Police Pro block EVERYthing

Norton expired a few months ago...I had disabled the auto update because it took up so much memory. Im not on it now, but can I go online when I copy paste like above? Or should I use a drive?

Hello.
We'll uninstall Norton later.


Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Hi.


Avira AntiVir Personal
Report file date: Tuesday, September 22, 2009 21:49

Scanning for 1740103 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : LAPTOP

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42
ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 9/16/2009 01:47:31
ANTIVIR3.VDF : 7.1.6.24 313344 Bytes 9/22/2009 01:47:33
Engineversion : 8.2.1.23
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/23/2009 01:47:53
AESCRIPT.DLL : 8.1.2.33 479611 Bytes 9/23/2009 01:47:53
AESCN.DLL : 8.1.2.5 127346 Bytes 9/23/2009 01:47:51
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39
AEPACK.DLL : 8.2.0.0 422261 Bytes 9/23/2009 01:47:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/23/2009 01:47:48
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/23/2009 01:47:41
AEGEN.DLL : 8.1.1.63 364916 Bytes 9/23/2009 01:47:40
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.8.1 184693 Bytes 9/23/2009 01:47:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: Tuesday, September 22, 2009 21:49

Starting search for hidden objects.
'67943' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'VentC.exe' - '1' Module(s) have been scanned
Scan process 'tcsd_win32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZIPM12.EXE' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NicConfigSvc.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'dlbtcoms.exe' - '1' Module(s) have been scanned
Scan process 'DataServer.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'lexbces.exE' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
c:\WINDOWS\system32\dibiyowa.dll
[DETECTION] Is the TR/Monder.bzea.74 Trojan

The registry was scanned ( '59' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Program Files\M1N1\mbam.exe
[WARNING] The file could not be opened!
C:\Program Files\M1N1\winlogon.exe
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\[4]-Submit_2009-09-17_21.15.35.zip
[0] Archive type: ZIP
--> jobobuwi.dll
[DETECTION] Is the TR/Vundo.gmm.1204 Trojan
--> jubawiro.dll
[DETECTION] Is the TR/Vundo.gmm.1208 Trojan
--> ropasaje.dll
[DETECTION] Is the TR/Vundo.gmm.1168 Trojan
--> tesifeke.dll
[DETECTION] Is the TR/Vundo.gmm.1469 Trojan
--> vugivodi.dll
[DETECTION] Is the TR/Vundo.gmm.1192 Trojan
--> yoyijite.dll
[DETECTION] Is the TR/Vundo.gmm.1065 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fosowefe.dll.vir
[DETECTION] Is the TR/Vundo.38400BK Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyoirqnejx.dll.vir
[DETECTION] Is the TR/Alureon.19968U.10 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gehufidu.dll.vir
[DETECTION] Is the TR/Vundo.38400BK.1 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\koyahune.exe.vir
[DETECTION] Is the TR/Dldr.FraudLo.amc Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lavogana.dll.vir
[DETECTION] Contains recognition pattern of the SPR/Tool.37888.2 program
C:\Qoobox\Quarantine\C\WINDOWS\system32\sohojire.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
C:\Qoobox\Quarantine\C\WINDOWS\system32\wevetora.dll.vir
[DETECTION] Is the TR/Monderb.azpe Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yimipivu.dll.vir
[DETECTION] Contains recognition pattern of the SPR/Tool.38400.2 program
C:\Qoobox\Quarantine\C\WINDOWS\system32\yugovuji.dll.vir
[DETECTION] Is the TR/Vundo.gmm.1047 Trojan
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000028.dll
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\snapshot\MFEX-3.DAT
[DETECTION] Is the TR/Monder.bzea.74 Trojan
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\dibiyowa.dll
[DETECTION] Is the TR/Monder.bzea.74 Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01234567\firewall[1].dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\firewall[1].dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\SetupAdvancedVirusRemover[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\_OTM\MovedFiles\09012009_143758\WINDOWS\svchasts.exe
[DETECTION] Contains recognition pattern of the PHISH/Fraud.WinAntiVirus.IV phishing file/email
C:\_OTM\MovedFiles\09012009_143758\WINDOWS\system32\dddesot.dll
[DETECTION] Is the TR/FakeScanti.A.20 Trojan

