Not good.. I'm afraid the worst.. Lets do this first...


Please download Dr.Web CureIt to the Desktop:

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
• Click the green arrow button at the right, and the scan will start.
• After the scan finished, click Select all
• Click on Cure and choose Move incurable
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your Desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

NEXT


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..


Make sure you run Dr.Web CureIt first, only after that you run ComboFix


Post these logs in your next reply..

1. Dr.Web CureIt
2. ComboFix

Here is the Web Cureit log:

winlognn.exe;c:\documents and settings\ronaldo garces\local settings\temp;Trojan.DownLoad.29328;Deleted.;
hsfd83jfdg.dll;c:\windows\system32;Trojan.DownLoad.28089;Deleted.;
inst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Probably BACKDOOR.Trojan;Incurable.Moved.;
ocpinst.exe\data529;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3\ocpinst.exe;Probably BACKDOOR.Trojan;;
ocpinst.exe;C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install_6.0.28.3;Archive contains infected objects;Moved.;
Combo-Fix.exe/data002\32788R22FWJFW\c.bat;C:\Documents and Settings\Ronaldo Garces\Desktop\Combo-Fix.exe/data002;Probably BATCH.Virus;;
Combo-Fix.exe/data002\32788R22FWJFW\psexec.cfexe;C:\Documents and Settings\Ronaldo Garces\Desktop\Combo-Fix.exe/data002;Program.PsExec.171;;
data002;C:\Documents and Settings\Ronaldo Garces\Desktop;Archive contains infected objects;;
Combo-Fix.exe;C:\Documents and Settings\Ronaldo Garces\Desktop;Container contains infected objects;Moved.;
AcrC19D.tmp\stream00001;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\AcrC19D.tmp;Exploit.PDF.50;;
AcrC19D.tmp\stream00002;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\AcrC19D.tmp;Exploit.PDF.32;;
AcrC19D.tmp;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Container contains infected objects;Moved.;
bbmet5.exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Trojan.DownLoad.28638;Deleted.;
mfsdatt.exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Trojan.DownLoad.26863;Deleted.;
mir12g.exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Adware.Mirarbar.33;Incurable.Moved.;
Mirar_V55_876969_LOG_IESC_AFF_ATD_TID_noMDNS_RPT_AVM.exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Win32.HLLW.Dabber.27;Deleted.;
mit82F7.tmp\Mirar_V55_876969_LOG_IESC_AFF_ATD_TID_noMDNS_RPT_AVM.exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\mit82F7.tmp;Win32.HLLW.Dabber.27;;
mit82F7.tmp;C:\Documents and Settings\Ronaldo Garces\Local Settings\temp;Archive contains infected objects;Moved.;
bbmet5[1].exe;C:\Documents and Settings\Ronaldo Garces\Local Settings\Temporary Internet Files\Content.IE5\2S0GELWG;Trojan.DownLoad.28638;Deleted.;
OfotoNow.exe;C:\Program Files\Ofoto\OfotoNow;Probably WIN.WORM.Virus;Incurable.Moved.;
EarthLink Setup.msi/stream001\uninstll.exe;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe/Windows\access\EarthLink Setup.msi/stream001;Probably STPAGE.Trojan;;
stream001;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe/Windows\access;Archive contains infected objects;;
\Windows\access\EarthLink Setup.msi;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe/Windows\access;Archive contains infected objects;;
EarthLink Setup.exe;C:\Program Files\Online Services\EarthLink;Archive contains infected objects;Moved.;
A0241955.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP889;Trojan.DownLoad.12946;Deleted.;
A0241956.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP889;Trojan.DownLoad.12946;Deleted.;
A0241957.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP889;Trojan.DownLoad.12946;Deleted.;
A0265613.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP901;Trojan.DownLoad.12946;Deleted.;
A0291380.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP902;Trojan.DownLoad.12946;Deleted.;
A0291381.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP902;Trojan.DownLoad.12946;Deleted.;
A0291382.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP902;Trojan.DownLoad.12946;Deleted.;
A0292540.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP906;Trojan.Packed.412;Deleted.;
A0300979.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911\A0300979.exe/data002;Probably BATCH.Virus;;
A0300979.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911\A0300979.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Archive contains infected objects;;
A0300979.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Container contains infected objects;Moved.;
A0300992.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Probably BATCH.Virus;Incurable.Moved.;
A0301051.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Inject.5302;Deleted.;
A0301054.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301055.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Siggen.568;Deleted.;
A0301056.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Siggen.568;Deleted.;
A0301057.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1615;Deleted.;
A0301060.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.77;Deleted.;
A0301061.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301062.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301063.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301064.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.DownLoad.12946;Deleted.;
A0301065.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.based.11;Incurable.Moved.;
A0301066.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.DownLoad.12946;Deleted.;
A0301067.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Packed.412;Deleted.;
A0301068.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301069.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301070.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1628;Deleted.;
A0301071.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1615;Deleted.;
A0301072.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301073.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Siggen.568;Deleted.;
A0301074.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301075.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301076.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Packed.412;Deleted.;
A0301077.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Packed.412;Deleted.;
A0301078.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301079.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301080.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Packed.412;Deleted.;
A0301081.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Siggen.568;Deleted.;
A0301082.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301083.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.77;Deleted.;
A0301084.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1459;Deleted.;
A0301085.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Probably Trojan.Packed.228;Incurable.Moved.;
A0301086.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Packed.412;Deleted.;
A0301087.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.DownLoad.12946;Deleted.;
A0301088.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Virtumod.1615;Deleted.;
A0301089.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Trojan.Juan.80;Deleted.;
A0301102.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP911;Probably BATCH.Virus;Incurable.Moved.;
A0301117.EXE;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP912;Program.PsExec.170;Incurable.Moved.;
A0301261.exe/data002\32788R22FWJFW\c.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP913\A0301261.exe/data002;Probably BATCH.Virus;;
A0301261.exe/data002\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP913\A0301261.exe/data002;Program.PsExec.171;;
data002;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP913;Archive contains infected objects;;
A0301261.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP913;Container contains infected objects;Moved.;
A0301269.bat;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP913;Probably BATCH.Virus;Incurable.Moved.;
A0301331.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP914;Trojan.Siggen.568;Deleted.;
A0301332.dll;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP914;Trojan.Virtumod.1569;Deleted.;
dibanemo.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
hoselozu.dll.tmp;C:\WINDOWS\system32;Trojan.Virtumod.1461;Deleted.;
juyodufu.dll.tmp;C:\WINDOWS\system32;Trojan.Virtumod.1461;Deleted.;
muzekuzo.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
OfotoNow.scr;C:\WINDOWS\system32;Probably WIN.WORM.Virus;Incurable.Moved.;
pukubola.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
tazofehu.dll.tmp;C:\WINDOWS\system32;Trojan.Virtumod.1461;Deleted.;
temomelo.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
tesotiti.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;
wanohoke.dll.tmp;C:\WINDOWS\system32;Trojan.DownLoad.12946;Deleted.;


