Trojan Vundo that won't go away

[big_red01027]

I've used MBAM and VundoFix on this, but they haven't worked. Also, when I tried to boot my computer into Safe Mode with networking, it wouldn't do it properly.

MBAM Log:

Malwarebytes' Anti-Malware 1.41

Database version: 3123

Windows 5.1.2600 Service Pack 2

11/8/2009 2:02:06 PM

mbam-log-2009-11-08 (14-02-06).txt

Scan type: Quick Scan

Objects scanned: 113246

Time elapsed: 10 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 3

Registry Keys Infected: 1

Registry Values Infected: 3

Registry Data Items Infected: 3

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\SYSTEM32\dukeyiwa.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\reguligu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\vafubamu.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{973ed5a4-4b2e-4d66-a5bc-f4a11bebfbf2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yamuwuyov (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{973ed5a4-4b2e-4d66-a5bc-f4a11bebfbf2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\vapuliyon (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\dukeyiwa.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\dukeyiwa.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\SYSTEM32\dukeyiwa.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\reguligu.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\vafubamu.dll (Trojan.Vundo) -> Delete on reboot.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:02:39 PM, on 11/8/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O1 - Hosts: ::1 localhost

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [yamuwuyov] Rundll32.exe "c:\windows\system32\dukeyiwa.dll",a

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136039821859

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O20 - AppInit_DLLs: reguligu.dll c:\windows\system32\dukeyiwa.dll

O21 - SSODL: vapuliyon - {973ed5a4-4b2e-4d66-a5bc-f4a11bebfbf2} - c:\windows\system32\dukeyiwa.dll

O22 - SharedTaskScheduler: tokatiluy - {973ed5a4-4b2e-4d66-a5bc-f4a11bebfbf2} - c:\windows\system32\dukeyiwa.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 10712 bytes

Thank you for any help you can provide.

[deltalima]

Hi big_red01027,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  
• The fixes are specific to your problem and should only be used for this issue on this machine.
  
• Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  
• If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  
• It's often worth reading through these instructions and printing them for ease of reference.
  
• If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  
• Please reply to this thread. Do not start a new topic.
  
• All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.
  

Uninstall List

• Open HijackThis.
  
• Look under System tools.
  
• Click on the Open Uninstall Manager... button.
  
• Click on the Save list... button.
  
• It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  
• Notepad will open. Please copy and paste the contents of this log in your next reply.
  

[big_red01027]

Uninstall List:

Account Pro

Ad-Aware SE Personal

Adobe Acrobat Reader 3.01

Adobe Download Manager 2.0 (Remove Only)

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe PhotoDeluxe 2.0

Adobe Reader 7.0.8

Adobe Shockwave Player

Adobe Type Manager 4.0

Advanced Word Repair v1.1

AIM 6

AOL Coach Version 2.0(Build:20041026.5 en)

AOL Deskbar

AOL Instant Messenger

AOL You've Got Pictures Screensaver

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Bonjour

Broadcom Management Programs

Browser Hijack Blaster v1.0

Cablenut 4.08

CachePal Uninstall

Cakewalk Home Studio 2002

CCleaner

Cloudmark SafetyBar for Internet Explorer

Color Detector 1.0

Conexant D850 56K V.9x DFVc Modem

Dell Digital Jukebox Driver

Dell Media Experience

Dell ResourceCD

Dell Solution Center

Dell Support 5.0.0 (734)

Digital Line Detect

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

DreamStation DXi

DVD Decrypter (Remove Only)

EasyGPS

EPSON Printer Software

EZ Macros

FLV Player

FLV Player 2.0 (build 25)

Folder Lock

FreeUndelete

Get High Speed Internet!

HijackThis 2.0.2

Hotfix for Windows XP (KB926239)

Hoyle Casino 2010 (remove only)

Intel® Extreme Graphics Driver

Internet Explorer Default Page

IObit Security 360

iTunes

Jasc Paint Shop Pro 8 Dell Edition

Java 2 Runtime Environment, SE v1.4.2

Java 6 Update 17

Katawa Shoujo Act 1

Kazaa Lite K++ v2.4.1

K-Lite Codec Pack 4.4.5 (Full)

KODAK Camera Connection Software

KODAK Camera Connection Software Help

Kodak Memory Albums

KODAK Picture Software

KODAK Picture Transfer Software

Learn2 Player (Uninstall Only)

Malwarebytes' Anti-Malware

MeggieSoft Games Gin Rummy

Microsoft .NET Framework 1.1

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Data Access Components KB870669

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Office XP Professional with FrontPage

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

mIRC

Modem Helper

Monopoly Here & Now Edition

Mozilla Firefox (3.0.15)

MSVCRT

MUSICMATCH

[deltalima]

Hi big_red01027,

How to use combofix:

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it

[big_red01027]

When finished ComboFix will produce a log file, please post the log file and a new HijackThis log in your next reply.

ComboFix Log:

ComboFix 09-11-13.04 - Jesse Morales 11/12/2009 15:39.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.307 [GMT -6:00]

Running from: c:\documents and settings\Jesse Morales\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {B5510F6F-87E1-47F7-A411-360BC453007C}

FW: *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FW: Norton Internet Security *disabled* {825036E0-9F94-4752-8789-8B92454AF49B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\fcengine

c:\program files\wincmapp

c:\windows\system32\dekavoso.dll

c:\windows\system32\diligehe.dll

c:\windows\system32\dovinabu.dll

c:\windows\system32\dujoyuma.dll

c:\windows\system32\duzileru.dll

c:\windows\system32\gazizisa.dll.tmp

c:\windows\system32\herifolu.dll.tmp

c:\windows\system32\kegovahe.dll

c:\windows\system32\kivifivu.dll

c:\windows\system32\lorikuno.dll

c:\windows\system32\mafizowo.dll

c:\windows\system32\mapatawa.dll

c:\windows\system32\mopanihu.dll

c:\windows\system32\nekalaru.dll.tmp

c:\windows\system32\nezaroga.dll

c:\windows\system32\nihiwuga.dll.tmp

c:\windows\system32\piyodafu.dll

c:\windows\system32\poyudome.dll

c:\windows\system32\pugibevu.dll

c:\windows\system32\puwurase.dll

c:\windows\system32\tovebogi.dll.tmp

c:\windows\system32\turenugu.dll

c:\windows\system32\vepineto.dll

c:\windows\system32\vodademo.dll

c:\windows\system32\wizisili.dll.tmp

c:\windows\system32\yaruvita.dll

c:\windows\system32\yebidaza.dll

c:\windows\system32\yujobevu.dll

c:\windows\system32\zumidiba.dll.tmp

c:\windows\Tasks\pouwpotq.job

c:\windows\Tasks\silpfuxz.job

c:\windows\Tasks\sskqwdwf.job

E:\autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SVCPROC

((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))

.