Beginning disinfection:
c:\WINDOWS\system32\dibiyowa.dll
[DETECTION] Is the TR/Monder.bzea.74 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The file was moved to '4b1c16c1.qua'!
C:\Qoobox\Quarantine\[4]-Submit_2009-09-17_21.15.35.zip
[NOTE] The file was moved to '4b17168f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fosowefe.dll.vir
[DETECTION] Is the TR/Vundo.38400BK Trojan
[NOTE] The file was moved to '4b2d16ca.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gasfkyoirqnejx.dll.vir
[DETECTION] Is the TR/Alureon.19968U.10 Trojan
[NOTE] The file was moved to '4b2d16bd.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gehufidu.dll.vir
[DETECTION] Is the TR/Vundo.38400BK.1 Trojan
[NOTE] The file was moved to '4b2216c1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\koyahune.exe.vir
[DETECTION] Is the TR/Dldr.FraudLo.amc Trojan
[NOTE] The file was moved to '4b3316cb.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lavogana.dll.vir
[DETECTION] Contains recognition pattern of the SPR/Tool.37888.2 program
[NOTE] The file was moved to '4b3016be.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sohojire.dll.vir
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
[NOTE] The file was moved to '4b2216cc.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wevetora.dll.vir
[DETECTION] Is the TR/Monderb.azpe Trojan
[NOTE] The file was moved to '4b3016c2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yimipivu.dll.vir
[DETECTION] Contains recognition pattern of the SPR/Tool.38400.2 program
[NOTE] The file was moved to '4b2716c6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yugovuji.dll.vir
[DETECTION] Is the TR/Vundo.gmm.1047 Trojan
[NOTE] The file was moved to '4b2116d2.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0000028.dll
[DETECTION] Contains recognition pattern of the RKIT/Agent.pri root kit
[NOTE] The file was moved to '4aea168d.qua'!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\snapshot\MFEX-3.DAT
[DETECTION] Is the TR/Monder.bzea.74 Trojan
[NOTE] The file was moved to '4aff16a4.qua'!
C:\WINDOWS\system32\dibiyowa.dll
[DETECTION] Is the TR/Monder.bzea.74 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[WARNING] Error in ARK library
[NOTE] The file is scheduled for deleting after reboot.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\01234567\firewall[1].dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4b2c16f1.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\firewall[1].dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4d6065ea.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\SetupAdvancedVirusRemover[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4b2e16ed.qua'!
C:\_OTM\MovedFiles\09012009_143758\WINDOWS\svchasts.exe
[DETECTION] Contains recognition pattern of the PHISH/Fraud.WinAntiVirus.IV phishing file/email
[NOTE] The file was moved to '4b1d1700.qua'!
C:\_OTM\MovedFiles\09012009_143758\WINDOWS\system32\dddesot.dll
[DETECTION] Is the TR/FakeScanti.A.20 Trojan
[NOTE] The file was moved to '4b1e16f2.qua'!


End of the scan: Wednesday, September 23, 2009 08:37
Used time: 10:37:16 Hour(s)

The scan has been done completely.

11050 Scanned directories
422582 Files were scanned
24 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
18 Files were moved to quarantine
0 Files were renamed
5 Files cannot be scanned
422553 Files not concerned
6280 Archives were scanned
7 Warnings
21 Notes
67943 Objects were scanned with rootkit scan
0 Hidden objects were found

Hello.
Did you select everything Avira found for removal?

Completely Uninstall Norton software using:

• SymNRT.exe
  

Instructions

1. Please download and save SymNRT.exe to your desktop.
   
2. Close all programs and double click on the tool.
   
3. Follow the on-screen instructions.
   
4. Restart the computer if asked.
   
5. Then delete the SymNRT.exe tool from your desktop.
   
6. Open the Program Files folder on your local disk ( normally C: )
   
7. Find and delete the following folders (if present):
   
   
   
   • Norton AntiVirus
     
   • Norton Internet Security
     
   • Norton SystemWorks
     
   • Norton Personal Firewall
     

After that, re-run Combofix.