And here is the Combo Fix log:

ComboFix 09-02-15.01 - Ronaldo Garces 2009-02-16 15:44:50.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.117 [GMT -5:00]
Running from: c:\documents and settings\Ronaldo Garces\Desktop\ComboFix.exe.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\windows\kernel32.exe
c:\windows\system32.exe
c:\windows\system32\drivers\UACdbipyalc.sys
c:\windows\system32\UACcmnbytex.dat
c:\windows\system32\UACdyxejnti.log
c:\windows\system32\UACgchlouob.dll
c:\windows\system32\UACgothqpcx.log
c:\windows\system32\UACimavbnma.dll
c:\windows\system32\UACqolemrdk.log
c:\windows\system32\UACrfqquwpd.dll
c:\windows\system32\UACvuyexwie.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-01-16 to 2009-02-16 )))))))))))))))))))))))))))))))
.

2009-02-16 15:35 . 2009-02-16 15:35 <DIR> d-------- C:\32788R22FWJFW
2009-02-16 10:26 . 2009-02-16 10:39 <DIR> d-------- c:\documents and settings\Ronaldo Garces\DoctorWeb
2009-02-16 08:20 . 2009-02-16 08:20 <DIR> d-------- C:\rsit
2009-02-12 23:39 . 2009-02-12 23:39 79,360 --a------ c:\windows\system32\UACmfdudxlg.dll
2009-02-12 23:39 . 2009-02-12 23:39 5,189 --a------ c:\windows\system32\uacinit.dll
2009-02-11 23:17 . 2009-02-12 00:49 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-11 23:10 . 2009-02-11 23:10 <DIR> d-------- c:\program files\CleanUp!
2009-02-07 15:47 . 2009-02-07 15:47 <DIR> d-------- c:\program files\ERUNT
2009-02-05 23:31 . 2009-02-05 23:31 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-16 20:44 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-16 05:00 --------- d-----w c:\program files\Yahoo!
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2006-02-25 05:33 57,304 -c--a-w c:\documents and settings\Ronaldo Garces\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 22:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-09 22:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-09 22:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-09 22:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-09 22:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-02 124232]
"AV-Update-9"="c:\program files\Symantec AntiVirus\vpdn_lu.exe" [2004-08-02 79176]
"LiveUpdate Runner"="c:\program files\LiveUpdate Runner\GSB_NAV_LU.exe" [2004-10-14 290816]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunServer"="c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 290816]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\Ronaldo Garces\Start Menu\Programs\Startup\
Shortcut to wofi.exe.lnk - c:\program files\WoFi\wofi.exe [2004-11-08 1515585]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-01 57344]
SlimServer Tray Tool.lnk - c:\program files\SlimServer\SlimTray.exe [2006-04-25 1183813]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
none [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-05-29 13:01 118784 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-08-02 173392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1c05e84-93e4-11db-b0b8-0012f05e1fbf}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Ronaldo Garces\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-16 15:52:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
Completion time: 2009-02-16 15:56:27
ComboFix-quarantined-files.txt 2009-02-16 20:56:09

Pre-Run: 11,727,118,336 bytes free
Post-Run: 11,726,286,848 bytes free

178 --- E O F --- 2009-02-11 07:01:06

and hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:15 PM, on 2/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\LiveUpdate Runner\GSB_NAV_LU.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\WoFi\wofi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\SlimServer\server\slim.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AV-Update-9] "C:\Program Files\Symantec AntiVirus\vpdn_lu.exe" /s
O4 - HKLM\..\Run: [LiveUpdate Runner] "C:\Program Files\LiveUpdate Runner\GSB_NAV_LU.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Shortcut to wofi.exe.lnk = C:\Program Files\WoFi\wofi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134596730281
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10528 bytes

Did you download anything recently?.. The computer just got another rootkit.. Seriously, the only way I can think the computer get reinfected is if you download something via either P2P or at warez/cracksites..


