15 replies to this topic

[DTakeMoney]

I've recently got a virus in my computer that caused constant popups and such, but a Malwarebyte was able to get rid of most of the most troubling probelms; but somethings still in my system that won't go away.

Whenever I scan my computer, Rootkit.Trace and Trojan.Agent keeps showing up and when I restart my computer after the scan, it continues to reside in my computer.

And I believe this is related since it's been happening since the day I got the virus, but every few hours or so, and everytime I start my computer up, Norton alerts me that it's unable to remove Trojan.Metajuan.

On top of that, I'm getting error pops up from Google Installer.

So basically, my symptoms are:

• Constant Norton alerts of a failure to remove Trojan.Metajuan
  
• Google Installer errors
  
• Google links leading to popups
  
• Trojan.Agent + Rootkit.Trace showing up on Malwarebytes after every scan
  
• Computer freezing a few times a day
  
• Computers been alot more slower than it use to be

And also, I changed my Malwarebyte's name to winlogon.exe so it'll be runable, if it helps.


Here's my Malwarebytes Log:
Malwarebytes' Anti-Malware 1.39
Database version: 2573
Windows 5.1.2600 Service Pack 3

8/7/2009 1:29:39 AM
mbam-log-2009-08-07 (01-29-39).txt

Scan type: Quick Scan
Objects scanned: 91918
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> Delete on reboot.


And HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:25:33, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 9388 bytes

[miekiemoes]

Hi,

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

• If you are using Firefox, make sure that your download settings are as follows:
  
  • Tools->Options->Main tab
    
  • Set to "Always ask me where to Save the files".
• During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  
  
• It is important you rename Combofix during the download, but not after.
  
• Please do not rename Combofix to other names, but only to the one indicated.
  
• Close any open browsers.
  
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
    
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combo-Fix.exe & follow the prompts.
  
• When finished, it will produce a report for you.
  
• Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

If you still cannot get this to run, try booting into Safe Mode, and run it there.

To boot into Safe Mode, tap F8 after BIOS, and just before the Windows logo appears. A list of options will appear, select "Safe Mode."

[DTakeMoney]

Thanks for the reply, miekiemoes.

Here's my combofix log:

ComboFix 09-08-06.01 - Dan 08/07/2009 12:34.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1629 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\Combo-Fix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dan\APPLIC~1\inst.exe
c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\DataBase.ref
c:\program files\Antispyware\vistaCPtasks.xml
C:\test.txt
c:\windows\Installer\caf39a7.msp
c:\windows\Installer\caf39a9.msp
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\UACmsqtqskwpb.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UACaistsmlwbl.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjoeerdbfch.dat
c:\windows\system32\UACledplfxoyi.dll
c:\windows\system32\UACpktarrvxew.dll
c:\windows\system32\UACqibeklnbgr.dll
c:\windows\system32\UACtoligappot.dll
c:\windows\system32\UACvvrdomujhi.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-07 to 2009-08-07 )))))))))))))))))))))))))))))))
.