While running Avira,windows popped up on top of each other so fast!! and the default was (not delete) i may have clicked ok, maybe to quarintine or ignore (i forget what the default was) should I also re run Avira too? Im doing the norton now...what should i do after running combofix?

Launched SymNRT.exe on the machine...it told me the version was out of date.

Followed link (yes,online) to Norton site. Asked me to download two programs,one to remove temp files (this program froze several times).
the second was an updated SymNRT.exe. Running it now.

The only program i could find is called Norton Security Scan should i delete it?

Yes.
Please re-run Combofix after that.

Ok.
I have been getting a Rundll error when I turn my computer on:
"Error loading c:\windows\system32\dibiyowa.dll" should I click ok...?
also recieved popup to buy Avira and notification that the program was updated...? Just ignore?

Here's the cobofix report...


ComboFix 09-09-23.02 - Cubby 09/24/2009 17:28.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -4:00]
Running from: c:\documents and settings\cubby.MACDONALDWOOD\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER


((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-23 01:45 . 2009-07-28 20:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-09-23 01:45 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-09-23 01:45 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-09-23 01:45 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-09-23 01:45 . 2009-09-23 01:45 -------- d-----w- c:\program files\Avira
2009-09-23 01:45 . 2009-09-23 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-18 22:45 . 2004-08-04 10:00 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-09-18 22:45 . 2004-08-04 10:00 55808 ------w- c:\windows\system32\eventlog.dll
2009-09-18 22:45 . 2004-08-04 10:00 4224 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-09-18 22:45 . 2004-08-04 10:00 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-09-16 23:57 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-16 17:14 . 2009-09-16 17:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-13 00:07 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 00:07 . 2009-09-16 17:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 00:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-01 18:37 . 2009-09-01 18:37 -------- d-----w- C:\_OTM
2009-09-01 15:53 . 2009-09-01 18:48 -------- d-----w- c:\program files\M1N1
2009-09-01 14:35 . 2009-09-01 14:35 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\Malwarebytes
2009-09-01 14:35 . 2009-09-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-01 10:10 . 2009-09-01 10:10 -------- d-sh--w- c:\documents and settings\Cubby\PrivacIE
2009-09-01 10:01 . 2009-09-01 10:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-01 10:00 . 2009-09-01 10:00 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-08-31 20:54 . 2009-08-31 20:54 -------- d-sh--w- c:\documents and settings\Cubby\IETldCache
2009-08-31 20:28 . 2009-08-31 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-26 11:20 . 2009-08-26 11:20 -------- d-----w- c:\program files\Media5 Software
2009-08-26 11:17 . 2002-12-03 07:11 143872 ----a-w- c:\windows\system32\NCTWMAFile.dll
2009-08-26 11:17 . 2002-12-03 07:07 168448 ----a-w- c:\windows\system32\NCTAudioPlayer.dll
2009-08-26 11:17 . 2002-12-03 07:02 491520 ----a-w- c:\windows\system32\NCTAudioFile.dll
2009-08-26 11:13 . 2009-08-26 11:13 -------- d-----w- c:\program files\WMA WAV MP3 to Audio CD Maker