2009-11-10 02:03 . 2009-11-10 02:03 152576 ----a-w- c:\documents and settings\Jesse Morales\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-08 07:11 . 2009-11-08 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-11-08 07:10 . 2009-11-08 07:10 -------- d-----w- c:\program files\IObit

2009-11-07 22:12 . 2009-11-07 22:12 -------- d-----w- C:\VundoFix Backups

2009-11-07 21:20 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-07 21:20 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-07 21:20 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-07 21:20 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-07 21:19 . 2009-11-07 21:19 -------- d-----w- c:\program files\Avira

2009-11-07 21:19 . 2009-11-07 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-11-07 21:04 . 2009-11-07 21:04 -------- d-----w- c:\program files\Trend Micro

2009-11-07 20:48 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 20:48 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 18:19 . 2009-11-07 18:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-07 18:14 . 2009-11-07 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-06 05:19 . 2009-11-06 05:19 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-06 05:17 . 2009-11-06 05:17 -------- d-----w- c:\windows\system32\cache32dsrf4535dfs

2009-11-06 05:17 . 2009-11-06 05:17 -------- d-----w- c:\program files\NoAdware3

2009-11-06 04:47 . 2009-11-06 05:17 -------- d-----w- c:\program files\Personal Guard 2009(2)

2009-11-06 04:34 . 2009-11-06 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2009-11-06 04:30 . 2009-11-06 05:17 -------- d-----w- c:\program files\STOPzilla!

2009-11-06 04:30 . 2009-11-06 04:30 -------- d-----w- c:\program files\Common Files\iS3

2009-11-06 04:29 . 2009-11-06 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-11-06 03:25 . 2009-11-06 05:17 -------- d-----w- c:\program files\Common Files\PC Tools

2009-10-29 04:57 . 2009-11-12 20:56 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\mIRC

2009-10-29 04:57 . 2009-11-12 20:55 -------- d-----w- c:\program files\mIRC

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-12 21:55 . 2007-11-29 08:48 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\Orbit

2009-11-10 19:36 . 2007-12-04 08:41 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\BitTorrent

2009-11-10 02:07 . 2004-07-12 16:43 -------- d-----w- c:\program files\Java

2009-11-08 06:05 . 2005-03-15 20:37 -------- d-----w- c:\program files\FAST Defrag

2009-11-08 02:09 . 2004-08-20 22:04 -------- d-----w- c:\program files\Messenger Plus! 3

2009-11-07 22:26 . 2007-05-14 19:31 -------- d-----w- c:\program files\Lavasoft

2009-11-07 20:58 . 2009-01-06 07:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-06 05:18 . 2005-08-07 17:21 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-06 05:18 . 2005-08-07 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-06 05:17 . 2005-10-12 18:27 -------- d-----w- c:\program files\Spyware Doctor

2009-11-06 05:17 . 2009-11-06 04:38 368 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg

2009-11-06 04:57 . 2009-11-06 05:14 177320 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat

2009-11-06 03:26 . 2009-11-06 03:26 691712 ----a-w- c:\windows\isRS-000.tmp

2009-11-04 05:32 . 2009-01-20 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

2009-10-28 07:22 . 2009-01-07 04:41 -------- d-----w- c:\program files\CCleaner

2009-10-11 10:17 . 2009-03-16 01:05 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-03 15:02 . 2009-03-18 22:24 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-02 17:07 . 2009-10-02 17:07 -------- d-----w- c:\program files\Microsoft

2009-09-16 21:06 . 2009-09-09 21:25 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\Hoyle

2009-09-16 18:16 . 2007-06-01 08:29 445 ----a-w- c:\windows\EntPack.dat

2009-09-16 09:54 . 2009-09-16 09:14 -------- d-----w- c:\program files\SpeedBit Video Downloader

2009-09-16 08:59 . 2009-09-16 08:59 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\GrabPro

2009-09-16 00:32 . 2007-11-29 08:48 -------- d-----w- c:\program files\Orbitdownloader

2009-08-26 02:11 . 2009-08-26 02:11 152576 ----a-w- c:\documents and settings\Jesse Morales\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-12 133104]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" [2009-11-07 1312080]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-06 1242384]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2007-11-29 1719568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk

backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TRACE! by Workshare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TRACE! by Workshare.lnk

backup=c:\windows\pss\TRACE! by Workshare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jesse Morales^Start Menu^Programs^Startup^WordWeb.lnk]

path=c:\documents and settings\Jesse Morales\Start Menu\Programs\Startup\WordWeb.lnk

backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jesse Morales^Start Menu^Programs^Startup^Xfire.lnk]

path=c:\documents and settings\Jesse Morales\Start Menu\Programs\Startup\Xfire.lnk

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SymWSC"=2 (0x2)

"SNDSrvc"=3 (0x3)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Jesse Morales\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [8/5/2004 1:43 PM 4064]

R2 PCLinkBridge;USB-USB Network Bridge;c:\windows\SYSTEM32\DRIVERS\Pro2000.sys [7/21/2004 8:26 PM 6566]

R3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\SYSTEM32\DRIVERS\NIC2000.SYS [7/21/2004 8:26 PM 5766]

S2 USB2000;USB-USB Network Bridge Driver;c:\windows\SYSTEM32\DRIVERS\usb2000.sys [7/21/2004 8:26 PM 12822]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR

*Deregistered* - mbr

.

