Trojan Turns off Firewall Returns and comes back when deleted!

[ArrionShadow]

IM going Insane Ive Run Everything From Hijackthis, Atf Cleaner, Registry Booster, Spybot Clenup, Malware Anti Malware, AVg Virus Protection, Spy Bot, Combo Fix And This This Still Keeps Comming Back! My Spy bot keeps catching Registry Changes, My Email now tells me Im leaving a Secure Connection when I log In, Websites that I go to Were blocked Before I ran Malware, But the Virus Keeps Comming Back Everytime I clean it. Its also Turning Off mY Anti Virus Programs Some how? Heres My Logs! Help!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:19:11 PM, on 1/1/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZuneBusEnum.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Phonic\HB_FW_MKII_Series\Phonic_cpl.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {19F67714-A69F-47B1-AD19-5731C42E54F9} - C:\WINDOWS\system32\fccdEvtQ.dll (file missing)

O2 - BHO: {19d270f7-7814-4f0b-a934-a121a04b5a03} - {30a5b40a-121a-439a-b0f4-41877f072d91} - C:\WINDOWS\system32\deoydv.dll

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {93dc4383-b0fe-4943-aa90-6db02d3a13c7} - C:\WINDOWS\system32\suliweya.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: (no name) - {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - C:\Program Files\MorpheusBar\SrchAstt\1.bin\MBSRCAS.DLL (file missing)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll

O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

O4 - HKLM\..\Run: [CPM131fd454] Rundll32.exe "c:\windows\system32\bulirope.dll",a

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [talotoduje] Rundll32.exe "C:\WINDOWS\system32\jotogeni.dll",s (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [talotoduje] Rundll32.exe "C:\WINDOWS\system32\jotogeni.dll",s (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')

O4 - S-1-5-18 Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Rapid Antivirus.lnk = C:\Program Files\Rapid Antivirus\Rapid Antivirus.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Phonic Control Panel.lnk = C:\Program Files\Phonic\HB_FW_MKII_Series\Phonic_cpl.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168750450875

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://messenger.zone.msn.com/EN-US/a-LUXR/mjolauncher.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} (SAXFile ActiveX Control) - http://www.diskfaktory.com/create/01/SAXFile.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab55200.cab

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab

O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll deoydv.dll C:\WINDOWS\system32\milokira.dll c:\windows\system32\bulirope.dll

O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bulirope.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bulirope.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX

[ArrionShadow]

combofix log

ComboFix 08-12-31.01 - Owner 2009-01-01 12:46:18.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1470.970 [GMT -5:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\bulirope.dll

c:\windows\system32\deoydv.dll

c:\windows\system32\jkkHApoM.dll

c:\windows\system32\jkkJyAPG.dll

c:\windows\system32\milokira.dll

c:\windows\system32\pkchssrn.dll

c:\windows\system32\suliweya.dll

c:\windows\system32\ueoccatm.ini

c:\windows\system32\utodejey.ini

c:\windows\system32\yejedotu.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_seneka

((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))

.

2008-12-31 07:51 . 2008-12-31 07:54 40,960 --a------ c:\windows\azunuvazijuqum.dll

2008-12-31 06:00 . 2008-12-31 06:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-12-31 06:00 . 2008-12-31 06:00 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes

2008-12-31 06:00 . 2008-12-31 06:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-12-31 06:00 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-12-31 06:00 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-12-31 03:20 . 2008-12-31 03:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\s_4610_fHx8fHx8fDEyNDMzMjIzNzl8_

2008-12-31 03:20 . 2008-12-31 03:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Rapid Antivirus

2008-12-30 22:45 . 2008-12-30 22:45 40,448 --a------ c:\windows\system32\k9261108.exe

2008-12-24 03:00 . 2008-12-24 03:00 54,156 --ah----- c:\windows\QTFont.qfn

2008-12-24 03:00 . 2008-12-24 03:00 1,409 --a------ c:\windows\QTFont.for

2008-12-08 02:58 . 2006-04-28 08:11 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS

2008-12-08 02:58 . 2006-04-28 08:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver

2008-12-08 02:58 . 2006-04-28 08:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SampleView

2008-12-08 02:58 . 2006-08-27 22:43 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AOL

2008-12-08 02:57 . 2008-12-08 02:58 <DIR> d-------- c:\documents and settings\Administrator

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-24 01:49 --------- d-----w c:\program files\PeerGuardian2

2008-12-24 01:12 --------- d-----w c:\program files\Morpheus

2008-12-24 01:05 --------- d-----w c:\documents and settings\Owner\Application Data\Morpheus

2008-12-23 03:57 --------- d-----w c:\program files\Zune

2008-12-23 03:41 --------- d-----w c:\documents and settings\Owner\Application Data\uTorrent

2008-12-08 08:27 --------- d-----w c:\program files\Java

2008-11-19 15:58 --------- d-----w c:\program files\Apple Software Update

2008-11-14 08:01 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf

2008-11-14 08:01 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf

2008-11-14 08:00 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf

2008-11-12 04:27 --------- d-----w c:\program files\MSXML 4.0

2008-11-10 03:18 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-11-10 03:13 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-10 02:46 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!