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 00:28 . 2007-09-13 16:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-24 00:17 . 2007-09-13 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-23 11:47 . 2006-08-22 06:06 35001 ----a-w- c:\windows\system32\nvModes.dat
2009-09-18 01:23 . 2009-03-28 23:35 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-17 01:25 . 2007-04-13 00:07 -------- d-----w- c:\program files\dl_Cats
2009-09-01 10:13 . 2006-08-22 06:33 -------- d-----w- c:\program files\Google
2009-09-01 00:58 . 2006-12-28 01:31 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\Azureus
2009-08-31 20:04 . 2007-11-15 02:48 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\Wave Systems Corp
2009-08-25 15:19 . 2009-08-21 00:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-25 01:46 . 2008-01-08 19:03 -------- d-----w- c:\program files\MediaCoder
2009-08-25 01:27 . 2009-08-25 01:27 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\AVS4YOU
2009-08-25 01:27 . 2009-08-25 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-08-25 01:27 . 2009-08-25 01:26 -------- d-----w- c:\program files\AVS4YOU
2009-08-25 01:27 . 2009-08-25 01:26 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-24 23:56 . 2009-08-24 23:56 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\iMeshMediabarTb
2009-08-24 23:56 . 2009-08-24 23:56 -------- d-----w- c:\program files\iMeshMediabarTb
2009-08-24 23:56 . 2009-08-24 23:56 -------- d-----w- c:\program files\iMesh Applications
2009-08-24 18:58 . 2009-08-24 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\2BAB
2009-08-22 14:03 . 2009-08-22 13:55 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\CVS
2009-08-22 13:39 . 2009-08-22 13:39 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-08-22 13:38 . 2007-10-17 16:18 -------- d-----w- c:\program files\MSECache
2009-08-21 00:39 . 2009-08-21 00:39 -------- d-----w- c:\program files\LitexMedia
2009-08-07 13:39 . 2006-09-13 17:27 93472 ----a-w- c:\documents and settings\cubby.MACDONALDWOOD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 07:07 . 2009-08-06 07:07 -------- d-----w- c:\program files\MSBuild
2009-08-06 07:07 . 2009-08-06 07:07 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 19:27 . 2006-09-13 15:35 -------- d-----w- c:\documents and settings\cubby.MACDONALDWOOD\Application Data\AdobeUM
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-03-04 03:33 915456 ------w- c:\windows\system32\wininet.dll
2006-12-17 21:20 . 2006-12-17 21:20 36206039 -c--a-w- c:\program files\Top Producer Outlook Connector.EXE
2006-12-13 03:12 . 2007-02-08 21:35 66648 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-12-13 03:12 . 2007-02-08 21:35 54352 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-12-13 03:12 . 2007-02-08 21:35 34928 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-12-13 03:12 . 2007-02-08 21:35 46696 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-12-13 03:12 . 2007-02-08 21:35 172120 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-03-15 21:30 . 2007-03-15 21:30 80 -csha-r- c:\windows\system32\67F454E4E8.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-17_00.01.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-24 21:37 . 2009-09-24 21:37 16384 c:\windows\Temp\Perflib_Perfdata_4f0.dat
+ 2009-09-23 01:45 . 2009-05-11 14:12 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2006-09-13 16:48 . 2009-08-27 12:57 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2004-08-04 10:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 10:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
+ 2008-05-09 10:53 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2008-05-09 10:53 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2006-09-13 16:48 . 2009-09-18 01:07 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-09-13 16:48 . 2009-08-27 12:57 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2006-09-13 16:48 . 2009-09-18 01:07 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-09-18 01:05 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-18 01:05 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-18 01:05 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2009-08-25 18:57 . 2009-08-25 18:57 5518336 c:\windows\Installer\567e188.msp
+ 2009-09-18 01:07 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-18 01:06 . 2009-09-18 01:06 15709696 c:\windows\Installer\567e176.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}"= "c:\program files\iMeshMediabarTb\iMeshMediaBarDx.dll" [2009-07-31 91568]

