo...even if that meant re-introducing the infection...you will have no restore points.
Turn it back on please until directed to turn it off to set a new clean restore point.
Judy

0

Here's the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:22 PM, on 1/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AccessManager\Client\AMBroker.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\AMO40\CWS\PAgent\capmuamagt.exe
C:\Program Files\CA\SC\CAM\bin\cam.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
c:\oracle\products\9i\bin\agntsrvc.exe
c:\oracle\products\9i\BIN\TNSLSNR.exe
C:\WINDOWS\system32\cmd.exe
c:\oracle\products\9i\bin\dbsnmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\AccessManager\Client\AccessMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\CA\DSM\bin\cfSysTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Documents and Settings\SMIBR13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\SMIBR13\Application Data\Mikogo\Mikogo-Host.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\BO\BusinessObjects Enterprise 11.5\win32_x86\procLov.exe
C:\Program Files\CA\DSM\bin\caf.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dropbox\Dropbox.exe
C:\Program Files\CA\DSM\Bin\cfsmsmd.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\CA\DSM\Bin\ccnfagent.exe
C:\Program Files\CA\DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\DSM\Bin\rcHost.exe
C:\Program Files\CA\DSM\Bin\amswmagt.exe
C:\Program Files\CA\DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\DSM\Bin\cfftplugin.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Symantec\Ghost\bin\rteng9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\PROGRA~1\MICROS~2\LIVEME~1\Addins\LMCAPI.exe
C:\Program Files\Notepad++\notepad++.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe
C:\jdk1.5.0_16\bin\java.exe
C:\WINDOWS\Explorer.EXE
C:\My Documents\Downloads\imabunny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://canet.ca.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by CA
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: bcs01
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {D48DA098-42EA-41E0-A32A-EAC3AA52A210} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AccessManager] C:\Program Files\AccessManager\Client\AccessMgr.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] C:\Program Files\CA\DSM\\bin\cfSysTray.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program Files\CA\DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SMIBR13\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Mikogo] "C:\Documents and Settings\SMIBR13\Application Data\Mikogo\Mikogo-Host.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [derazusame] Rundll32.exe "C:\WINDOWS\system32\jarugede.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [derazusame] Rundll32.exe "C:\WINDOWS\system32\jarugede.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: SalesForce - {2A427663-00F1-4EE4-A3B6-7F84A024CBB3} - http://salesforce.ca.com (file missing) (HKCU)
O9 - Extra button: Helpdesk - {D4F74464-9448-4D88-B72E-07EA6EC1E14A} - http://helpdesk.ca.com/count.html (file missing) (HKCU)
O9 - Extra button: CA Portal - {D9F8785B-2C42-41B4-98FE-75E11B7460C6} - http://caportal.ca.com (file missing) (HKCU)
O9 - Extra button: Leader - {DA2EB6A6-5DA2-4C9A-BC25-2D4799669C1A} - HTTP://leaderboard.ca.com (file missing) (HKCU)
O9 - Extra button: CKM - {E367B557-5D51-425D-B0EA-DC40E26990BB} - http://km.ca.com (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://canet.ca.com
O15 - Trusted Zone: http://hrreports.ca.com
O15 - Trusted Zone: http://hrreportsft.ca.com
O15 - Trusted Zone: http://insight.ca.com
O15 - Trusted Zone: http://insightft.ca.com
O15 - Trusted Zone: http://mrm.ca.com
O15 - Trusted Zone: http://supportreports.ca.com
O15 - Trusted Zone: http://usilws19.ca.com
O15 - Trusted Zone: http://*.insight
O15 - Trusted Zone: http://*.insightft
O15 - Trusted Zone: http://*.mrm
O15 - Trusted Zone: http://*.supportreports
O15 - Trusted Zone: http://*.usilws19
O15 - Trusted Zone: http://hrreports.ca.com (HKLM)
O15 - Trusted Zone: http://hrreportsft.ca.com (HKLM)
O15 - Trusted Zone: http://insight.ca.com (HKLM)
O15 - Trusted Zone: http://insightft.ca.com (HKLM)
O15 - Trusted Zone: http://mrm.ca.com (HKLM)
O15 - Trusted Zone: http://supportreports.ca.com (HKLM)
O15 - Trusted Zone: http://usilws19.ca.com (HKLM)
O15 - Trusted Zone: http://*.insight (HKLM)
O15 - Trusted Zone: http://*.insightft (HKLM)
O15 - Trusted Zone: http://*.mrm (HKLM)
O15 - Trusted Zone: http://*.supportreports (HKLM)
O15 - Trusted Zone: http://*.usilws19 (HKLM)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ca.com
O17 - HKLM\Software\..\Telephony: DomainName = ca.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL xfrbnu.dll hsqfpf.dll C:\WINDOWS\system32\jadelamo.dll c:\windows\system32\fabokenu.dll
O20 - Winlogon Notify: CAF - C:\Program Files\CA\DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: rcHostExt - C:\Program Files\CA\DSM\Bin\rcLoginExt.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Access Manager Configuration Service (AMBroker) - MCI, Inc. - C:\Program Files\AccessManager\Client\AMBroker.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B-Service - Unknown owner - C:\Documents and Settings\SMIBR13\Application Data\Mikogo\B-Service.exe
O23 - Service: Central Management Server (BOBJCentralMS) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\CMS.exe
O23 - Service: Report Application Server (BOBJCrystalReportApplicationServer) - Business Objects - C:\BO\common\3.5\bin\crystalras.exe
O23 - Service: Crystal Reports Cache Server (BOBJCrystalReportsCacheServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\cacheserver.exe
O23 - Service: Crystal Reports Page Server (BOBJCrystalReportspageserver) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\pageserver.exe
O23 - Service: Connection Server (BOBJCS) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\ConnectionServer.exe
