System Security

All files deleted (including precious limewire )
I've completed the update (from version 2250 to 2273) and run a quick scan.

Here is logfile:
Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 3:22:48 PM
mbam-log-2009-06-13 (15-22-46).txt

Scan type: Quick Scan
Objects scanned: 83231
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1993962763-1682526488-725345543-1003\Dc1\PAVRM.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.




Also: Are all p2p / torrent programs considered dangerous by you or just bitlord / limewire? p2p and torrents are half the fun of cable internet, I'd hate to forgo them permanently.

ALL P2P programs are unsafe, you have no idea what your downloading is infected or not.
Torrents are the same, there is also law enforcements sat on some popular torrents, so they can catch people out and prosecute you.

You really need to be careful.

The log says no action taken, did you remove the two items?

Who said I used them illegally?

I've removed those two files now. It tells me I need to restart. Restarting now / log below.

Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 3:22:48 PM
mbam-log-2009-06-13 (15-22-46).txt

Scan type: Quick Scan
Objects scanned: 83231
Time elapsed: 2 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1993962763-1682526488-725345543-1003\Dc1\PAVRM.exe (Rogue.AdvancedVirusRemover) -> No action taken.
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> No action taken.


edit: I'm back from the restart and I've run another quick scan. The skynet thing is still on there :\. Should I try the remove / restart option again?

It still says no action taken, did you check "Remove Selected"?

I thought I did; it also prompted a restart. The C:\recycler thing is now gone, but the skynetlog.dat was persistent through restart. I'll try again to remove / restart the skynet thing.

Tried the remove / restart thing again; skynetlog.dat just won't go down. Here is log:

Malwarebytes' Anti-Malware 1.37
Database version: 2273
Windows 5.1.2600 Service Pack 2

6/13/2009 4:03:56 PM
mbam-log-2009-06-13 (16-03-56).txt

Scan type: Quick Scan
Objects scanned: 83627
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SKYNETlog.dat (Trojan.Agent) -> Delete on reboot.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (Mcafee)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Thx for all help everyone. Here is the combofix log. I believe I'm out of / nearly out of the woods. I'm going to split this in half as the forum states this post is too big.

ComboFix 09-06-13.03 - John 06/13/2009 17:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.493 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\19284844
c:\documents and settings\All Users\Application Data\99294836
c:\windows\system32\drivers\SKYNETqrxnlnsv.sys
c:\windows\system32\drivers\UACnojsmelpnhsipaq.sys
c:\windows\system32\UACdpxormsvuxhrnnc.db
c:\windows\system32\UACtoqooboxnlirtlx.dat
c:\windows\system32\UACxvikytitevnftor.dll
c:\documents and settings\All Users\Application Data\19284844\19284844.exe
c:\documents and settings\All Users\Application Data\19284844\19284844.glu
c:\documents and settings\All Users\Application Data\19284844\pc19284844cnf
c:\documents and settings\All Users\Application Data\19284844\pc19284844ins
c:\documents and settings\All Users\Application Data\99294836\99294836.exe
c:\windows\system32\config\systemprofile\Desktop\Advanced Virus Remover.lnk
c:\windows\system32\drivers\jloevqfe.sys
c:\windows\system32\drivers\SKYNETqrxnlnsv.sys
c:\windows\system32\drivers\UACnojsmelpnhsipaq.sys
c:\windows\system32\kungsfypdwyktu.dat
c:\windows\system32\UACxvikytitevnftor.dll
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETiqombcim
-------\Service_UACd.sys
-------\Service_kungsfhklvisrq


((((((((((((((((((((((((( Files Created from 2009-05-13 to 2009-06-13 )))))))))))))))))))))))))))))))
.