[HKEY_CLASSES_ROOT\clsid\{abb49b3b-ab7d-4ed0-9135-93fd5aa4f69f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-14 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-24 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"domezudim"="c:\windows\system32\dibiyowa.dll" [BU]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Cubby\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2007-5-17 1220608]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{a292acc6-cf08-4d50-83ab-cb5c6eef5773}"= "c:\windows\system32\dibiyowa.dll" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-04-24 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"sagujesur"= {a292acc6-cf08-4d50-83ab-cb5c6eef5773} - c:\windows\system32\dibiyowa.dll [BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EMBASSY Trust Suite Secure Update.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
backup=c:\windows\pss\EMBASSY Trust Suite Secure Update.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^cubby.MACDONALDWOOD^Start Menu^Programs^Startup^Anapod Manager.lnk]
path=c:\documents and settings\cubby.MACDONALDWOOD\Start Menu\Programs\Startup\Anapod Manager.lnk
backup=c:\windows\pss\Anapod Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^cubby.MACDONALDWOOD^Start Menu^Programs^Startup^RCA Detective.lnk]
path=c:\documents and settings\cubby.MACDONALDWOOD\Start Menu\Programs\Startup\RCA Detective.lnk
backup=c:\windows\pss\RCA Detective.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlbtpswx.exe"=
"c:\\Program Files\\Red Chair Software\\Anapod Explorer\\anamgr.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\WebC_ActiveX4.22\\ptermX.exe"=
"c:\\Program Files\\Ericom Software\\PowerTerm WebConnect 5.6\\151.203.99.51\\ptermX.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/22/2009 9:45 PM 108289]
R2 WILPAR;Wordcraft Parallel Driver;c:\windows\system32\drivers\WILPAR.SYS [9/1/2006 11:40 AM 22976]
S3 cur_bus;Curitel USB Composite Device driver (WDM);c:\windows\system32\drivers\cur_bus.sys [9/5/2006 10:41 AM 50176]
S3 cur_mdfl;Curitel Packet Service Filter;c:\windows\system32\drivers\cur_mdfl.sys [9/5/2006 10:41 AM 6096]
S3 cur_mdm;Curitel Packet Service Drivers;c:\windows\system32\drivers\cur_mdm.sys [9/5/2006 10:41 AM 81056]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [5/17/2007 2:28 PM 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [5/17/2007 2:28 PM 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [5/17/2007 2:28 PM 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [5/17/2007 2:28 PM 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [5/17/2007 2:28 PM 69632]
S3 SMC2208;SMC Compact USB to Ethernet converter;c:\windows\system32\drivers\SMC2208.SYS [2/16/2008 12:40 PM 26525]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-09-24 c:\windows\Tasks\User_Feed_Synchronization-{522C9FDF-90D3-4175-A7FB-7B976A9CAC8A}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-09-24 c:\windows\Tasks\{CB904F16-01AA-4E35-81DF-0F9BCF531682}_MACDONALDWOOD_Cubby.job
- c:\windows\system32\mobsync.exe [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: vlsp.dll
Trusted Zone: stumbleupon.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: PUFLITE - hxxp://cubbyfitts.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} - hxxps://actsvr.comcastonline.com/techtools/dl/Comcast%20Activation%20Controls.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab
FF - ProfilePath - c:\documents and settings\cubby.MACDONALDWOOD\Application Data\Mozilla\Firefox\Profiles\xf0e1ri2.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NSS - c:\program files\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 18:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,97,65,98,77,df,
c4,d9,d5,e2,63,26,f1,3f,c8,ff,68,26,da,4a,51,2c,18,5c,9b,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,c0,d8,10,c6,fc,
d8,85,02,6a,9c,d6,61,af,45,84,18,63,98,aa,41,9d,27,22,f8,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,77,6b,0f,1c,e2,
18,6e,17,ff,7c,85,e0,43,d4,0e,fe,42,e8,9f,e8,ec,72,c5,99,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,93,ca,7f,74,98,
a9,19,16,86,8c,21,01,be,91,eb,e7,18,97,a8,58,fe,a9,4e,79,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,3c,0e,eb,90,42,
fa,06,cb,f5,1d,4d,73,a8,13,5c,05,6b,83,dc,d8,36,37,17,f7,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,50,cf,42,b4,96,
4a,7b,52,df,20,58,62,78,6b,cf,c8,df,e7,7e,bd,d5,e9,01,09,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,cb,53,db,0d,94,
5e,6e,68,fb,a7,78,e6,12,2f,9a,ea,6f,2a,ed,60,b2,d1,47,83,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ff,57,35,74,eb,
c0,05,20,01,3a,48,fc,e8,04,4a,f1,f1,75,68,bb,bf,e2,2e,a4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a9,be,9e,98,8b,
17,38,7b,f6,0f,4e,58,98,5b,89,c9,42,b2,98,75,e4,2f,3b,36,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c2,82,54,f6,10,
e3,07,8e,3d,ce,ea,26,2d,45,aa,78,ee,29,88,ea,c4,c6,75,12,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,2d,db,c2,de,4b,
e1,3d,b4,2a,b7,cc,b5,b9,7f,41,e7,68,33,58,56,d5,cb,db,4d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,62,be,74,45,21,
51,65,c7,6c,43,2d,1e,aa,22,2f,9c,08,b7,02,b6,70,38,f2,30,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\vlsp.dll