O23 - Service: Desktop Intelligence Cache Server (BOBJDesktopIntelligenceCacheServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\fccache.exe
O23 - Service: Desktop Intelligence Report Server (BOBJDesktopIntelligenceReportServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\fcproc.exe
O23 - Service: Destination Job Server (BOBJDestinationServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\procdest.exe
O23 - Service: Event Server (BOBJEventServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\EventServer.exe
O23 - Service: Input File Repository Server (BOBJInputFileServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\inputfileserver.exe
O23 - Service: Desktop Intelligence Job Server (BOBJJobServer_DesktopIntelligence) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\JobServerFullClient.exe
O23 - Service: Crystal Reports Job Server (BOBJJobServer_Report) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\JobServer.exe
O23 - Service: Output File Repository Server (BOBJOutputFileServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\outputfileserver.exe
O23 - Service: List of Values Job Server (BOBJProcessServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\procLov.exe
O23 - Service: Program Job Server (BOBJProgramServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\ProgramServer.exe
O23 - Service: Apache Tomcat 5.0.27 (BOBJTomcat) - Apache Software Foundation - C:\BO\Tomcat\bin\tomcat5.exe
O23 - Service: Web Intelligence Job Server (BOBJWebiServer) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\procWebi.exe
O23 - Service: Web Intelligence Report Server (BOBJWIRS) - Business Objects - C:\BO\BusinessObjects Enterprise 11.5\win32_x86\WIReportServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA Unicenter NSM Systems Performance Agent for UAM - Unknown owner - C:\WINDOWS\AMO40\CWS\PAgent\capmuamagt.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SC\CAM\bin\cam.exe
O23 - Service: CA DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\DSM\bin\caf.exe
O23 - Service: Visual Insight DA Plugin (DAPlugin) - MCI, Inc. - C:\Program Files\AccessManager\Client\DAPlugin.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM WebSphere Application Server V6.1 - smibr13aNode01 (IBMWAS61Service - smibr13aNode01) - Unknown owner - C:\Program Files\IBM\WebSphere\AppServer\bin\wasservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\PowerToys\ImapiHelper.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Microsoft Update Service Helper (msupdsvc) - Unknown owner - C:\WINDOWS\system32\msupdsvc32.exe (file missing)
O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Niku Background Server - Unknown owner - C:\niku\clarity\bin\nikubgcmd.exe
O23 - Service: Niku Background Server - WAS - Alexandria Software Consulting - C:\nikuwas\clarity\bin\nikubgservice.exe
O23 - Service: Niku Beacon - Unknown owner - C:\niku\Clarity\bin\nikubeaconservice.exe (file missing)
O23 - Service: Niku Beacon - WAS - Alexandria Software Consulting - C:\nikuwas\clarity\bin\nikubeaconservice.exe
O23 - Service: Niku Server - Unknown owner - C:\niku\clarity\bin\nikuappcmd.exe
O23 - Service: Niku System Admin Server - Unknown owner - C:\niku\clarity\bin\nikunsacmd.exe (file missing)
O23 - Service: NobleNet Portmapper for TCP - Unknown owner - C:\niku\Actuate7\Server/bin/portserv.exe (file missing)
O23 - Service: OracleOraDb10g_home1TNSListenerMITRE - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe (file missing)
O23 - Service: OracleOraDb9iAgent - Oracle Corporation - c:\oracle\products\9i\bin\agntsrvc.exe
O23 - Service: OracleOraDb9iClientCache - Unknown owner - c:\oracle\products\9i\BIN\ONRSD.EXE
O23 - Service: OracleOraDb9iSNMPPeerEncapsulator - Unknown owner - c:\oracle\products\9i\BIN\ENCSVC.EXE
O23 - Service: OracleOraDb9iSNMPPeerMasterAgent - Unknown owner - c:\oracle\products\9i\BIN\AGNTSVC.EXE
O23 - Service: OracleOraDb9iTNSListenerCLARITY - Unknown owner - c:\oracle\products\9i\BIN\TNSLSNR.exe
O23 - Service: OracleServiceCLARITY - Oracle Corporation - c:\oracle\products\9i\bin\ORACLE.EXE
O23 - Service: OracleServiceMITRE - Unknown owner - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE (file missing)
O23 - Service: OracleServiceNIKUWAS - Oracle Corporation - c:\oracle\products\9i\bin\ORACLE.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SlingAgent Service (SlingAgentService) - Sling Media Inc. - C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: SP Software Installer - Smartpipes, Inc. - C:\Program Files\AccessManager\PMAC\sp_SWIns.exe
O23 - Service: Visual Insight Dial Analysis (sp_spi_da) - Smartpipes, Inc. - C:\Program Files\AccessManager\SMOC\spi_da.exe
O23 - Service: SSA Integration Manager (Sygman) - MCI, Inc. - C:\Program Files\AccessManager\Client\sygman.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe
O23 - Service: Actuate Process Management Daemon 7 (__AC_PROCESS_MGMT_DAEMON7) - Unknown owner - C:\niku\Actuate7\Server\bin\pmd7.exe (file missing)

--
End of file - 22641 bytes

0

The first thing I notice in your HJT log is that you are running two anti-virus programs, eTrust and Norton. This is an absolute NO-NO. The RULE is ONE anti-virus program running on a computer. One of these must be totally Uninstalled Immediately.
The second thing...did you personally add all of these Trusted Sites? I have tried them all and none of them can be found. I you personally did not add these then they should be fixed using HiJackThis.
You are running an extraordinarily large number of programs at once.
There are a large a number of programs I have never seen before and ones I cannot find information about, except google searches which come up with malware forums noting the same programs. But since I cannot find information on the majority of them I am at a loss to tell you what to stop.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.