2009-06-13 22:57 . 2009-06-13 22:57 -------- d-----w- c:\windows\LastGood
2009-06-13 19:41 . 2009-06-13 19:41 -------- d-----w- c:\program files\Trend Micro
2009-06-09 15:49 . 2008-12-11 13:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-09 15:49 . 2009-04-03 16:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-09 15:49 . 2008-12-18 17:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-09 15:49 . 2009-06-12 06:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-09 15:49 . 2009-06-09 15:49 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-09 15:49 . 2008-12-10 16:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-09 15:48 . 2009-06-11 19:25 -------- d-----w- c:\program files\Spyware Doctor
2009-06-09 15:48 . 2009-06-09 15:48 -------- d-----w- c:\documents and settings\John\Application Data\PC Tools
2009-06-09 15:48 . 2009-06-09 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-02 16:59 . 2009-06-02 16:59 390664 ----a-w- c:\documents and settings\John\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 06:08 . 2009-06-02 06:08 -------- d-----w- c:\program files\CCleaner
2009-06-02 05:00 . 2009-06-02 04:37 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-02 04:34 . 2009-06-02 04:34 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-02 04:34 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-02 04:34 . 2009-06-02 04:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-26 19:14 . 2009-05-26 19:14 -------- d-----w- c:\program files\Celestia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 22:58 . 2006-01-10 18:47 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-06-13 22:58 . 2008-03-12 21:49 -------- d-----w- c:\program files\DNA
2009-06-13 22:58 . 2008-03-12 21:49 -------- d-----w- c:\documents and settings\John\Application Data\DNA
2009-06-13 20:15 . 2006-01-08 23:43 -------- d-----w- c:\program files\Java
2009-06-13 20:13 . 2007-03-08 02:52 -------- d-----w- c:\program files\BitLord
2009-06-13 18:26 . 2009-03-14 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-11 19:43 . 2006-01-09 00:14 -------- d-----w- c:\program files\World of Warcraft
2009-06-11 19:09 . 2006-01-10 18:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 00:54 . 2006-02-06 07:52 -------- d-----w- c:\program files\Viewpoint
2009-06-09 00:54 . 2006-02-06 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-06-05 19:40 . 2006-02-23 21:18 -------- d-----w- c:\program files\Morpheus
2009-06-02 04:34 . 2006-02-06 04:37 -------- d-----w- c:\program files\Lavasoft
2009-05-26 18:57 . 2007-10-15 02:26 -------- d-----w- c:\documents and settings\John\Application Data\BitTorrent
2009-05-26 18:20 . 2009-03-14 23:13 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 18:19 . 2009-03-14 23:13 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-29 10:45 . 2009-02-20 00:27 -------- d-----w- c:\program files\Curse
2009-04-29 04:17 . 2009-04-29 01:49 -------- d-----w- c:\documents and settings\John\Application Data\IMVU
2009-04-29 01:49 . 2009-04-29 01:49 80967 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\Uninstall.exe
2009-04-29 01:49 . 2009-04-29 01:49 -------- d-----w- c:\documents and settings\John\Application Data\IMVUClient
2009-04-26 21:14 . 2009-04-26 21:14 -------- d-----w- c:\program files\Ventrilo
2009-04-26 21:13 . 2009-04-26 21:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-04-24 00:48 . 2009-04-24 00:48 95584 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\IMVUupdater.exe
2009-04-24 00:48 . 2009-04-24 00:48 49920 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\IMVUClient.exe
2009-04-24 00:48 . 2009-04-24 00:48 19200 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\imvuqualityagent.exe
2009-04-23 22:52 . 2009-04-23 22:52 38400 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\MemoryHook.dll
2009-04-23 22:52 . 2009-04-23 22:52 288768 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\cal3d.dll
2009-04-23 22:52 . 2009-04-23 22:52 185856 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\boost_python.dll
2009-04-23 22:52 . 2009-04-23 22:52 256000 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\audiere.dll
2009-04-23 22:51 . 2009-04-23 22:51 28672 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\CallStack.dll
2009-04-22 17:28 . 2009-04-22 17:28 9433600 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\xul.dll
2009-04-06 16:04 . 2009-04-06 16:04 271929 ----a-w- c:\documents and settings\John\Application Data\IMVUClient\pixomatic.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FlashMute"="c:\program files\FlashMute\FlashMute.exe" [2006-03-11 221184]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2007-08-20 40960]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-26 342848]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-09 1934336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-08-18 113152]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 473928]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-12-27 59040]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2006-01-10 100056]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-02-25 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-25 454656]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-25 212992]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-21 185896]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2006-01-19 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-02 518488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-10-07 1630208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"SAVScan"=3 (0x3)
"ose"=3 (0x3)
"ccSetMgr"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.9.0-enUS-downloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139212341\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1139212341\\ee\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Morpheus\\Morpheus.exe"=
"c:\\Program Files\\Steam\\SteamApps\\brynnis\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\THQ\\Dawn of War\\W40k.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Civilization4.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Gold\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R3 nenum13E;nenum13E;c:\docume~1\John\LOCALS~1\Temp\nenum13E.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-06-02 64160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-04-03 130936]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-06-02 1005904]