Contents of the 'Scheduled Tasks' folder

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213666468-2620210946-2638669835-1007Core.job

- c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 05:48]

2009-11-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213666468-2620210946-2638669835-1007UA.job

- c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 05:48]

2009-11-12 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2006-01-27 16:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: lsac.org

Trusted Zone: microsoft.com\office

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

FF - ProfilePath - c:\documents and settings\Jesse Morales\Application Data\Mozilla\Firefox\Profiles\vsyyjp98.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=

FF - plugin: c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{6a16e7a0-1422-473d-bca3-1dd60bdee091} - dekavoso.dll

HKLM-Run-yamuwuyov - c:\windows\system32\vepineto.dll

HKLM-Run-varehizupa - dujoyuma.dll

SharedTaskScheduler-{c116def1-9c4f-4c23-8995-464b79ed7b05} - c:\windows\system32\vepineto.dll

SSODL-kepopayor-{c116def1-9c4f-4c23-8995-464b79ed7b05} - c:\windows\system32\vepineto.dll

SafeBoot-dfd.sys

AddRemove-WNW Dictionary & Thesaurus V1 - c:\program\Accent\WNW\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-12 15:55

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2628)

c:\windows\system32\msi.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\System32\DRIVERS\dcfssvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

c:\program files\Viewpoint\Common\ViewpointService.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-11-12 16:05 - machine was rebooted

ComboFix-quarantined-files.txt 2009-11-12 22:05

Pre-Run: 8,536,682,496 bytes free

Post-Run: 8,288,604,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 618BD5D0168D95A37C10667211FB0460

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:07:13 PM, on 11/12/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136039821859

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9777 bytes

[deltalima]

Hi big_red01027,

I see signs of Norton Antivirus and Firewall having been installed on this machine but not installed now. If Norton has been uninstalled then follow these instructions.

Norton Removal Tools

There are remnants of Norton Security products on your computer. Symantec did not remove everything as it should. This is a common problem.

1. Please go to Norton Removal Tools
   
2. Select the removal tool that corresponds to your installed Norton Product... Save it to your desktop.
   
3. Click the Norton Removal Tool, on your desktop, to begin the removal process.
   If using Vista, you must right click on the tool and choose "Run As Administrator".
   
4. Follow the prompts and instructions.
   

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Next

• Click Start, point to Settings, and then click Control Panel.
  
• In Control Panel, double-click Add or Remove Programs.
  
• In Add or Remove Programs,
  highlight Kazaa Lite K++ v2.4.1 ,
  highlight Registry Defender ,
  click Remove.
  
• Close the Add or Remove Programs and the Control Panel windows.
  

Now you need to show all files and folders

• Click Start.
  
• Open My Computer.
  
• Select the Tools menu and click Folder Options.
  
• Select the View Tab.
  
• Under the Hidden files and folders heading select Show hidden files and folders.
  
• Uncheck Hide file extensions for known file types* Uncheck the Hide protected operating system files (recommended) option.
  
• Click Apply to confirm.
  
• Click OK
  

Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete these folders (if present):

c:\windows\system32\cache32dsrf4535dfs

c:\program files\Personal Guard 2009(2)

c:\documents and settings\Jesse Morales\Application Data\BitTorrent

c:\program files\Messenger Plus! 3

Using Windows Explorer (to get there right-click your Start button and go to Explore), please delete these files (if present):

c:\windows\system32\drivers\kgpfr2.cfg

c:\windows\isRS-000.tmp

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   • Spyware, Adware, Dialers, and other potentially dangerous programs
     Archives
     
     

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply along with a fresh HijackThis log.

[big_red01027]

When can I revert the settings I changed in Tools -> Folder Options?

Kaspersky Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:05:54 PM, on 11/13/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136039821859

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9956 bytes

New HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:05:54 PM, on 11/13/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Cloudmark SafetyBar - {1FBCAFD1-7F43-4661-89CC-40E8DD7E8B64} - C:\Program Files\Cloudmark\SafetyBar\IE\IEAddin.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" /runcleanupscript

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra 'Tools' menuitem: CachePal - {5F4A4622-8370-440e-88CC-CA2256D1A08A} - C:\WINDOWS\System32\cachepal.exe

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136039821859

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\System32\DRIVERS\dcfssvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: ptssvc - Unknown owner - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 9956 bytes

[big_red01027]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, November 13, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Friday, November 13, 2009 21:39:14

Records in database: 3206238

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

Scan statistics:

Objects scanned: 71917

Threats found: 3

Infected objects found: 5

Suspicious objects found: 0

Scan duration: 02:29:10

File name / Threat / Threats count

C:\Program Files\AOL Toolbar\AOLToolbarSetup.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\Program Files\Common Files\aolback\Comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.d 1

C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.d 1

Selected area has been scanned.

Sorry about the double post; the Kaspersky log didn't paste in the previous one.

[deltalima]

Hi big_red01027,

ComboFix - CFScript

This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!

You will not have Internet access when you execute ComboFix. All open windows will need to be closed!

1. Please open Notepad and copy/paste all the text below... into the window:
   

   Registry::
   [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
   [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
   "EnableFirewall"= 1 (0x1)
   [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
   "c:\\Program Files\\BitTorrent\\bittorrent.exe"=-
   
   FILE:: 
   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe
   C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe

   
   

2. Save it to your desktop as CFScript.txt
   
3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
   *Only* when the 2 items above (Step 3) have been taken care of...
   
4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
   
   This will cause ComboFix to run again.
   Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
   Do Not touch your computer when ComboFix is running!
   
5. When finished ComboFix will create a log file... you can save this file to a convenient place.
   

Please copy/paste the ComboFix log file in your next reply.

** Enable your Antivirus and Firewall, before connecting to the Internet again! **

[big_red01027]

ComboFix Log:

ComboFix 09-11-16.01 - Jesse Morales 11/15/2009 13:19.2.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.638.447 [GMT -6:00]

Running from: c:\documents and settings\Jesse Morales\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Jesse Morales\Desktop\CFScript.txt

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::

"c:\windows\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe"

"c:\windows\Downloaded Program Files\UWFX5NetInstaller.exe"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Downloaded Program Files\CONFLICT.1\UWFX5NetInstaller.exe

c:\windows\Downloaded Program Files\UWFX5NetInstaller.exe

.

((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))

.