2008-11-07 18:49 --------- d--h--w c:\documents and settings\Owner\Application Data\Move Networks

2008-11-07 18:20 --------- d-----w c:\program files\Trend Micro

2008-11-04 18:00 --------- d-----w c:\program files\Viewpoint

2008-11-04 18:00 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2008-06-16 08:14 11,582 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat

2008-01-04 22:52 47,360 ----a-w c:\documents and settings\Owner\Application Data\pcouffin.sys

2007-11-06 17:22 49,236 ----a-w c:\documents and settings\Owner\fat32format.exe

2007-02-10 05:17 85,504 ----a-w c:\program files\mozilla firefox\plugins\lame_enc.dll

2005-07-14 17:31 27,648 -csha-r c:\windows\system32\AVSredirect.dll

2005-06-26 20:32 971,618 -csha-r c:\windows\system32\cygwin1.dll

2005-06-22 03:37 61,440 -csha-r c:\windows\system32\cygz.dll

2005-02-28 18:16 240,128 -csha-r c:\windows\system32\x.264.exe

2008-08-21 01:40 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]

"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-05-16 1856544]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 29696]

Phonic Control Panel.lnk - c:\program files\Phonic\HB_FW_MKII_Series\Phonic_cpl.exe [2007-12-03 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Morpheus\\Morpheus.exe"=

"c:\\Program Files\\Teamspeak2_RC2\\client_sdk\\Teamspeak2_RC2\\server_windows.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Program Files\\NetMeeting\\conf.exe"=

"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Trillian\\trillian.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=

"c:\\Program Files\\Windows Defender\\MsMpEng.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-01 97928]

R2 ACEDRV09;ACEDRV09;\??\c:\windows\system32\drivers\ACEDRV09.sys [2008-08-08 110304]

R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-04 875288]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-04 231704]

R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-01 76040]

R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2006-04-28 200192]

S3 AMDMSRIO;AMDMSRIO;\??\c:\docume~1\Owner\LOCALS~1\Temp\Safe To Delete 3_0_4_8\AMDMSRIO.sys []

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-08-08 1527900]

S3 Phonic_1394;Phonic_1394;c:\windows\system32\Drivers\Phonic_1394.sys [2007-12-03 114688]

S3 Phonic_avs;Phonic_avs;c:\windows\system32\Drivers\Phonic_avs.sys [2007-12-03 28672]

S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2008-08-08 544768]

S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-11-04 24652]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d6a8530-347f-11db-a882-00038a000015}]

\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d6a8531-347f-11db-a882-00038a000015}]

\Shell\Auto\command - I:\Start.exe

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.

Contents of the 'Scheduled Tasks' folder

2008-12-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-28 c:\windows\Tasks\Introductory Algebra Updates.job

- c:\windows\Installer\Introductory Algebra Updates for All Users.lnk []

2006-04-28 c:\windows\Tasks\ISP signup reminder 1.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2006-04-28 c:\windows\Tasks\ISP signup reminder 2.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2006-04-28 c:\windows\Tasks\ISP signup reminder 3.job

- c:\windows\system32\OOBE\oobebaln.exe [2008-04-13 19:12]

2009-01-01 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-01 c:\windows\Tasks\nvzumgzr.job

- c:\windows\system32\rundll32.exe [2008-04-13 19:12]

2008-03-26 c:\windows\Tasks\Uniblue SpyEraser.job

- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-01-29 10:13]

.