2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753
2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro
2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali
2009-08-05 22:21 . 2009-08-06 18:27 -------- d-----w- C:\ConverterOutput
2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll
2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft
2009-08-05 22:00 . 2009-08-05 22:00 -------- d-----w- c:\program files\WinSCP
2009-08-05 21:42 . 2009-08-05 21:42 -------- d-----w- c:\program files\4Media
2009-08-05 21:36 . 2009-08-06 18:46 -------- d-----w- c:\docume~1\Dan\APPLIC~1\vlc
2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real
2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Antispyware
2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Malwarebytes
2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb
2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec
2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\13377654
2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo
2009-07-22 05:50 . 2009-07-22 17:52 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-22 05:49 . 2009-07-22 05:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-11 07:03 . 2009-07-15 01:23 -------- d-----w- c:\program files\AutoHotkey
2009-07-10 20:40 . 2009-07-10 22:50 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Audacity
2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 16:33 . 2009-03-10 20:31 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sonic
2009-08-07 16:30 . 2009-06-13 03:27 -------- d-----w- c:\docume~1\Dan\APPLIC~1\LimeWire
2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real
2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google
2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-22 05:51 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!
2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Azureus
2009-07-17 01:59 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf
2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Vso
2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys
2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 04:56 . 2009-06-25 04:56 -------- d-----w- c:\program files\MixMeister BPM Analyzer
2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf
2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\docume~1\Dan\APPLIC~1\WindSolutions
2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PMB Files
2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod
2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour
2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime
2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Apple
2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 20:02 . 2009-03-10 20:45 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Apple Computer
2009-06-13 03:26 . 2009-06-13 03:25 -------- d-----w- c:\program files\LimeWire
2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 03:25 . 2009-06-13 03:25 -------- d-----w- c:\program files\Java
2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf
2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf
2009-06-12 07:01 . 2009-03-10 19:55 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-06-12 02:06 . 2009-03-12 03:42 -------- d-----w- c:\docume~1\Dan\APPLIC~1\Roxio
2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58683:TCP"= 58683:TCP:Pando Media Booster
"58683:UDP"= 58683:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [7/30/2009 7:48 PM 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/22/2009 11:13 PM 101936]
S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-07 12:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-07 12:42
ComboFix-quarantined-files.txt 2009-08-07 16:42

Pre-Run: 90,116,673,536 bytes free
Post-Run: 90,705,436,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

232 --- E O F --- 2009-08-07 06:30

And the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:15, on 8/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21073)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys\WUSB300N\WLService.exe
C:\Program Files\Linksys\WUSB300N\WUSB300N.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236714453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Dan\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} (DVROcxEx Control) - http://69.136.66.28:227/DVROcxEx.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx...owserPlugin.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\NEW FOLDER\a2service.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca15fcb186a094) (gupdate1ca15fcb186a094) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: WUSB300NSvc - Unknown owner - C:\Program Files\Linksys\WUSB300N\WLService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8830 bytes

[miekiemoes]

Hi,

You were dealing with a rootkit that was locking mbam detection for it. Next version of mbam will be able to deal with it

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.

[DTakeMoney]

It's been working very well since I've followed your instructions; for almost 6 hours. But when I closed two of my internet explorers windows and opened a new one, the Norton's alert of the Metajuan.Trojan popped up, and at the same time when i was opening Limewire, my taskbar frozed for a bit with my startup menu up. This may be because I had too many things going on with my computer though (had a game up, a new internet explorers window opening up, and Limewire opening up).

Well for the most part everything seems to be fine, my latest Malwarebytes quick scan didn't find anything, the only thing that seems to be out of place is the Norton alerts. Anyways, thanks ALOT for the help, miekiemoes, you've helped me alot. =P I'll let you know how everything goes as the day goes on.

[miekiemoes]

Hi,

Can you tell me what file Norton alerts? What file and in what folder it is present.
Do you let Norton delete it?
When do you get that alert? Because from what I'm understanding here is, you get it when you open Limewire?
Most probably you got infected via Limewire as well, because after all, you never know what you download. Could be a file in your "completed" or "incompleted" folder (shared folder) which is infected.
Also, I do not recommend to have Limewire startup with Windows anyway, so I suggest you disable its startup via msconfig.

[DTakeMoney]

Sorry for the late reply, been too busy to stay on long enough to type this out. =]

Here's a picture of the alert.


And no, from the past few days; from what I observed, it pops up whenever I start my computer up. And it pops up at random after that, about every few hours or so. For the most part, things been okay with my computer thanks to your help. Only symptoms I've seen so far is my computer freezing (then unfreezing after a minute or two, but sometimes only the taskbar freezes).

and I think when I don't have an internet connect, it kind of seems it ceases to exist (something i observed during my fight with the trojan). If that helps.