1. Please open Notepad

• Click Start, then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

Really odd. I haven't downloaded anything since starting this diagnostic process except for the applications in this forum. I will run your latest instructions and post the logs.

Ok... waiting for the logs

Alrighty, here is the ComboFix log:

ComboFix 09-02-15.01 - Ronaldo Garces 2009-02-17 20:16:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.217 [GMT -5:00]
Running from: c:\documents and settings\Ronaldo Garces\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Ronaldo Garces\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmfdudxlg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\uacinit.dll
c:\windows\system32\UACmfdudxlg.dll

.
((((((((((((((((((((((((( Files Created from 2009-01-18 to 2009-02-18 )))))))))))))))))))))))))))))))
.

2009-02-16 10:26 . 2009-02-16 10:39 <DIR> d-------- c:\documents and settings\Ronaldo Garces\DoctorWeb
2009-02-16 08:20 . 2009-02-16 08:20 <DIR> d-------- C:\rsit
2009-02-11 23:17 . 2009-02-12 00:49 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-11 23:10 . 2009-02-11 23:10 <DIR> d-------- c:\program files\CleanUp!
2009-02-07 15:47 . 2009-02-07 15:47 <DIR> d-------- c:\program files\ERUNT
2009-02-05 23:31 . 2009-02-05 23:31 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-18 01:25 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-16 05:00 --------- d-----w c:\program files\Yahoo!
2006-02-25 05:33 57,304 -c--a-w c:\documents and settings\Ronaldo Garces\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 22:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-09 22:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-09 22:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-09 22:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-09 22:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-02-16_15.54.20.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-13 04:43:14 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
+ 2009-02-18 01:23:50 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
- 2009-02-13 04:42:50 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
+ 2009-02-18 01:23:15 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
- 2009-02-13 04:42:48 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
+ 2009-02-18 01:23:14 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
- 2009-02-13 04:42:10 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
+ 2009-02-18 01:23:03 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
- 2009-02-13 04:43:17 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
+ 2009-02-18 01:23:52 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
- 2009-02-13 04:43:17 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
+ 2009-02-18 01:23:52 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
- 2009-02-13 04:43:14 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
+ 2009-02-18 01:23:49 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
- 2009-02-13 04:43:19 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
+ 2009-02-18 01:23:56 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
- 2009-02-13 04:42:28 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
+ 2009-02-18 01:23:10 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
- 2009-02-13 04:42:21 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
+ 2009-02-18 01:23:09 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
- 2009-02-13 04:42:58 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
+ 2009-02-18 01:23:21 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
- 2009-02-13 04:42:53 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
+ 2009-02-18 01:23:17 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
- 2009-02-13 04:43:20 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
+ 2009-02-18 01:23:58 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
- 2009-02-13 04:43:19 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
+ 2009-02-18 01:23:57 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
- 2009-02-13 04:43:20 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
+ 2009-02-18 01:23:58 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
- 2009-02-13 04:42:52 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
+ 2009-02-18 01:23:16 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
- 2009-02-13 04:43:20 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
+ 2009-02-18 01:23:59 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
- 2009-02-13 04:42:32 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
+ 2009-02-18 01:23:10 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
- 2009-02-13 04:43:02 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
+ 2009-02-18 01:23:28 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
- 2009-02-13 04:43:19 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
+ 2009-02-18 01:23:56 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
- 2009-02-13 04:42:30 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
+ 2009-02-18 01:23:10 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
- 2009-02-13 04:42:50 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
+ 2009-02-18 01:23:15 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
- 2009-02-13 04:43:09 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
+ 2009-02-18 01:23:45 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
- 2009-02-13 04:42:40 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
+ 2009-02-18 01:23:12 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
- 2009-02-13 04:43:17 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
+ 2009-02-18 01:23:53 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
- 2009-02-13 04:42:24 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
+ 2009-02-18 01:23:09 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
- 2009-02-13 04:43:15 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
+ 2009-02-18 01:23:51 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
- 2009-02-13 04:42:26 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
+ 2009-02-18 01:23:10 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
- 2009-02-13 04:42:56 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
+ 2009-02-18 01:23:19 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
- 2009-02-13 04:43:12 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
+ 2009-02-18 01:23:48 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
- 2009-02-13 04:42:55 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
+ 2009-02-18 01:23:18 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
- 2009-02-13 04:43:08 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
+ 2009-02-18 01:23:43 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
- 2009-02-13 04:43:07 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
+ 2009-02-18 01:23:41 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
- 2009-02-13 04:43:05 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
+ 2009-02-18 01:23:37 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
- 2009-02-13 04:43:16 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
+ 2009-02-18 01:23:51 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
- 2009-02-13 04:43:30 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
+ 2009-02-18 01:24:29 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
- 2009-02-13 04:43:04 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
+ 2009-02-18 01:23:36 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-02 124232]
"AV-Update-9"="c:\program files\Symantec AntiVirus\vpdn_lu.exe" [2004-08-02 79176]
"LiveUpdate Runner"="c:\program files\LiveUpdate Runner\GSB_NAV_LU.exe" [2004-10-14 290816]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunServer"="c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 290816]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\Ronaldo Garces\Start Menu\Programs\Startup\
Shortcut to wofi.exe.lnk - c:\program files\WoFi\wofi.exe [2004-11-08 1515585]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-01 57344]
SlimServer Tray Tool.lnk - c:\program files\SlimServer\SlimTray.exe [2006-04-25 1183813]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
none [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-05-29 13:01 118784 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-08-02 173392]