- - - - - - - > 'explorer.exe'(3104)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\vlsp.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\lexbces.exE
c:\windows\system32\scardsvr.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
c:\program files\Verizon Wireless\venturi\Client\VentC.exe
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\fxssvc.exe
.
**************************************************************************
.
Completion time: 2009-09-24 18:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-24 22:08
ComboFix2.txt 2009-09-18 22:52
ComboFix3.txt 2009-09-18 12:38
ComboFix4.txt 2009-09-18 01:29
ComboFix5.txt 2009-09-24 21:27

Pre-Run: 36,201,574,400 bytes free
Post-Run: 36,150,185,984 bytes free

393 --- E O F --- 2009-09-18 01:09

Hello.
Two more things to do, I think these are having an effect on this infection.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

I assume i should run the same version you gave me on page 1? (downloads as "winlogon.scr")

7-Zip 4.57
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 6.0.1 Professional
Adobe Flash Player 10 ActiveX
Adobe Reader 6.0.1
Adobe Shockwave Player 11.5
Advanced WMA MP3 Converter version 1.2
All To MP3 Converter 2.65
ALPS Touch Pad Driver
Amara - Flash Photo Animation Software
Anapod CopyGear (remove only)
Anapod Explorer (remove only)
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AudioConverter Studio 5.9
Audiovox USB Drivers
AusLogics System Information
AVI to iPod Converter 1.00
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Azureus Vuze
BitPim 1.0.1
Bonjour
Broadcom Advanced Control Suite
Broadcom TPM Driver Installer
Conexant HDA D110 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Curitel PC Card Software
Dell Embassy Trust Suite by Wave Systems
Dell Laser Printer 1110 Software Uninstall
Dell Wireless WLAN Card
Digital Line Detect
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Document Manager Lite
EMBASSY Security Center
EMBASSY Trust Suite by Wave Systems
eMusic - 50 Free MP3 offer
ETS Launch Pad
FairStars Audio Converter 1.79
FLV Player 2.0, build 23
FormViewer
Free Video to Mp3 Converter version 3.1
FurthurNET 1.7.5
GearDrvs
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
ieSpell
iMesh
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Lernout & Hauspie TruVoice American English TTS Engine
Lexmark Printer Software Uninstall
LG USB Modem driver
Lightning 2000i
Lightning CMA Plus
Malwarebytes' Anti-Malware
MediaBar
MediaCoder 0.6.1
Memorex exPressit Label Design Studio
MetaFrame Presentation Server Client
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Small Business Edition 2003
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
mkw Audio Compression Toolkit
Modem Helper
Mozilla Firefox (2.0.0.1)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
NTRU Hybrid TSS v2.0.7
NVIDIA Drivers
OpD2d
Ovis pdf-Recover Professional 4.0
PerSonoCall
Pinnacle VideoSpin
PowerDVD 5.7
Preboot Manager
Private Information Manager
QuickLink Mobile Phonebook
QuickSet
QuickTime
RealPlayer
Rhapsody Player Engine
Roxio DLA
Roxio Express Labeler
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Search Assist
Secure Update
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Wizards
Skylook
Skype 2.5
Sonic Update Manager
TOP PRODUCER 7i Data Transfer Wizard
Top Producer Outlook Connector
TOSHIBA e-STUDIO230-280 Series Client
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
URGE
URL Assistant
Venturi Client 3.1.4
Video to Audio Converter 1.12
Virtual Earth 3D (Beta)
VZAccess Manager
Wave Infrastructure Installer
Wave Support Software
WebEx
Winamp
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WMA WAV MP3 to Audio CD Maker 1.0.2
Xilisoft 3GP Video Converter
Xvid Codec 1.1.3
Yahoo! SiteBuilder

I see that you are running Azureus.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Ask Toolbar
Azureus Vuze
BitPim 1.0.1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
MediaBar

Next, please update Firefox.

Please download Firefox 3.5.2 and install it. It will install over version 2.0 you currently have installed, so you won't lose any bookmarked websites.

Ok...Done.

Now post one final Hijack This log.