2009-11-15 06:28 . 2009-07-29 04:53 82432 ------w- c:\windows\system32\dllcache\fontsub.dll

2009-11-15 06:27 . 2009-06-10 06:32 132096 ------w- c:\windows\system32\dllcache\wkssvc.dll

2009-11-15 06:25 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-11-15 06:24 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe

2009-11-15 06:23 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll

2009-11-15 06:22 . 2009-07-10 13:42 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-11-15 06:21 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll

2009-11-15 06:19 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll

2009-11-15 06:15 . 2009-06-03 19:27 1290752 ------w- c:\windows\system32\dllcache\quartz.dll

2009-11-15 06:15 . 2009-04-15 15:11 584192 ------w- c:\windows\system32\dllcache\rpcrt4.dll

2009-11-15 06:14 . 2009-04-17 09:58 1846656 ------w- c:\windows\system32\dllcache\win32k.sys

2009-11-15 06:13 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll

2009-11-15 06:12 . 2009-02-03 20:08 55808 ------w- c:\windows\system32\dllcache\secur32.dll

2009-11-15 06:12 . 2009-03-21 14:18 986112 ------w- c:\windows\system32\dllcache\kernel32.dll

2009-11-15 06:12 . 2008-12-16 12:47 351232 ------w- c:\windows\system32\dllcache\winhttp.dll

2009-11-15 06:11 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll

2009-11-15 06:11 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll

2009-11-15 06:11 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll

2009-11-15 06:11 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll

2009-11-15 06:11 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll

2009-11-15 06:11 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll

2009-11-15 06:10 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll

2009-11-15 06:10 . 2009-02-06 16:54 35328 ------w- c:\windows\system32\dllcache\sc.exe

2009-11-15 06:10 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll

2009-11-15 06:07 . 2008-12-05 07:12 144896 ------w- c:\windows\system32\dllcache\schannel.dll

2009-11-15 06:07 . 2008-12-11 11:57 333184 ------w- c:\windows\system32\dllcache\srv.sys

2009-11-15 06:05 . 2008-10-23 13:01 283648 ------w- c:\windows\system32\dllcache\gdi32.dll

2009-11-15 06:04 . 2008-10-03 10:15 247326 ------w- c:\windows\system32\dllcache\strmdll.dll

2009-11-15 06:03 . 2008-10-24 11:10 453632 ------w- c:\windows\system32\dllcache\mrxsmb.sys

2009-11-15 06:03 . 2008-09-04 16:42 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll

2009-11-15 06:02 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll

2009-11-15 06:02 . 2008-07-07 20:32 253952 ------w- c:\windows\system32\dllcache\es.dll

2009-11-15 06:01 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll

2009-11-15 06:00 . 2008-04-11 18:50 683520 ------w- c:\windows\system32\dllcache\inetcomm.dll

2009-11-15 05:59 . 2007-12-18 14:40 450560 ------w- c:\windows\system32\dllcache\jscript.dll

2009-11-15 05:59 . 2007-12-18 14:40 417792 ------w- c:\windows\system32\dllcache\vbscript.dll

2009-11-15 05:58 . 2008-08-14 09:51 138368 ------w- c:\windows\system32\dllcache\afd.sys

2009-11-15 05:58 . 2008-06-20 10:45 360320 ------w- c:\windows\system32\dllcache\tcpip.sys

2009-11-15 05:58 . 2008-06-20 17:41 245248 ------w- c:\windows\system32\dllcache\mswsock.dll

2009-11-15 05:58 . 2006-08-16 11:58 100352 ------w- c:\windows\system32\dllcache\6to4svc.dll

2009-11-15 05:58 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys

2009-11-15 05:57 . 2008-05-08 12:28 202752 ------w- c:\windows\system32\dllcache\rmcast.sys

2009-11-15 00:48 . 2009-11-15 02:38 -------- d-----w- c:\documents and settings\Jesse Morales\Local Settings\Application Data\sygsme

2009-11-10 02:03 . 2009-11-10 02:03 152576 ----a-w- c:\documents and settings\Jesse Morales\Application Data\Sun\Java\jre1.6.0_17\lzma.dll

2009-11-08 07:11 . 2009-11-08 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2009-11-08 07:10 . 2009-11-08 07:10 -------- d-----w- c:\program files\IObit

2009-11-07 22:12 . 2009-11-07 22:12 -------- d-----w- C:\VundoFix Backups

2009-11-07 21:20 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-11-07 21:20 . 2009-03-30 16:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys

2009-11-07 21:20 . 2009-02-13 18:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2009-11-07 21:20 . 2009-02-13 18:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2009-11-07 21:19 . 2009-11-07 21:19 -------- d-----w- c:\program files\Avira

2009-11-07 21:19 . 2009-11-07 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2009-11-07 21:04 . 2009-11-07 21:04 -------- d-----w- c:\program files\Trend Micro

2009-11-07 20:48 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-11-07 20:48 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-11-07 18:19 . 2009-11-07 18:19 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2009-11-07 18:14 . 2009-11-07 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-11-06 05:19 . 2009-11-06 05:19 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-06 05:17 . 2009-11-06 05:17 -------- d-----w- c:\program files\NoAdware3

2009-11-06 04:34 . 2009-11-06 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard

2009-11-06 04:30 . 2009-11-06 05:17 -------- d-----w- c:\program files\STOPzilla!

2009-11-06 04:30 . 2009-11-06 04:30 -------- d-----w- c:\program files\Common Files\iS3

2009-11-06 04:29 . 2009-11-06 05:17 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2009-11-06 03:25 . 2009-11-06 05:17 -------- d-----w- c:\program files\Common Files\PC Tools

2009-10-29 04:57 . 2009-11-14 21:40 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\mIRC

2009-10-29 04:57 . 2009-11-14 21:39 -------- d-----w- c:\program files\mIRC

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-15 17:12 . 2007-11-29 08:48 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\Orbit

2009-11-10 02:07 . 2004-07-12 16:43 -------- d-----w- c:\program files\Java

2009-11-08 06:05 . 2005-03-15 20:37 -------- d-----w- c:\program files\FAST Defrag

2009-11-07 22:26 . 2007-05-14 19:31 -------- d-----w- c:\program files\Lavasoft

2009-11-07 20:58 . 2009-01-06 07:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-11-06 05:18 . 2005-08-07 17:21 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-06 05:18 . 2005-08-07 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-06 05:17 . 2005-10-12 18:27 -------- d-----w- c:\program files\Spyware Doctor