--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - AudioSrv
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - DefWatch
*Deregistered* - Dhcp
*Deregistered* - dmserver
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - hpqwmi
*Deregistered* - HTTP
*Deregistered* - iGateway
*Deregistered* - ImapiService
*Deregistered* - InoRPC
*Deregistered* - InoTask
*Deregistered* - IpNat
*Deregistered* - iPod Service
*Deregistered* - IPSec
*Deregistered* - ITMRTSVC
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - PCIIde
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SbcpHid
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - Serial
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - slimsvc
*Deregistered* - SoundMAX Agent Service (default)
*Deregistered* - Spooler
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - swenum
*Deregistered* - Symantec AntiVirus
*Deregistered* - SymEvent
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - VgaSave
*Deregistered* - ViaIde
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1c05e84-93e4-11db-b0b8-0012f05e1fbf}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Ronaldo Garces\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-17 20:25:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\program files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
c:\program files\SlimServer\server\slim.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\CA\eTrustITM\Ppcl.exe
c:\program files\CA\eTrustITM\Ppcl.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\ApntEx.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\progra~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-02-17 20:34:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-18 01:34:46
ComboFix2.txt 2009-02-16 20:56:30

Pre-Run: 11,807,870,976 bytes free
Post-Run: 11,793,981,440 bytes free

374 --- E O F --- 2009-02-11 07:01:06


And the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:26 PM, on 2/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
C:\Program Files\SlimServer\server\slim.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\Program Files\CA\eTrustITM\ppcl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\LiveUpdate Runner\GSB_NAV_LU.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Program Files\SlimServer\SlimTray.exe
C:\Program Files\WoFi\wofi.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\SLIMSE~1\server\Bin\MSWIN3~1\mysqld.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AV-Update-9] "C:\Program Files\Symantec AntiVirus\vpdn_lu.exe" /s
O4 - HKLM\..\Run: [LiveUpdate Runner] "C:\Program Files\LiveUpdate Runner\GSB_NAV_LU.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Shortcut to wofi.exe.lnk = C:\Program Files\WoFi\wofi.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O4 - Global Startup: SlimServer Tray Tool.lnk = C:\Program Files\SlimServer\SlimTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134596730281
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SlimServer (slimsvc) - Unknown owner - C:\Program Files\SlimServer\server\slim.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 10496 bytes

Please download CleanUp! by stevengould.org and save it to your Desktop.

• Double-click CleanUp452.exe and install CleanUp! to your computer
• Open CleanUp! and click on Options.. button.
• Under General tab, choose Standard CleanUp! and then click Ok
• Click on the CleanUp! button. When it asked you to logoff Windows, click on Yes
• Let your Windows rebooted (or do it manually) and continue with the next step

NEXT


Please download the OTMoveIt3 by OldTimer

• Save it to your Desktop.
• Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
• Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)
  
  
  CODE
  :processes
  explorer.exe
  
  :services
  
  :files
  
  :reg
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]
  [reboot]
  
  
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




NEXT


Please download SystemLook from jpshortstuff and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Double-click the SystemLook and copy/paste the following into the box
  
  CODE
  :dir
  c:\windows\temp\pdk-SYSTEM /s
• Hit the Look button. Let it finish the scan
• A log will then pop-up to your Desktop.. Post the content of the log here in your next reply

Post these logs in your next reply...

1. OTMoveIt3
2. SystemLook

This post has been edited by fenzodahl512: Feb 17 2009, 11:06 PM

OK, here is my OT Move It log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DFE50A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET3128.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02182009_202249

Files moved on Reboot...
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll not found!
File C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll not found!
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DFE50A.tmp moved successfully.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat not found!
File C:\WINDOWS\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll not found!
File C:\WINDOWS\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll not found!
File C:\WINDOWS\temp\ib2 not found!
File C:\WINDOWS\temp\ib3 not found!
File C:\WINDOWS\temp\ib4 not found!
File C:\WINDOWS\temp\ib5 not found!
File C:\WINDOWS\temp\ib6 not found!
File C:\WINDOWS\temp\JET3128.tmp not found!
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\XUL.mfl moved successfully.