- - - - ORPHANS REMOVED - - - -

BHO-{19F67714-A69F-47B1-AD19-5731C42E54F9} - c:\windows\system32\fccdEvtQ.dll

BHO-{30a5b40a-121a-439a-b0f4-41877f072d91} - c:\windows\system32\deoydv.dll

BHO-{93dc4383-b0fe-4943-aa90-6db02d3a13c7} - c:\windows\system32\suliweya.dll

HKLM-Run-talotoduje - c:\windows\system32\jotogeni.dll

HKLM-Run-CPM131fd454 - c:\windows\system32\bulirope.dll

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://www.yahoo.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = 127.0.0.1

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm

IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm

IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm

Trusted Zone: www.adultswim.com

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {C3A57B60-C117-11D2-BD9B-00105A0A7E89} - hxxp://www.diskfaktory.com/create/01/SAXFile.cab

c:\windows\Downloaded Program Files\saxfile.inf

c:\windows\Downloaded Program Files\GoPetsWeb.ocx - O16 -: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}

hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab

c:\windows\Downloaded Program Files\GoPetsWeb.inf

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j1tpqesg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=

FF - prefs.js: network.proxy.type - 4

FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j1tpqesg.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPGeckoHost32.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll

FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("general.useragent.vendorComment", "ax");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.xpconnect.activex.global.hosting_flags", 9);

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("security.classID.allowByDefault", false);

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID22D6F312-B0F6-11D0-94AB-0080C74C7E95", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CID6BF52A52-394A-11D3-B153-00C04F79FAA6", "AllAccess");

c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDA9FC132B-096D-460B-B7D5-1DB0FAE0C062", "AllAccess");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-01-01 13:05:14

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\BigFix\BigFix\DelayStart]

@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)

@Owner=Administrators

@Denied: (Full) (Guests)

@Allowed: (Full) (LocalSystem)

@Allowed: (Read) (Administrators)

@Allowed: (Read) (S-1-2-0)

"BFastDelayType"=""

"BFastStart"=""

"AttentionType"="BalloonAlert"

"BalloonTitle"="Want to keep your copy of Windows XP up to date?"

"BalloonText"="Click here to learn about eMachines Proactive Support."

"BalloonBitmapFile"="c:\\Windows\\emachines_32.bmp"

"StartupDelayType"="xponline"

[HKEY_LOCAL_MACHINE\software\BigFix\BigFix\DelayStart\State]

@Security=(SE_DACL_PRESENT SE_SELF_RELATIVE (@Owner @Group @DACL)

@Owner=Administrators

@Denied: (Full) (Guests)

@Allowed: (Full) (LocalSystem)

@Allowed: (Read) (Administrators)

@Allowed: (Full) (S-1-2-0)

"BFastDelayComplete"=dword:00000001

"BFastRun"=dword:00000001

"StartupDelayComplete"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\B*NULL*o*NULL*o*NULL*k*NULL*S*NULL*m*NULL*a*NULL*r*NULL*t*NULL*"! *NULL*1*NULL*.*NULL*9*NULL*.*NULL*5*NULL* *NULL*1*NULL*.*NULL*9*NULL*.*NULL*5*NULL*]

@Security="Inherited"

"SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,60,06,09,00,00,00,00,d0,3a,5a,\

78,99,ec,c8,01,3e,00,00,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,\

61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,42,00,6f,00,6f,00,6b,\

00,53,00,6d,00,61,00,72,00,74,00,5c,00,42,00,6f,00,6f,00,6b,00,53,00,6d,00,\

61,00,72,00,74,00,2e,00,65,00,78,00,65,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00,00,00

"Changed"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ

[AdvancedSetup]

Hello ArrionShadow and Welcome to Malwarebytes.

It is frowned upon for users to run tools without being asked as it can cause damage if you don't understand what or how it's supposed to be used.

Please run the following and let's see if we can make sure you're cleaned up.

Please Download OTMoveIt3 by Old Timer and save it to your Desktop.

• Double-click OTMoveIt3.exe to run it.
  
• While connected to the Internet, Click on the green CleanUp! button and it will populate a list of items to clean from your system that we used or may have used.
  
• It should ask if you want to clean up, select Yes and allow the system to clean up these items.
  

NOW please reboot your computer to finish the cleanup process and post back the log from OTMoveIt3

Then run the following

Malwarebytes' Anti-Malware

• Start MalwareBytes AntiMalware
  • Update Malwarebytes' Anti-Malware
  • Select the Update tab
    
  • Click Update
    

  [*]When the update is complete, select the Scanner tab

  [*]Select Perform quick scan, then click Scan.

  [*]When the scan is complete, click OK, then Show Results to view the results.

  [*]Be sure that everything is checked, and click Remove Selected.

  [*]When completed, a log will open in Notepad. please copy and paste the log into your next reply

  • If you accidently close it, the log file is saved here and will be named like this:
    
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    

The RESTART the computer again and AFTER the restart run HJT Scan and Save log and post back all NEW logs.