2009-11-06 04:57 . 2009-11-06 05:14 177320 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat

2009-11-04 05:32 . 2009-01-20 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Soulseek

2009-10-28 07:22 . 2009-01-07 04:41 -------- d-----w- c:\program files\CCleaner

2009-10-11 10:17 . 2009-03-16 01:05 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-10-03 15:02 . 2009-03-18 22:24 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-02 17:07 . 2009-10-02 17:07 -------- d-----w- c:\program files\Microsoft

2009-09-16 21:06 . 2009-09-09 21:25 -------- d-----w- c:\documents and settings\Jesse Morales\Application Data\Hoyle

2009-09-16 18:16 . 2007-06-01 08:29 445 ----a-w- c:\windows\EntPack.dat

2009-08-26 02:11 . 2009-08-26 02:11 152576 ----a-w- c:\documents and settings\Jesse Morales\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

.

((((((((((((((((((((((((((((( SnapShot@2009-11-12_21.53.46 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-11-15 17:06 . 2009-11-15 17:06 16384 c:\windows\Temp\Perflib_Perfdata_bc.dat

+ 2002-08-29 10:00 . 2009-06-12 11:50 76288 c:\windows\SYSTEM32\telnet.exe

+ 2004-09-08 11:17 . 2007-07-27 16:41 26488 c:\windows\SYSTEM32\spupdsvc.exe

+ 2007-07-06 21:19 . 2009-05-26 11:40 17272 c:\windows\SYSTEM32\spmsg.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 55808 c:\windows\SYSTEM32\secur32.dll

+ 2002-08-29 10:00 . 2009-02-03 20:08 55808 c:\windows\SYSTEM32\secur32.dll

+ 2002-08-29 10:00 . 2009-02-06 16:54 35328 c:\windows\SYSTEM32\sc.exe

- 2002-08-29 10:00 . 2005-07-03 02:11 39424 c:\windows\SYSTEM32\pngfilt.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 39424 c:\windows\SYSTEM32\pngfilt.dll

+ 2004-07-12 16:31 . 2009-11-15 08:00 53436 c:\windows\SYSTEM32\PERFC009.DAT

- 2004-07-12 16:31 . 2006-10-29 19:10 53436 c:\windows\SYSTEM32\PERFC009.DAT

+ 2004-03-06 02:16 . 2008-06-12 14:16 91648 c:\windows\SYSTEM32\mtxoci.dll

- 2004-03-06 02:16 . 2004-08-04 07:56 66560 c:\windows\SYSTEM32\mtxclu.dll

+ 2004-03-06 02:16 . 2008-06-12 14:16 66560 c:\windows\SYSTEM32\mtxclu.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 58880 c:\windows\SYSTEM32\msdtclog.dll

+ 2002-08-29 10:00 . 2008-06-12 14:16 58880 c:\windows\SYSTEM32\msdtclog.dll

- 2002-08-29 10:00 . 2005-06-29 01:46 74240 c:\windows\SYSTEM32\mscms.dll

+ 2002-08-29 10:00 . 2008-06-24 16:23 74240 c:\windows\SYSTEM32\mscms.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 16384 c:\windows\SYSTEM32\jsproxy.dll

- 2002-08-29 10:00 . 2005-07-03 02:11 96256 c:\windows\SYSTEM32\inseng.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 96256 c:\windows\SYSTEM32\inseng.dll

+ 2004-08-04 07:56 . 2009-06-26 16:18 81920 c:\windows\SYSTEM32\ieencode.dll

- 2004-08-04 07:56 . 2004-08-04 07:56 81920 c:\windows\SYSTEM32\ieencode.dll

+ 2002-08-29 10:00 . 2009-07-29 04:53 82432 c:\windows\SYSTEM32\fontsub.dll

- 2004-08-04 07:56 . 2004-08-04 07:56 55808 c:\windows\SYSTEM32\extmgr.dll

+ 2004-08-04 07:56 . 2009-06-26 16:18 55808 c:\windows\SYSTEM32\extmgr.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 39424 c:\windows\SYSTEM32\DLLCACHE\pngfilt.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 16384 c:\windows\SYSTEM32\DLLCACHE\jsproxy.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 96256 c:\windows\SYSTEM32\DLLCACHE\inseng.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 81920 c:\windows\SYSTEM32\DLLCACHE\ieencode.dll

+ 2009-11-15 06:17 . 2009-06-22 11:38 18432 c:\windows\SYSTEM32\DLLCACHE\iedw.exe

+ 2009-11-15 06:17 . 2009-06-26 16:18 55808 c:\windows\SYSTEM32\DLLCACHE\extmgr.dll

+ 2004-03-06 02:16 . 2005-07-26 04:39 60416 c:\windows\SYSTEM32\colbact.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 84992 c:\windows\SYSTEM32\avifil32.dll

+ 2002-08-29 10:00 . 2009-06-10 14:21 84992 c:\windows\SYSTEM32\avifil32.dll

+ 2002-08-29 10:00 . 2009-07-17 18:55 58880 c:\windows\SYSTEM32\atl.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 58880 c:\windows\SYSTEM32\atl.dll

+ 2005-05-17 00:25 . 2009-06-22 11:26 352768 c:\windows\SYSTEM32\xpsp3res.dll

- 2004-07-21 17:58 . 2004-08-04 07:56 233472 c:\windows\SYSTEM32\wmpdxm.dll

+ 2004-07-21 17:58 . 2009-07-13 08:18 233472 c:\windows\SYSTEM32\wmpdxm.dll

+ 2004-07-12 17:16 . 2008-06-18 11:03 938496 c:\windows\SYSTEM32\WMNetmgr.dll

- 2003-10-21 22:06 . 2004-08-04 07:56 132096 c:\windows\SYSTEM32\wkssvc.dll

+ 2003-10-21 22:06 . 2009-06-10 06:32 132096 c:\windows\SYSTEM32\wkssvc.dll

+ 2004-02-06 23:05 . 2009-06-26 16:18 659456 c:\windows\SYSTEM32\wininet.dll

+ 2004-07-15 21:32 . 2008-12-16 12:47 351232 c:\windows\SYSTEM32\winhttp.dll

- 2004-07-15 21:32 . 2004-08-04 07:56 351232 c:\windows\SYSTEM32\winhttp.dll

+ 2002-08-29 10:00 . 2009-02-06 16:39 227840 c:\windows\SYSTEM32\WBEM\wmiprvse.exe