And here is the System Look log:

SystemLook v1.0 by jpshortstuff (11.02.09)
Log created at 20:33 on 18/02/2009 by Ronaldo Garces (Administrator - Elevation successful)

========== dir ==========

c:\windows\temp\pdk-SYSTEM - Parameters: "/s"

---Files---
0a6b9f23e356336cc61530f586d0c66a.dll -ra--- 20585 bytes <01:29 19/02/2009> <01:29 19/02/2009>
12913763d8b9f06d2ca82771fcb306f1.dll -ra--- 36947 bytes <01:28 19/02/2009> <01:28 19/02/2009>
14f8cfecb15e1c87916789ed739489ff.dll -ra--- 135270 bytes <01:28 19/02/2009> <01:28 19/02/2009>
1ff4eae997b1753d848dbbc61d1b4345.dll -ra--- 28787 bytes <01:29 19/02/2009> <01:29 19/02/2009>
2758cf0ee5bce4a7e7d6d67fdef35a5c.dll -ra--- 28789 bytes <01:29 19/02/2009> <01:29 19/02/2009>
28346940eba36fc46322570b50d2b195.dll -ra--- 24674 bytes <01:29 19/02/2009> <01:29 19/02/2009>
31aa023220b46a62dd91739a3bf1cad4.dll -ra--- 36981 bytes <01:29 19/02/2009> <01:29 19/02/2009>
3e6257c5b8794b602831302202435191.dll -ra--- 24676 bytes <01:28 19/02/2009> <01:28 19/02/2009>
42db37dadb779dbfc5da8bdd7ec61c52.dll -ra--- 20571 bytes <01:28 19/02/2009> <01:28 19/02/2009>
44abde5de65f3f034faac2c132713018.dll -ra--- 24671 bytes <01:28 19/02/2009> <01:28 19/02/2009>
514f58c7649fa1fe7afd0239e90bf91d.dll -ra--- 28753 bytes <01:28 19/02/2009> <01:28 19/02/2009>
563d7ead40b59c49009856a0b10f2014.dll -ra--- 41057 bytes <01:29 19/02/2009> <01:29 19/02/2009>
65ee15dd41d41d736095c39cfb2dabf4.dll -ra--- 24678 bytes <01:29 19/02/2009> <01:29 19/02/2009>
68db54950c135a8a2cde3d852ea088a7.dll -ra--- 24675 bytes <01:29 19/02/2009> <01:29 19/02/2009>
6ecc81286663495601d2499da7def595.dll -ra--- 90197 bytes <01:28 19/02/2009> <01:28 19/02/2009>
6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll -ra--- 28789 bytes <01:29 19/02/2009> <01:29 19/02/2009>
74e6ec5afd643b837bcbd5fe1b782d14.dll -ra--- 28770 bytes <01:28 19/02/2009> <01:28 19/02/2009>
7718c08cc46695fc3fef36d1131eac8d.dll -ra--- 819261 bytes <01:28 19/02/2009> <01:28 19/02/2009>
7aace6f21e4c397996b145b7fd777643.dll -ra--- 77941 bytes <01:29 19/02/2009> <01:29 19/02/2009>
83825bab2f1245392ffe1ddd2c76e79a.dll -ra--- 94273 bytes <01:28 19/02/2009> <01:28 19/02/2009>
89f4ac43ba2b792785d9d472365e562b.dll -ra--- 24665 bytes <01:28 19/02/2009> <01:28 19/02/2009>
8bdc4ac58d38d74758621bae60c442dd.dll -ra--- 90219 bytes <01:28 19/02/2009> <01:28 19/02/2009>
a507fccf2be25b878761a66bf411c201.dll -ra--- 1040497 bytes <01:28 19/02/2009> <01:28 19/02/2009>
a82e393a53225f1b0dc6684e29bca26e.dll -ra--- 61541 bytes <01:29 19/02/2009> <01:29 19/02/2009>
a9c7de63b69d830a701d23bbc35654dd.dll -ra--- 77919 bytes <01:28 19/02/2009> <01:28 19/02/2009>
ad76515ff4d1de346e3888790190a3c0.dll -ra--- 32879 bytes <01:29 19/02/2009> <01:29 19/02/2009>
b2774d247dfbf0abe8539e577ee59b4c.dll -ra--- 28767 bytes <01:28 19/02/2009> <01:28 19/02/2009>
c0c390c1bbdeadf59743dcdb575dca53.dll -ra--- 94295 bytes <01:28 19/02/2009> <01:28 19/02/2009>
c81819cb5f049996acebd0d8a2373cbd.dll -ra--- 110692 bytes <01:29 19/02/2009> <01:29 19/02/2009>
c92f1c7d4396f53f4c5d352e2bd8c9a9.dll -ra--- 131149 bytes <01:28 19/02/2009> <01:28 19/02/2009>
ca6e90333b4a1d9ff7897185a9c2159a.dll -ra--- 24682 bytes <01:28 19/02/2009> <01:28 19/02/2009>
ce0c35d75c9f9a78bae922a7136085a3.dll -ra--- 32865 bytes <01:28 19/02/2009> <01:28 19/02/2009>
d0cf1a27febe069dbf6359c284848111.dll -ra--- 28769 bytes <01:28 19/02/2009> <01:28 19/02/2009>
ddcaac9d951e32b0a08117ff42c97079.dll -ra--- 20589 bytes <01:29 19/02/2009> <01:29 19/02/2009>
f664af759eb93584084bc5e436e46e61.dll -ra--- 28762 bytes <01:29 19/02/2009> <01:29 19/02/2009>
fa142febd5dc53f93f911452e1a99387.dll -ra--- 20567 bytes <01:28 19/02/2009> <01:28 19/02/2009>

c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471 d----- <01:23 18/02/2009>
perl58.dll --a--- 815185 bytes <01:28 19/02/2009> <01:28 19/02/2009>

-=End Of File=-

Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..