I haven't ran a Malwarebytes scan in a while; I'm gonna do one now. =P

[miekiemoes]

Hi,

Can't you generate a logfile where Norton is detecting this file? Because I can't do anything with above info if I don't know where it is detected. All it says is that it detected this infection.

Also, please redownload and rerun Combofix again, this to make sure nothing jumped in again while you were using limewire. After all, p2p programs are always a risk and main cause of an infected computer.

[DTakeMoney]

Here's the new Combofix log; and when my norton finishes scanning, I'll post a pic of the info/location/etc of the trojan. =]

ComboFix 09-08-10.06 - Dan 08/13/2009 0:27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1309 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\abc.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt

.
((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 00:20 . 2009-08-13 04:17 -------- d-----w- c:\documents and settings\Dan\Tracing
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live
2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS
2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS
2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS
2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS
2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL
2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL
2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL
2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL
2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat
2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-11 03:42 . 2009-08-12 22:19 -------- d-----w- c:\program files\Warcraft III
2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys
2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite
2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.000
2009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix
2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753
2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro
2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali
2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput
2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll
2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft
2009-08-05 21:36 . 2009-08-11 03:22 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real
2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware
2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb
2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec
2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\13377654
2009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo
2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 04:20 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire
2009-08-13 04:16 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!
2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real
2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus
2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf
2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso
2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity
2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX
2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys
2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf
2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions
2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod
2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour
2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime
2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf
2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf
2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58683:TCP"= 58683:TCP:Pando Media Booster
"58683:UDP"= 58683:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936]
S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S2 wjysofqm;wjysofqm;c:\windows\system32\drivers\zdtjfvx.sys --> c:\windows\system32\drivers\zdtjfvx.sys [?]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 00:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-08-13 0:33
ComboFix-quarantined-files.txt 2009-08-13 04:33
ComboFix2.txt 2009-08-07 16:42

Pre-Run: 89,994,510,336 bytes free
Post-Run: 90,079,682,560 bytes free

254 --- E O F --- 2009-08-13 01:14

[DTakeMoney]

Here's the Norton thing about my infection.
Everything in the Details box is the same thing, all of them says "globalroot\systemroot\system32\uactoligappot.dell.

There was only 8ish affected files when I first got the infection (Didn't use Limewire at all during that time).

[miekiemoes]

Hmm,

This is strange. Combofix actually already deleted that file as you will see under the "deleted" part in your Combofix log, so not sure why Norton comes up with it again. Combofix doesn't list the presence of this infection anymore.
If this one was still present, you certainly would have noticed it.

Anyway, let's have a look anyway and delete it with a script, because I see there's an orphaned driver to delete as well there..

* Open notepad - don't use any other texteditor than notepad or the script will fail.
Copy/paste the text in the quotebox below into notepad:

Quote

Rootkit::
c:\windows\system32\UACaistsmlwbl.db
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjoeerdbfch.dat
c:\windows\system32\UACledplfxoyi.dll
c:\windows\system32\UACpktarrvxew.dll
c:\windows\system32\UACqibeklnbgr.dll
c:\windows\system32\UACtoligappot.dll
c:\windows\system32\UACvvrdomujhi.dll
c:\windows\system32\drivers\UACmsqtqskwpb.sys
Driver::
UACd.sys
wjysofqm

Save this as txtfile CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

[DTakeMoney]

Here you go.

ComboFix 09-08-10.06 - Dan 08/13/2009 10:38.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1327 [GMT -4:00]
Running from: c:\documents and settings\Dan\Desktop\abc.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_wjysofqm


((((((((((((((((((((((((( Files Created from 2009-07-13 to 2009-08-13 )))))))))))))))))))))))))))))))
.