+ 2002-08-29 10:00 . 2009-02-09 10:20 453120 c:\windows\SYSTEM32\WBEM\wmiprvsd.dll

+ 2002-08-29 10:00 . 2009-02-09 10:20 473088 c:\windows\SYSTEM32\WBEM\fastprox.dll

+ 2002-08-29 10:00 . 2007-12-18 14:40 417792 c:\windows\SYSTEM32\vbscript.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 417792 c:\windows\SYSTEM32\vbscript.dll

+ 2004-01-21 21:20 . 2009-06-26 16:18 616448 c:\windows\SYSTEM32\urlmon.dll

+ 2002-08-29 10:00 . 2009-07-29 16:23 119808 c:\windows\SYSTEM32\t2embed.dll

+ 2002-08-29 10:00 . 2008-10-03 10:15 247326 c:\windows\SYSTEM32\strmdll.dll

+ 2004-07-07 23:48 . 2009-06-26 16:18 474112 c:\windows\SYSTEM32\shlwapi.dll

+ 2002-08-29 10:00 . 2009-02-06 17:14 110592 c:\windows\SYSTEM32\services.exe

- 2004-03-30 01:48 . 2004-08-04 07:56 144896 c:\windows\SYSTEM32\schannel.dll

+ 2004-03-30 01:48 . 2008-12-05 07:12 144896 c:\windows\SYSTEM32\schannel.dll

+ 2004-03-06 02:16 . 2009-02-09 10:20 399360 c:\windows\SYSTEM32\rpcss.dll

+ 2004-03-06 02:16 . 2009-04-15 15:11 584192 c:\windows\SYSTEM32\rpcrt4.dll

+ 2004-07-12 16:31 . 2009-11-15 08:01 381692 c:\windows\SYSTEM32\PERFH009.DAT

- 2004-07-12 16:31 . 2006-10-29 19:10 381692 c:\windows\SYSTEM32\PERFH009.DAT

- 2002-08-29 10:00 . 2004-08-04 07:56 283648 c:\windows\SYSTEM32\pdh.dll

+ 2002-08-29 10:00 . 2009-03-06 14:44 283648 c:\windows\SYSTEM32\pdh.dll

+ 2002-08-29 10:00 . 2009-02-09 10:20 714752 c:\windows\SYSTEM32\ntdll.dll

+ 2004-07-15 21:33 . 2008-10-15 16:57 332800 c:\windows\SYSTEM32\netapi32.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 245248 c:\windows\SYSTEM32\mswsock.dll

+ 2002-08-29 10:00 . 2008-06-20 17:41 245248 c:\windows\SYSTEM32\mswsock.dll

+ 2002-12-12 05:14 . 2009-08-05 09:11 204800 c:\windows\SYSTEM32\mswebdvd.dll

+ 2002-08-29 10:00 . 2009-06-05 07:42 655872 c:\windows\SYSTEM32\mstscax.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 532480 c:\windows\SYSTEM32\mstime.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 146432 c:\windows\SYSTEM32\msrating.dll

- 2002-08-29 10:00 . 2005-07-03 02:11 146432 c:\windows\SYSTEM32\msrating.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 449024 c:\windows\SYSTEM32\mshtmled.dll

+ 2004-03-06 02:16 . 2008-06-12 14:16 161792 c:\windows\SYSTEM32\msdtcuiu.dll

+ 2004-03-06 02:16 . 2008-06-12 14:16 956928 c:\windows\SYSTEM32\msdtctm.dll

+ 2004-03-06 02:16 . 2008-06-12 14:16 428032 c:\windows\SYSTEM32\msdtcprx.dll

+ 2004-03-30 01:48 . 2009-02-09 10:20 723456 c:\windows\SYSTEM32\lsasrv.dll

- 2004-07-12 17:16 . 2006-10-19 02:03 100864 c:\windows\SYSTEM32\logagent.exe

+ 2004-07-12 17:16 . 2008-06-18 07:09 100864 c:\windows\SYSTEM32\logagent.exe

+ 2002-08-29 10:00 . 2009-05-07 15:44 344064 c:\windows\SYSTEM32\localspl.dll

+ 2002-08-29 10:00 . 2009-03-21 14:18 986112 c:\windows\SYSTEM32\kernel32.dll

+ 2003-01-13 19:57 . 2007-12-18 14:40 450560 c:\windows\SYSTEM32\jscript.dll

- 2003-01-13 19:57 . 2004-08-04 07:56 450560 c:\windows\SYSTEM32\jscript.dll

+ 2004-06-07 19:19 . 2008-04-11 18:50 683520 c:\windows\SYSTEM32\inetcomm.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 251392 c:\windows\SYSTEM32\iepeers.dll

- 2002-08-29 10:00 . 2005-07-03 02:11 251392 c:\windows\SYSTEM32\iepeers.dll

+ 2004-03-30 01:48 . 2008-10-23 13:01 283648 c:\windows\SYSTEM32\gdi32.dll

+ 2002-09-03 14:05 . 2009-11-15 07:55 639544 c:\windows\SYSTEM32\FNTCACHE.DAT

- 2002-09-03 14:05 . 2009-03-12 16:43 639544 c:\windows\SYSTEM32\FNTCACHE.DAT

+ 2004-03-06 02:16 . 2008-07-07 20:32 253952 c:\windows\SYSTEM32\es.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 205312 c:\windows\SYSTEM32\dxtrans.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 357888 c:\windows\SYSTEM32\dxtmsft.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 357888 c:\windows\SYSTEM32\dxtmsft.dll

+ 2002-08-29 10:00 . 2008-06-20 21:22 225920 c:\windows\SYSTEM32\DRIVERS\tcpip6.sys

+ 2002-08-29 10:00 . 2008-06-20 10:45 360320 c:\windows\SYSTEM32\DRIVERS\tcpip.sys