.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 04:37]

2009-06-06 c:\windows\Tasks\Norton AntiVirus - Scan my computer - John.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 18:54]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)


.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-13 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1993962763-1682526488-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:44,5b,ab,c7,bb,15,b2,b9,f7,b3,b8,cf,a0,f8,3c,08,cf,5d,c7,4e,4b,a9,25,
9b,7a,39,ac,5b,31,74,8b,14,b1,4c,62,dc,7c,92,8e,15,c5,00,35,5b,37,0d,cf,60,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1492)
c:\program files\FlashMute\mutelib.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Microsoft AntiSpyware\gcasDtServ.exe
.
**************************************************************************
.
Completion time: 2009-06-13 21:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 02:32

Pre-Run: 49,639,190,528 bytes free
Post-Run: 49,315,258,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

260 --- E O F --- 2008-04-09 23:38

Hello.
Need an uninstall list.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Sorry for the long delays between posts; again thx for help. Uninstall list posted below:

3114 SATARAID5
Ad-Aware
Ad-Aware
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
AIM 6
AOL Uninstaller (Choose which Products to Remove)
CadStd
ccCommon
CCleaner (remove only)
Celestia 1.5.1
Civilization III
CloneDVD 3.5
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Curse Client
DawnOfWar
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Don't Touch My Computer 2 Screen Saver
DOW RDN Tools 1.41
DVD Decrypter 3.5.4.0
DVD Shrink 3.2
Fable - The Lost Chapters
FileZilla Client 3.2.1
FLV Player 1.3.3
Free Ram Optimizer XP 1.0
Google Earth
Grand Theft Auto Vice City
GTA San Andreas
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
hp deskjet 3500 series
HTML-Kit
Internet Worm Protection
IrfanView (remove only)
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Logitech Print Service
Logitech QuickCam
Logitech Camera Driver
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Max Payne 2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Morpheus 5.2 (remove only)
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 6 Demo
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Drivers
NvMixer
QuickTime
QuickTime Alternative 1.67
RAR Password Cracker 4.12
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 Gold
Skype 3.2
SPBBC
Spyware Doctor 6.0
Steam
Symantec
Symantec Script Blocking Installer
SymNet
System Requirements Lab
TBS WMP Plug-in
TeamSpeak 2 RC2
Tweak UI
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VideoLAN VLC media player 0.8.6c
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VNC Free Edition 4.1.3
WinBoard
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Morpheus 5.2 (remove only)
Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

Driver::
nenum13E

Folder::
c:\program files\DNA
c:\documents and settings\John\Application Data\DNA
c:\program files\BitLord
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\Morpheus
c:\documents and settings\John\Application Data\BitTorrent
c:\Program Files\BitTorrent_DNA
c:\Program Files\BitTorrent

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Morpheus\\Morpheus.exe"=-
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=-
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Um...My computer seems to be working fine now, and most of those programs you have referenced haven't been used in about 3-4 months. I'm very appreciative of help but if the deal is for your help I have to dismantle my ability to download songs and movies, I'm not sure that is a tradeoff I'm willing to make. As ungrateful as it may be to question your motives, I feel I have to ask before unflinchingly deleting everything :\ If your interests are thoroughness to that degree, then that means I would have to delete every file ever downloaded on p2p...and that ain't happenin'.

note: I did delete viewpoint and its application data.

Okay, I'll let you keep them, just be careful. Don't need to run the CFScript as along as Viewpoint is gone.

Thank you very much for all the help and patience. I sent you guys a little cash, its not a lot but I hope it helps.

I hope anyone who is reading this who can spare a couple bucks donates. Everything the crew here did in response to my situation was done spot on including their expertise, quick responses, and overall customer service.

Thanks again,

JohnS

Glad we could help



Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers.

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/firefox/addon/1865
https://addons.mozilla.org/en-US/firefox/addon/433

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
Update Checker

5) Finally, consider maintaining a firewall. Some good free firewalls are Kerio, or
Outpost
A tutorial on understanding and using firewalls may be found here.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found here.

Hopefully this should take care of your problems! Good luck.