2009-08-13 01:13 . 2004-08-03 23:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 00:20 . 2009-08-13 14:10 -------- d-----w- c:\documents and settings\Dan\Tracing
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Microsoft
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-13 00:15 . 2009-08-13 00:16 -------- d-----w- c:\program files\Windows Live
2009-08-13 00:13 . 2009-08-13 00:13 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-12 23:37 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG.SYS
2009-08-12 23:37 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX15.SYS
2009-08-12 23:37 . 2009-05-23 03:13 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\EECTRL.SYS
2009-08-12 23:37 . 2009-05-23 03:13 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ERASER.SYS
2009-08-12 23:37 . 2009-05-23 03:13 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVENG32.DLL
2009-08-12 23:37 . 2009-05-23 03:13 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\NAVEX32A.DLL
2009-08-12 23:37 . 2009-05-23 03:13 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\ECMSVR32.DLL
2009-08-12 23:37 . 2009-05-23 03:13 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090812.008\CCERASER.DLL
2009-08-12 18:19 . 2009-06-12 12:31 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-08-12 18:19 . 2009-06-12 12:31 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-08-12 18:19 . 2009-06-10 06:14 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-08-12 18:19 . 2009-06-10 14:13 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-08-12 18:19 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-08-12 18:19 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-12 18:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 05:39 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-12 05:39 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-12 05:39 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-12 05:39 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-12 05:39 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-11 04:21 . 2009-08-11 04:21 528088 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-08-11 03:50 . 2009-08-11 04:14 64597 ----a-w- c:\windows\War3Unin.dat
2009-08-11 03:50 . 2009-08-11 03:55 2829 ----a-w- c:\windows\War3Unin.pif
2009-08-11 03:50 . 2009-08-11 03:55 139264 ----a-w- c:\windows\War3Unin.exe
2009-08-11 03:42 . 2009-08-13 05:48 -------- d-----w- c:\program files\Warcraft III
2009-08-11 03:31 . 2007-08-30 12:00 244608 ----a-w- c:\windows\system32\drivers\c2scsi.sys
2009-08-11 03:21 . 2009-08-11 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-11 03:21 . 2009-08-11 15:37 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-11 02:46 . 2009-08-11 02:46 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-11 02:46 . 2009-08-11 03:26 -------- d-----w- c:\documents and settings\Dan\Application Data\DAEMON Tools Lite
2009-08-08 16:21 . 2009-08-08 16:21 -------- d-sh--w- C:\found.000
2009-08-07 18:04 . 2009-08-07 18:04 -------- d-s---w- C:\Combo-Fix
2009-08-07 06:26 . 2009-08-07 06:26 -------- d-----w- C:\381af0e9803ba69753
2009-08-07 06:25 . 2009-08-07 15:55 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-07 04:55 . 2009-08-07 04:55 -------- d-----w- c:\program files\Trend Micro
2009-08-07 04:54 . 2009-08-07 04:54 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 23:10 . 2009-08-05 23:10 -------- d-----w- c:\program files\Haali
2009-08-05 22:21 . 2009-08-12 23:23 -------- d-----w- C:\ConverterOutput
2009-08-05 22:21 . 2009-02-26 20:34 94650 ----a-w- c:\windows\system32\HKCU_GNU.reg
2009-08-05 22:21 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg
2009-08-05 22:21 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2009-08-05 22:21 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-08-05 22:21 . 2008-02-04 01:26 364544 ----a-w- c:\windows\system32\cdg.dll
2009-08-05 22:21 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll
2009-08-05 22:21 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2009-08-05 22:21 . 2009-08-05 22:21 -------- d-----w- c:\program files\Cucusoft
2009-08-05 21:36 . 2009-08-13 14:43 -------- d-----w- c:\documents and settings\Dan\Application Data\vlc
2009-08-05 21:35 . 2009-08-05 21:35 -------- d-----w- c:\program files\VideoLAN
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Temp
2009-08-05 19:03 . 2009-08-05 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-08-05 18:47 . 2009-08-05 18:47 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Real
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-05 18:46 . 2009-08-05 18:46 -------- d-----w- c:\program files\Real
2009-08-05 18:44 . 2009-08-05 18:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-08-02 06:32 . 2009-08-02 06:33 -------- d-----w- c:\documents and settings\Dan\Application Data\Antispyware
2009-08-02 02:35 . 2009-08-02 02:35 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2009-08-02 02:29 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 02:24 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 02:24 . 2009-08-02 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-01 23:38 . 2009-08-01 23:38 -------- d-----w- c:\documents and settings\Dan\DoctorWeb
2009-08-01 21:31 . 2009-08-07 04:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----r- c:\program files\Norton Support
2009-08-01 20:44 . 2009-08-01 20:44 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Symantec
2009-08-01 20:31 . 2009-08-02 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\13377654
2009-07-30 23:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 23:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 23:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 23:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 23:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-29 15:11 . 2009-06-29 16:23 17408 -c----w- c:\windows\system32\dllcache\corpol.dll