Run ComboFix again.. Post this logs in your next reply..

1. OTMoveIt3
2. ComboFix

Here is the OT Move It log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471 moved successfully.
c:\windows\temp\pdk-SYSTEM moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DFAA50.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET35D6.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\BE4A3748d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_072003

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd\perl58.dll moved successfully.
DllUnregisterServer procedure not found in C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471\perl58.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\117d3aaf4322a6ccc33f76a6e6b653d3.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\142bb4575df50c1c930ea782eb4c52ae.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\14456e6df7b2701dfc6d55fdae80d6ee.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\15be97064bc9efd17699a21cfeb9e309.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6663c3c4fa483f87efaa4a86843cd68f.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\6d9847c0e2475f4d9da0541dc15518df.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\91529c3bec1cab760c922dfcf922751e.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\b1ef31ab16378a4b392b3d07f25c074a.dll moved successfully.
LoadLibrary failed for C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll NOT unregistered.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\pdk-Ronaldo Garces\c2e588ce38dbdcdab31a4bde64cd506c.dll moved successfully.
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DFAA50.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib5 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\ib6 scheduled to be moved on reboot.
C:\WINDOWS\temp\JET35D6.tmp moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\BE4A3748d01 moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ moved successfully.

And the Combo Fix log:

ComboFix 09-02-15.01 - Ronaldo Garces 2009-02-19 7:36:49.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.86 [GMT -5:00]
Running from: c:\documents and settings\Ronaldo Garces\Desktop\ComboFix.exe.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-18 20:22 . 2009-02-18 20:22 <DIR> d-------- C:\_OTMoveIt
2009-02-16 10:26 . 2009-02-16 10:39 <DIR> d-------- c:\documents and settings\Ronaldo Garces\DoctorWeb
2009-02-16 08:20 . 2009-02-16 08:20 <DIR> d-------- C:\rsit
2009-02-11 23:17 . 2009-02-12 00:49 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-02-11 23:10 . 2009-02-18 20:11 <DIR> d-------- c:\program files\CleanUp!
2009-02-07 15:47 . 2009-02-07 15:47 <DIR> d-------- c:\program files\ERUNT
2009-02-05 23:31 . 2009-02-05 23:31 <DIR> d-------- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 12:35 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-16 05:00 --------- d-----w c:\program files\Yahoo!
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2006-02-25 05:33 57,304 -c--a-w c:\documents and settings\Ronaldo Garces\Application Data\GDIPFONTCACHEV1.DAT
2008-11-09 22:57 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-11-09 22:57 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-11-09 22:57 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-11-09 22:57 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-11-09 22:57 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-08-20 23:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082020080821\index.dat
.