+ 2002-08-29 10:00 . 2008-12-11 11:57 333184 c:\windows\SYSTEM32\DRIVERS\srv.sys

+ 2002-08-29 10:00 . 2008-05-08 12:28 202752 c:\windows\SYSTEM32\DRIVERS\rmcast.sys

+ 2002-08-29 10:00 . 2008-10-24 11:10 453632 c:\windows\SYSTEM32\DRIVERS\mrxsmb.sys

+ 2004-08-04 06:10 . 2008-06-13 13:10 272128 c:\windows\SYSTEM32\DRIVERS\bthport.sys

+ 2002-08-29 10:00 . 2008-08-14 09:51 138368 c:\windows\SYSTEM32\DRIVERS\afd.sys

+ 2002-08-29 10:00 . 2008-06-21 05:11 148992 c:\windows\SYSTEM32\dnsapi.dll

+ 2002-08-29 10:00 . 2008-04-21 10:02 215552 c:\windows\SYSTEM32\DLLCACHE\wordpad.exe

+ 2009-07-13 08:18 . 2009-07-13 08:18 233472 c:\windows\SYSTEM32\DLLCACHE\wmpdxm.dll

+ 2008-06-18 11:03 . 2008-06-18 11:03 938496 c:\windows\SYSTEM32\DLLCACHE\WMNetmgr.dll

+ 2009-11-15 06:09 . 2009-02-06 16:39 227840 c:\windows\SYSTEM32\DLLCACHE\wmiprvse.exe

+ 2009-11-15 06:09 . 2009-02-09 10:20 453120 c:\windows\SYSTEM32\DLLCACHE\wmiprvsd.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 659456 c:\windows\SYSTEM32\DLLCACHE\wininet.dll

+ 2004-01-21 21:20 . 2009-06-26 16:18 616448 c:\windows\SYSTEM32\DLLCACHE\urlmon.dll

+ 2008-06-20 21:22 . 2008-06-20 21:22 225920 c:\windows\SYSTEM32\DLLCACHE\tcpip6.sys

+ 2009-07-29 16:23 . 2009-07-29 16:23 119808 c:\windows\SYSTEM32\DLLCACHE\t2embed.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 474112 c:\windows\SYSTEM32\DLLCACHE\shlwapi.dll

+ 2009-11-15 06:09 . 2009-02-06 17:14 110592 c:\windows\SYSTEM32\DLLCACHE\services.exe

+ 2009-11-15 06:09 . 2009-02-09 10:20 399360 c:\windows\SYSTEM32\DLLCACHE\rpcss.dll

+ 2009-11-15 06:09 . 2009-02-09 10:20 714752 c:\windows\SYSTEM32\DLLCACHE\ntdll.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 532480 c:\windows\SYSTEM32\DLLCACHE\mstime.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 146432 c:\windows\SYSTEM32\DLLCACHE\msrating.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 449024 c:\windows\SYSTEM32\DLLCACHE\mshtmled.dll

+ 2009-11-15 06:09 . 2009-02-09 10:20 723456 c:\windows\SYSTEM32\DLLCACHE\lsasrv.dll

+ 2008-06-18 07:09 . 2008-06-18 07:09 100864 c:\windows\SYSTEM32\DLLCACHE\logagent.exe

+ 2009-11-15 06:17 . 2009-06-26 16:18 251392 c:\windows\SYSTEM32\DLLCACHE\iepeers.dll

+ 2009-11-15 06:09 . 2009-02-09 10:20 473088 c:\windows\SYSTEM32\DLLCACHE\fastprox.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 205312 c:\windows\SYSTEM32\DLLCACHE\dxtrans.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 357888 c:\windows\SYSTEM32\DLLCACHE\dxtmsft.dll

+ 2008-06-21 05:11 . 2008-06-21 05:11 148992 c:\windows\SYSTEM32\DLLCACHE\dnsapi.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 151040 c:\windows\SYSTEM32\DLLCACHE\cdfview.dll

+ 2009-11-15 06:09 . 2009-02-09 10:20 616960 c:\windows\SYSTEM32\DLLCACHE\advapi32.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 151040 c:\windows\SYSTEM32\cdfview.dll

- 2002-08-29 10:00 . 2005-07-03 02:11 151040 c:\windows\SYSTEM32\cdfview.dll

+ 2002-08-29 10:00 . 2009-02-09 10:20 616960 c:\windows\SYSTEM32\advapi32.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 616960 c:\windows\SYSTEM32\advapi32.dll

+ 2002-08-29 10:00 . 2006-08-16 11:58 100352 c:\windows\SYSTEM32\6to4svc.dll

- 2002-08-29 10:00 . 2004-08-04 07:56 100352 c:\windows\SYSTEM32\6to4svc.dll

+ 2004-10-28 01:14 . 2008-10-24 11:10 453632 c:\windows\Driver Cache\I386\mrxsmb.sys

+ 2009-11-15 05:58 . 2008-06-13 13:10 272128 c:\windows\Driver Cache\I386\bthport.sys

+ 2009-11-15 06:08 . 2008-04-15 17:54 1724416 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\GdiPlus.dll

+ 2002-08-29 10:00 . 2008-06-18 11:03 2458112 c:\windows\SYSTEM32\WMVCore.dll

+ 2003-09-17 05:25 . 2009-07-13 08:18 4960256 c:\windows\SYSTEM32\wmp.dll

+ 2002-08-29 10:00 . 2009-04-17 09:58 1846656 c:\windows\SYSTEM32\win32k.sys

+ 2004-01-21 21:15 . 2009-07-18 16:20 1506304 c:\windows\SYSTEM32\shdocvw.dll

+ 2003-05-30 14:00 . 2009-06-03 19:27 1290752 c:\windows\SYSTEM32\quartz.dll

+ 1980-01-01 05:00 . 2009-02-06 17:24 2180480 c:\windows\SYSTEM32\ntoskrnl.exe

+ 1980-01-01 05:00 . 2009-02-06 16:49 2057728 c:\windows\SYSTEM32\ntkrnlpa.exe

+ 2002-08-29 10:00 . 2008-09-04 16:42 1106944 c:\windows\SYSTEM32\msxml3.dll

+ 2004-07-07 23:37 . 2009-07-18 16:20 3062272 c:\windows\SYSTEM32\mshtml.dll

+ 2008-06-18 11:03 . 2008-06-18 11:03 2458112 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll

+ 2009-07-13 08:18 . 2009-07-13 08:18 4960256 c:\windows\SYSTEM32\DLLCACHE\wmp.dll

+ 2009-11-15 06:17 . 2009-07-18 16:20 1506304 c:\windows\SYSTEM32\DLLCACHE\shdocvw.dll

+ 2009-11-15 06:09 . 2009-02-06 17:24 2180480 c:\windows\SYSTEM32\DLLCACHE\ntoskrnl.exe

+ 2009-11-15 06:09 . 2009-02-06 16:49 2015744 c:\windows\SYSTEM32\DLLCACHE\ntkrpamp.exe

+ 2009-11-15 06:09 . 2009-02-06 16:49 2057728 c:\windows\SYSTEM32\DLLCACHE\ntkrnlpa.exe

+ 2009-11-15 06:09 . 2009-02-06 17:22 2136064 c:\windows\SYSTEM32\DLLCACHE\ntkrnlmp.exe

+ 2009-11-15 06:17 . 2009-07-18 16:20 3062272 c:\windows\SYSTEM32\DLLCACHE\mshtml.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 1054208 c:\windows\SYSTEM32\DLLCACHE\danim.dll

+ 2009-11-15 06:17 . 2009-06-26 16:18 1023488 c:\windows\SYSTEM32\DLLCACHE\browseui.dll

+ 2002-08-29 10:00 . 2009-06-26 16:18 1054208 c:\windows\SYSTEM32\danim.dll

+ 2004-01-21 21:21 . 2009-06-26 16:18 1023488 c:\windows\SYSTEM32\browseui.dll

+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\I386\ntoskrnl.exe

+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\I386\ntkrpamp.exe

+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\I386\ntkrnlpa.exe

+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\I386\ntkrnlmp.exe

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\B12ttPMGI.exe" [2009-11-07 1312080]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2007-11-29 1719568]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Picture Transfer Software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk

backup=c:\windows\pss\KODAK Picture Transfer Software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Orbit.lnk

backup=c:\windows\pss\Orbit.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TRACE! by Workshare.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\TRACE! by Workshare.lnk

backup=c:\windows\pss\TRACE! by Workshare.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jesse Morales^Start Menu^Programs^Startup^WordWeb.lnk]

path=c:\documents and settings\Jesse Morales\Start Menu\Programs\Startup\WordWeb.lnk

backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jesse Morales^Start Menu^Programs^Startup^Xfire.lnk]

path=c:\documents and settings\Jesse Morales\Start Menu\Programs\Startup\Xfire.lnk

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SymWSC"=2 (0x2)

"SNDSrvc"=3 (0x3)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Soulseek\\slsk.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=

"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AIM6\\aim6.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Documents and Settings\\Jesse Morales\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

R1 ATMhelpr;ATMhelpr;c:\windows\SYSTEM32\DRIVERS\ATMHELPR.SYS [8/5/2004 1:43 PM 4064]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/7/2009 3:20 PM 108289]

R2 PCLinkBridge;USB-USB Network Bridge;c:\windows\SYSTEM32\DRIVERS\Pro2000.sys [7/21/2004 8:26 PM 6566]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/16/2007 12:02 PM 24652]

R3 NIC2000;USB-USB Network Bridge Adapter;c:\windows\SYSTEM32\DRIVERS\NIC2000.SYS [7/21/2004 8:26 PM 5766]

S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [11/8/2009 1:11 AM 312592]

S2 ptssvc;ptssvc;c:\program files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe [8/1/2004 1:00 PM 36864]

S2 USB2000;USB-USB Network Bridge Driver;c:\windows\SYSTEM32\DRIVERS\usb2000.sys [7/21/2004 8:26 PM 12822]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IS360SERVICE

*Deregistered* - mbr

*Deregistered* - PROCEXP113

.

Contents of the 'Scheduled Tasks' folder

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213666468-2620210946-2638669835-1007Core.job

- c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 05:48]

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4213666468-2620210946-2638669835-1007UA.job

- c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 05:48]

2009-11-15 c:\windows\Tasks\SDMsgUpdate (SmartDrawTrial).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2006-01-27 16:09]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://www.yahoo.com/

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: &WordWeb... - c:\windows\wweb32.dll/lookup.html

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: lsac.org

Trusted Zone: microsoft.com\office

DPF: ppctlcab - hxxp://www.pestscan.com/scanner/ppctlcab.cab

FF - ProfilePath - c:\documents and settings\Jesse Morales\Application Data\Mozilla\Firefox\Profiles\vsyyjp98.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search/?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=

FF - plugin: c:\documents and settings\Jesse Morales\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-11-15 13:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

Completion time: 2009-11-15 13:33

ComboFix-quarantined-files.txt 2009-11-15 19:33

ComboFix2.txt 2009-11-12 22:05

Pre-Run: 8,613,789,696 bytes free

Post-Run: 8,759,136,256 bytes free

- - End Of File - - F17C3A6C796B2E30685844E1DF98CADE

[deltalima]

Hi big_red01027,

Now lets uninstall ComboFix:

• Click START then RUN
  
• Now type Combofix /Uninstall in the runbox and click OK
  

Now please delete the file Norton_Removal_Tool.exe from your desktop.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world.Firewalls protect against hackers and malicious intruders.. I would like you to download and install a free firewall from one of these excellent vendors:

1) ZoneAlarm

2) Agnitum

3) Sunbelt/Kerio

Note If you choose Zonealarm then ensure the option for the ZoneAlarm Spy Blocker is NOT chosen during installation.

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Set Correct Settings For Files That Should Be Hidden

• Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab
  
• Under Hidden files and folders if necessary select Do not show hidden files and folders
  
• If unchecked, checkHide protected operating system files (Recommended)
  
• If necessary check Display content of system folders
  
• If necessary Uncheck Hide file extensions for known file types
  
• Click OK
  

Disable and Enable System Restore. - If you are using Windows XP or Vista then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

Update your AntiVirus Software and keep your other programs up-to-date

It is vital that you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software
  

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

[big_red01027]

Thank you very much for all your help, deltalima.

[deltalima]

Thank you very much for all your help, deltalima.

Thank you.

Glad we could help.