2009-07-22 05:51 . 2009-07-22 05:51 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Yahoo
2009-07-22 05:49 . 2009-08-09 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-15 18:32 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-15 18:32 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 14:45 . 2009-06-13 03:27 -------- d-----w- c:\documents and settings\Dan\Application Data\LimeWire
2009-08-13 14:45 . 2009-03-10 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-08-09 14:27 . 2009-04-03 21:29 -------- d-----w- c:\program files\Yahoo!
2009-08-08 21:17 . 2009-03-10 19:21 41264 ----a-w- c:\documents and settings\Dan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 18:47 . 2009-04-03 21:29 -------- d-----w- c:\program files\Common Files\Real
2009-08-05 18:44 . 2009-03-10 19:16 -------- d-----w- c:\program files\Google
2009-08-05 09:01 . 2004-08-03 23:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 21:03 . 2009-08-01 21:07 170818 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2009-07-18 04:28 . 2009-05-01 02:54 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus
2009-07-17 19:01 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:31 . 2009-07-17 01:16 28932 ----a-w- c:\windows\Fonts\Rmnce_fatal_Srif.ttf
2009-07-14 03:43 . 2007-06-24 07:41 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-11 03:49 . 2009-03-10 20:01 -------- d-----w- c:\documents and settings\Dan\Application Data\Vso
2009-07-10 22:50 . 2009-07-10 20:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Audacity
2009-07-08 19:14 . 2009-07-08 19:14 -------- d-----w- c:\program files\DivX
2009-06-29 16:23 . 2007-06-24 07:40 828928 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:23 . 2007-06-24 07:41 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:23 . 2007-06-24 07:41 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 21:51 . 2009-06-27 21:51 -------- d-----w- c:\program files\Linksys
2009-06-25 15:17 . 2009-03-10 19:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 18:37 . 2009-06-24 18:38 20044 ----a-w- c:\windows\Fonts\YolksEmoticons.otf
2009-06-24 00:40 . 2009-06-24 00:40 -------- d-----w- c:\documents and settings\Dan\Application Data\WindSolutions
2009-06-23 03:46 . 2009-06-23 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-23 03:45 . 2009-06-23 03:45 -------- d-----w- c:\program files\Pando Networks
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iTunes
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-19 18:59 . 2009-06-19 18:59 -------- d-----w- c:\program files\iPod
2009-06-19 18:59 . 2009-03-10 20:43 -------- d-----w- c:\program files\Common Files\Apple
2009-06-19 18:58 . 2009-03-10 20:14 -------- d-----w- c:\program files\Bonjour
2009-06-19 18:57 . 2009-06-19 18:57 -------- d-----w- c:\program files\QuickTime
2009-06-19 18:55 . 2009-03-10 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-19 18:52 . 2009-06-19 18:52 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-16 14:36 . 2007-06-24 07:40 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2007-06-24 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 03:25 . 2009-06-13 03:26 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-13 03:25 . 2009-06-13 03:25 152576 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
2009-06-12 17:01 . 2009-07-17 01:16 34156 ----a-w- c:\windows\Fonts\CaviarDreams_Bold.ttf
2009-06-12 17:01 . 2009-07-17 01:16 35124 ----a-w- c:\windows\Fonts\CaviarDreams.ttf
2009-06-12 12:31 . 2004-08-03 23:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-05-10 23:51 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-03 23:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2009-03-10 19:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2007-06-24 07:40 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 15:42 . 2009-06-19 18:55 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-03-10 20:43 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2007-06-24 07:39 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-23 03:13 . 2009-05-23 03:13 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-05-23 03:13 . 2009-05-23 03:13 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-23 03:13 . 2009-05-23 03:14 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-05-23 03:13 . 2009-05-23 03:13 136840 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-23 03:13 . 2009-05-23 03:13 1290592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-23 03:13 . 2009-05-23 03:13 796016 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-13_04.31.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_890.dat
+ 2009-08-13 14:45 . 2009-08-13 14:45 16384 c:\windows\Temp\Perflib_Perfdata_2cc.dat
+ 2009-08-13 14:44 . 2009-08-13 14:44 16384 c:\windows\Temp\Perflib_Perfdata_240.dat
+ 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-13 14:42 . 2009-08-13 14:42 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
+ 2009-08-13 14:42 . 2009-08-13 14:42 233472 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-13 14:42 . 2009-08-13 14:42 237568 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-13 14:42 . 2009-08-13 14:42 6942720 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"cdloader"="c:\documents and settings\Dan\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"HostManager"="c:\program files\Common Files\AOL\1236714453\ee\AOLSoftware.exe" [2008-11-06 41264]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-13 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-05 198160]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]