((((((((((((((((((((((((((((( SnapShot_2009-02-17_20.33.19.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-17 12:36:55 414,264 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-02-19 12:22:12 414,264 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2009-02-18 01:23:50 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
+ 2009-02-19 12:23:03 20,585 ----a-w c:\windows\temp\pdk-SYSTEM\0a6b9f23e356336cc61530f586d0c66a.dll
- 2009-02-18 01:23:15 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
+ 2009-02-19 12:22:56 36,947 ----a-w c:\windows\temp\pdk-SYSTEM\12913763d8b9f06d2ca82771fcb306f1.dll
- 2009-02-18 01:23:14 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
+ 2009-02-19 12:22:55 135,270 ----a-w c:\windows\temp\pdk-SYSTEM\14f8cfecb15e1c87916789ed739489ff.dll
- 2009-02-18 01:23:03 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
+ 2009-02-19 12:22:44 815,185 ----a-w c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471\perl58.dll
- 2009-02-18 01:23:52 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
+ 2009-02-19 12:23:04 28,787 ----a-w c:\windows\temp\pdk-SYSTEM\1ff4eae997b1753d848dbbc61d1b4345.dll
- 2009-02-18 01:23:52 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
+ 2009-02-19 12:23:05 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\2758cf0ee5bce4a7e7d6d67fdef35a5c.dll
- 2009-02-18 01:23:49 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
+ 2009-02-19 12:23:03 24,674 ----a-w c:\windows\temp\pdk-SYSTEM\28346940eba36fc46322570b50d2b195.dll
- 2009-02-18 01:23:56 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
+ 2009-02-19 12:23:06 36,981 ----a-w c:\windows\temp\pdk-SYSTEM\31aa023220b46a62dd91739a3bf1cad4.dll
- 2009-02-18 01:23:10 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
+ 2009-02-19 12:22:49 24,676 ----a-w c:\windows\temp\pdk-SYSTEM\3e6257c5b8794b602831302202435191.dll
- 2009-02-18 01:23:09 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
+ 2009-02-19 12:22:47 20,571 ----a-w c:\windows\temp\pdk-SYSTEM\42db37dadb779dbfc5da8bdd7ec61c52.dll
- 2009-02-18 01:23:21 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
+ 2009-02-19 12:22:59 24,671 ----a-w c:\windows\temp\pdk-SYSTEM\44abde5de65f3f034faac2c132713018.dll
- 2009-02-18 01:23:17 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
+ 2009-02-19 12:22:57 28,753 ----a-w c:\windows\temp\pdk-SYSTEM\514f58c7649fa1fe7afd0239e90bf91d.dll
- 2009-02-18 01:23:58 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
+ 2009-02-19 12:23:07 41,057 ----a-w c:\windows\temp\pdk-SYSTEM\563d7ead40b59c49009856a0b10f2014.dll
- 2009-02-18 01:23:57 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
+ 2009-02-19 12:23:06 24,678 ----a-w c:\windows\temp\pdk-SYSTEM\65ee15dd41d41d736095c39cfb2dabf4.dll
- 2009-02-18 01:23:58 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
+ 2009-02-19 12:23:06 24,675 ----a-w c:\windows\temp\pdk-SYSTEM\68db54950c135a8a2cde3d852ea088a7.dll
- 2009-02-18 01:23:16 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
+ 2009-02-19 12:22:57 90,197 ----a-w c:\windows\temp\pdk-SYSTEM\6ecc81286663495601d2499da7def595.dll
- 2009-02-18 01:23:59 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
+ 2009-02-19 12:23:07 28,789 ----a-w c:\windows\temp\pdk-SYSTEM\6ff5ba62c2c8ffbb41cd01ca7bd320b9.dll
- 2009-02-18 01:23:10 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
+ 2009-02-19 12:22:50 28,770 ----a-w c:\windows\temp\pdk-SYSTEM\74e6ec5afd643b837bcbd5fe1b782d14.dll
- 2009-02-18 01:23:28 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
+ 2009-02-19 12:23:00 819,261 ----a-w c:\windows\temp\pdk-SYSTEM\7718c08cc46695fc3fef36d1131eac8d.dll
- 2009-02-18 01:23:56 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
+ 2009-02-19 12:23:06 77,941 ----a-w c:\windows\temp\pdk-SYSTEM\7aace6f21e4c397996b145b7fd777643.dll
- 2009-02-18 01:23:10 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
+ 2009-02-19 12:22:50 94,273 ----a-w c:\windows\temp\pdk-SYSTEM\83825bab2f1245392ffe1ddd2c76e79a.dll
- 2009-02-18 01:23:15 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
+ 2009-02-19 12:22:56 24,665 ----a-w c:\windows\temp\pdk-SYSTEM\89f4ac43ba2b792785d9d472365e562b.dll
- 2009-02-18 01:23:45 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
+ 2009-02-19 12:23:02 90,219 ----a-w c:\windows\temp\pdk-SYSTEM\8bdc4ac58d38d74758621bae60c442dd.dll
- 2009-02-18 01:23:12 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
+ 2009-02-19 12:22:52 1,040,497 ----a-w c:\windows\temp\pdk-SYSTEM\a507fccf2be25b878761a66bf411c201.dll
- 2009-02-18 01:23:53 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
+ 2009-02-19 12:23:05 61,541 ----a-w c:\windows\temp\pdk-SYSTEM\a82e393a53225f1b0dc6684e29bca26e.dll
- 2009-02-18 01:23:09 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
+ 2009-02-19 12:22:48 77,919 ----a-w c:\windows\temp\pdk-SYSTEM\a9c7de63b69d830a701d23bbc35654dd.dll
- 2009-02-18 01:23:51 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
+ 2009-02-19 12:23:04 32,879 ----a-w c:\windows\temp\pdk-SYSTEM\ad76515ff4d1de346e3888790190a3c0.dll
- 2009-02-18 01:23:10 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
+ 2009-02-19 12:22:48 28,767 ----a-w c:\windows\temp\pdk-SYSTEM\b2774d247dfbf0abe8539e577ee59b4c.dll
- 2009-02-18 01:23:19 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
+ 2009-02-19 12:22:59 94,295 ----a-w c:\windows\temp\pdk-SYSTEM\c0c390c1bbdeadf59743dcdb575dca53.dll
- 2009-02-18 01:23:48 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
+ 2009-02-19 12:23:03 110,692 ----a-w c:\windows\temp\pdk-SYSTEM\c81819cb5f049996acebd0d8a2373cbd.dll
- 2009-02-18 01:23:18 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
+ 2009-02-19 12:22:58 131,149 ----a-w c:\windows\temp\pdk-SYSTEM\c92f1c7d4396f53f4c5d352e2bd8c9a9.dll
- 2009-02-18 01:23:43 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
+ 2009-02-19 12:23:02 24,682 ----a-w c:\windows\temp\pdk-SYSTEM\ca6e90333b4a1d9ff7897185a9c2159a.dll
- 2009-02-18 01:23:41 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
+ 2009-02-19 12:23:02 32,865 ----a-w c:\windows\temp\pdk-SYSTEM\ce0c35d75c9f9a78bae922a7136085a3.dll
- 2009-02-18 01:23:37 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
+ 2009-02-19 12:23:01 28,769 ----a-w c:\windows\temp\pdk-SYSTEM\d0cf1a27febe069dbf6359c284848111.dll
- 2009-02-18 01:23:51 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
+ 2009-02-19 12:23:04 20,589 ----a-w c:\windows\temp\pdk-SYSTEM\ddcaac9d951e32b0a08117ff42c97079.dll
- 2009-02-18 01:24:29 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
+ 2009-02-19 12:23:18 28,762 ----a-w c:\windows\temp\pdk-SYSTEM\f664af759eb93584084bc5e436e46e61.dll
- 2009-02-18 01:23:36 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
+ 2009-02-19 12:23:01 20,567 ----a-w c:\windows\temp\pdk-SYSTEM\fa142febd5dc53f93f911452e1a99387.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 4662776]
"OfotoNow USB Detection"="c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-11-23 163840]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-08 790528]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-02 124232]
"AV-Update-9"="c:\program files\Symantec AntiVirus\vpdn_lu.exe" [2004-08-02 79176]
"LiveUpdate Runner"="c:\program files\LiveUpdate Runner\GSB_NAV_LU.exe" [2004-10-14 290816]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"SunServer"="c:\program files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe" [2005-11-11 290816]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-01-15 37376]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"AGRSMMSG"="AGRSMMSG.exe" [2004-08-24 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 443968]