c:\documents and settings\Dan\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-5-22 139776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1236714453\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Dan\\My Documents\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58683:TCP"= 58683:TCP:Pando Media Booster
"58683:UDP"= 58683:UDP:Pando Media Booster
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/22/2009 11:13 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/22/2009 11:13 PM 258608]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [8/10/2009 11:31 PM 244608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/22/2009 11:13 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys [8/12/2009 1:39 AM 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/22/2009 11:13 PM 115560]
R2 WUSB300NSvc;WUSB300NSvc;c:\program files\Linksys\WUSB300N\WLService.exe [6/27/2009 5:51 PM 53307]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2009 12:33 PM 101936]
S2 gupdate1ca15fcb186a094;Google Update Service (gupdate1ca15fcb186a094);c:\program files\Google\Update\GoogleUpdate.exe [8/5/2009 2:43 PM 133104]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [8/14/2008 12:23 AM 1124848]
.
Contents of the 'Scheduled Tasks' folder

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]

2009-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-05 18:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4D0A481A-7155-498C-84D8-9CB84DEA237E} - hxxp://69.136.66.28:227/DVROcxEx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 10:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2328)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\documents and settings\Dan\Desktop\New Folder\a2service.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Linksys\WUSB300N\WUSB300N.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-13 10:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-13 14:51
ComboFix2.txt 2009-08-13 04:33
ComboFix3.txt 2009-08-07 16:42

Pre-Run: 73,029,353,472 bytes free
Post-Run: 72,913,727,488 bytes free

292 --- E O F --- 2009-08-13 01:14

[miekiemoes]

Hi,

According to the log, the infection is not present anymore either. Combofix didn't delete the big set of files we've added in the CFScript since they are not even present there. Combofix should actually show and delete them already though (as you've noticed in the first post).
So not sure why Norton is still flagging them, but that could be a glitch as well.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Then perform a full scan with norton afterwards.

[DTakeMoney]

Done. A full Nortan scan came up with just a tracking cookie; not the metajuan. I'm still getting the popups even after that. So I guess it is a glitch. =] I just remembered I read something a weekish ago about someone having the same Norton Pop Ups and I think they said it was just a glitch too. I guess that's it then, thanks ALOT for the saving my computer, miekiemoes!

[miekiemoes]

Glad I could help.

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!

[miekiemoes]

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.