c:\documents and settings\Ronaldo Garces\Start Menu\Programs\Startup\
Shortcut to wofi.exe.lnk - c:\program files\WoFi\wofi.exe [2004-11-08 1515585]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040]
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-03-01 57344]
SlimServer Tray Tool.lnk - c:\program files\SlimServer\SlimTray.exe [2006-04-25 1183813]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTrust PestPatrol Active Protection]
none [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2005-05-29 13:01 118784 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\CA\\eTrustITM\\InoRpc.exe"=
"c:\\Program Files\\CA\\eTrustITM\\Realmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:SlimServer 9000 tcp
"3483:UDP"= 3483:UDP:SlimServer 3483 udp
"3483:TCP"= 3483:TCP:SlimServer 3483 tcp
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2004-08-02 173392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1c05e84-93e4-11db-b0b8-0012f05e1fbf}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Ronaldo Garces\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 07:43:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\program files\CA\SharedComponents\PPRealtime\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRealtime\bin\CAServer.dll
.
Completion time: 2009-02-19 7:47:43
ComboFix-quarantined-files.txt 2009-02-19 12:47:00
ComboFix2.txt 2009-02-18 01:34:56
ComboFix3.txt 2009-02-16 20:56:30

Pre-Run: 11,757,826,048 bytes free
Post-Run: 11,744,026,624 bytes free

240 --- E O F --- 2009-02-11 07:01:06

Please download The Avenger by Swandog46 and unzip it to your Desktop


Please open The Avenger. Then, please copy/paste the script inside the codebox into the Input script here: box..



Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

• Now, click on Execute. Just say Yes at every prompted

The Avenger will automatically do the following:

• It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
• On reboot, it will briefly open a black command window on your desktop, this is normal.
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

Please copy/paste the content of c:\avenger.txt into your reply.




NEXT


Repeat the OTMoveIt3 step but this time with below script.. Post the log here after that..






NEXT


Run ComboFix again.. Post these logs in your next reply..

1. The Avenger
2. OTMoveIt3
3. ComboFix

Here is the avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\pdk-Ronaldo Garces" deleted successfully.
Folder "c:\windows\temp\pdk-SYSTEM" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

And the OT Move It log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\pdk-Ronaldo Garces\b59f15b8825435f49aa9eb99bc8112bd moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\pdk-Ronaldo Garces\153a64f0fbf1d066acccc90bb95e9471 moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\temp\pdk-Ronaldo Garces moved successfully.
c:\windows\temp\pdk-SYSTEM\153a64f0fbf1d066acccc90bb95e9471 moved successfully.
c:\windows\temp\pdk-SYSTEM moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DF8D0C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ib10 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib11 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib7 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib8 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ib9 scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JET9958.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\F41E4C17d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02192009_201344

Files moved on Reboot...
C:\DOCUME~1\RONALD~1\LOCALS~1\Temp\~DF8D0C.tmp moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
File C:\WINDOWS\temp\ib10 not found!
File C:\WINDOWS\temp\ib11 not found!
File C:\WINDOWS\temp\ib7 not found!
File C:\WINDOWS\temp\ib8 not found!
File C:\WINDOWS\temp\ib9 not found!
C:\WINDOWS\temp\JET9958.tmp moved successfully.
File C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\F41E4C17d01 not found!
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ronaldo Garces\Local Settings\Application Data\Mozilla\Firefox\Profiles\tygqru1x.a\XUL.mfl moved successfully.