also my norton is detecting trojans whichI have it remove but the next day theyre back Could use some help getting rid of em for good (and seeing if anything else is wrtong. Heres the prework:

Malwarebytes' Anti-Malware 1.40
Database version: 2754
Windows 6.0.6000
9/7/2009 8:45:51 PM
mbam-log-2009-09-07 (20-45-51).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 150680
Time elapsed: 1 hour(s), 21 minute(s), 1 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\yeyigiyoyo (Trojan.Agent) -> Delete on reboot.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\ProgramData\17408714 (Rogue.Multiple) -> Quarantined and deleted successfully.
Files Infected:
C:\ProgramData\bodukisu\bodukisu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\bufigabu\bufigabu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\kuduzuta\kuduzuta.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\kuvewawe\kuvewawe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\titadube\titadube.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\vegiwudo\vegiwudo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\fomuboza\fomuboza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\pupuyete\pupuyete.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\voriduzi\voriduzi.exe (Rogue.TotalSecurity2009) -> Quarantined and deleted successfully.
C:\ProgramData\wurigime\wurigime.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\yiwapeye\yiwapeye.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\zulowono\zulowono.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\novufuvi\novufuvi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\nuwolili\nuwolili.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\debesipe\debesipe.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\devawije\devawije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\dofiziba\dofiziba.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\ProgramData\heferose\heferose.exe (Rogue.TotalSecurity2009) -> Quarantined and deleted successfully.
C:\ProgramData\17408714\17408714 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\17408714\pc17408714ins (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\kanuzewa\kanuzewa.dll (Trojan.Agent) -> Delete on reboot.



by the way it said some files had to be deleted at reboot to be removed so I rebooted thus the stuff in the log marked as "delete on reboot" should be gone (since Ive rebooted) heres the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:57 PM, on 9/7/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16890)
Boot mode: Normal
Running processes:
C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Tony\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.0.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [vikafulah] Rundll32.exe "c:\progra~2\fedoniko\fedoniko.dll",a
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Get 2 FREE Audiobooks.lnk = C:\Users\Tony\AppData\Local\Temp\HelpInstaller_Sta rtUp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.0.0.134\coIEPlg.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 7412 bytes

welp just got another fake adware remover advertisement popup so I at least know Ill have more to do to get rid of it all after all heh

antoine,

Next, lets download ComboFix.exe. This will give me a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
Combofix -> Anti-malware Tools -> Downloads


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.

Double-click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

ok heres the combofix log (supposedly norton 360 was still enabled even though i disabled it but according to the log I only disabled 2 parts of norton 360 and not the SP (whatever that is) but combofix still ran normally and norton didnt stop/interfere with it. heres the log:

AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
. ((((((((((((((((((((((((( Files Created from 2009-08-08 to 2009-09-08 )))))))))))))))))))))))))))))))
.
2009-09-08 19:26 . 2009-09-08 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-08 00:20 . 2009-09-08 00:20 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 00:19 . 2009-09-08 00:19 -------- d-----w- c:\programdata\Malwarebytes
2009-09-08 00:19 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 00:19 . 2009-09-08 00:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-07 16:46 . 2009-09-07 16:46 -------- d-----w- c:\programdata\fesorega
2009-09-07 16:46 . 2009-09-07 16:46 -------- d-----w- c:\programdata\fedoniko
2009-09-07 04:47 . 2009-09-08 01:48 -------- d-----w- c:\programdata\kanuzewa
2009-09-07 04:47 . 2009-09-07 04:47 -------- d-----w- c:\programdata\mozejowi
2009-09-07 04:47 . 2009-09-07 04:47 -------- d-----w- c:\programdata\fividole
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\zokutahi
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\zetikude
2009-09-07 04:46 . 2009-09-07 04:46 -------- d-----w- c:\programdata\jopizozo
2009-09-06 12:46 . 2009-09-06 12:46 -------- d-----w- c:\programdata\rosilele
2009-09-06 12:46 . 2009-09-06 12:46 -------- d-----w- c:\programdata\lowefevu
2009-09-06 00:45 . 2009-09-06 00:45 -------- d-----w- c:\programdata\retenogu
2009-09-06 00:45 . 2009-09-06 00:45 -------- d-----w- c:\programdata\gijulewu
2009-09-05 12:45 . 2009-09-05 12:45 -------- d-----w- c:\programdata\tomiyegi
2009-09-05 12:45 . 2009-09-05 12:45 -------- d-----w- c:\programdata\dazetaha
2009-09-04 12:11 . 2009-09-04 12:11 -------- d-----w- c:\programdata\gulamono
2009-09-04 12:11 . 2009-09-04 12:11 -------- d-----w- c:\programdata\dokigera
2009-09-04 00:22 . 2009-09-04 00:22 -------- d-----w- c:\windows\system32\N360_BACKUP
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\layezefu
2009-09-04 00:11 . 2009-09-04 00:11 -------- d-----w- c:\programdata\fetabeke
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\fajeyeyi
2009-09-03 12:11 . 2009-09-03 12:11 -------- d-----w- c:\programdata\bayefiza
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\sonudodu
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\lipupara
2009-09-03 00:11 . 2009-09-03 00:11 -------- d-----w- c:\programdata\bihomimo
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\bozifodi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\nuponifi
2009-09-02 12:11 . 2009-09-02 12:11 -------- d-----w- c:\programdata\jidojofe
2009-09-02 00:10 . 2009-09-02 22:35 -------- d-----w- c:\programdata\yodupupu
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\hovepomi
2009-09-02 00:10 . 2009-09-02 00:10 -------- d-----w- c:\programdata\bihinoga
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\ruzulivo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\munorayo
2009-09-01 12:10 . 2009-09-01 12:10 -------- d-----w- c:\programdata\hovewifa
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\wurigime
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\debesipe
2009-09-01 00:11 . 2009-09-08 01:45 -------- d-----w- c:\programdata\bufigabu
2009-09-01 00:10 . 2009-09-08 01:45 -------- d-----w- c:\programdata\fomuboza
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dadejije
2009-09-01 00:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gatasapo
2009-09-01 00:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\nivajume
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\dolayune
2009-08-31 12:10 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gifereha
2009-08-31 12:10 . 2009-09-01 14:49 -------- d-----w- c:\programdata\jarohomo
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\novufuvi
2009-08-31 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\kuvewawe
2009-08-31 00:09 . 2009-09-01 14:49 -------- d-----w- c:\programdata\megisedo
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\voriduzi
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\nuwolili
2009-08-30 12:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\devawije
2009-08-30 00:09 . 2009-09-08 01:45 -------- d-----w- c:\programdata\heferose
2009-08-30 00:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sodekeba
2009-08-30 00:09 . 2009-09-04 14:17 -------- d-----w- c:\programdata\kijayavo
2009-08-29 12:22 . 2009-08-29 12:22 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-29 12:22 . 2009-01-15 17:19 23848 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-08-29 12:22 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\users\Tony\AppData\Local\Downloaded Installations
2009-08-29 12:22 . 2009-08-29 12:21 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-08-29 12:22 . 2009-08-29 12:22 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-29 12:22 . 2009-08-29 12:22 -------- d-----w- c:\program files\Symantec
2009-08-29 12:18 . 2009-08-29 12:18 -------- d-----w- c:\windows\system32\drivers\N360
2009-08-29 12:18 . 2009-08-29 12:19 -------- d-----w- c:\program files\Norton 360
2009-08-29 12:11 . 2009-08-29 12:11 -------- d-----w- c:\programdata\PCSettings
2009-08-29 12:09 . 2009-09-05 14:40 -------- d-----w- c:\programdata\gabuvike
2009-08-29 12:09 . 2009-09-04 13:07 -------- d-----w- c:\programdata\duyaroli
2009-08-29 12:09 . 2009-09-03 21:04 -------- d-----w- c:\programdata\mozawino
2009-08-29 12:07 . 2009-08-29 12:11 -------- d-----w- c:\programdata\Norton
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\programdata\NortonInstaller
2009-08-29 12:07 . 2009-08-29 12:07 -------- d-----w- c:\program files\NortonInstaller
2009-08-29 12:04 . 2009-08-29 12:04 -------- d-----w- c:\programdata\Symantec Temporary Files
2009-08-29 00:08 .. 2009-09-05 14:40 -------- d-----w- c:\programdata\kawarezu
2009-08-29 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\vebeleje
2009-08-29 00:08 . 2009-09-03 14:15 -------- d-----w- c:\programdata\vefiyohu
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\morezahe
2009-08-28 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\mijepubi
2009-08-28 00:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\ranitiri
2009-08-28 00:08 . 2009-09-04 14:17 -------- d-----w- c:\programdata\botapovu
2009-08-28 00:08 . 2009-08-31 13:25 -------- d-----w- c:\programdata\rusagimo
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\wihomeki
2009-08-27 12:08 . 2009-09-05 14:40 -------- d-----w- c:\programdata\sawigewe
2009-08-27 12:08 . 2009-09-03 21:04 -------- d-----w- c:\programdata\fukohoma
2009-08-27 08:03 . 2009-06-22 08:44 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 22:04 . 2009-09-05 14:40 -------- d-----w- c:\programdata\pigatedu
2009-08-26 22:04 . 2009-09-05 14:40 -------- d-----w- c:\programdata\menukabu
2009-08-26 22:04 . 2009-09-04 13:09 -------- d-----w- c:\programdata\bozikuyo
2009-08-26 22:03 . 2009-09-05 20:57 -------- d-----w- c:\programdata\kiyuwalu
2009-08-26 22:03 . 2009-09-05 14:40 -------- d-----w- c:\programdata\popeyime
2009-08-26 22:03 . 2009-08-26 22:03 -------- d-----w- c:\programdata\dejezibi
2009-08-26 10:03 . 2009-08-26 10:03 -------- d-----w- c:\programdata\vokoluwo
2009-08-26 10:03 . 2009-09-04 14:17 -------- d-----w- c:\programdata\pupezeri
2009-08-25 03:46 . 2009-09-08 00:35 -------- d-----w- c:\programdata\rotariti
2009-08-25 03:46 . 2009-09-08 00:34 -------- d-----w- c:\programdata\pohubeli
2009-08-25 03:46 . 2009-08-31 13:21 -------- d-----w- c:\programdata\bopedisu
2009-08-24 15:45 . 2009-09-08 00:34 -------- d-----w- c:\programdata\punehomi
2009-08-24 15:45 . 2009-09-08 00:34 -------- d-----w- c:\programdata\lebobofu
2009-08-24 15:45 . 2009-09-03 21:00 -------- d-----w- c:\programdata\suliweya
2009-08-24 15:45 . 2009-08-24 15:45 -------- d-----w- c:\programdata\NVIDIA
2009-08-24 08:08 . 2009-08-24 08:08 5071872 ----a-w- c:\windows\system32\NlsModels0011.dll
2009-08-23 23:56 . 2009-09-08 00:43 -------- d-----w- c:\programdata\divitawu
2009-08-23 23:56 . 2009-09-08 00:39 -------- d-----w- c:\programdata\zajeyema
2009-08-23 23:56 . 2009-09-08 00:38 -------- d-----w- c:\programdata\vupowose
2009-08-23 23:56 . 2009-09-03 21:04 -------- d-----w- c:\programdata\ruziveki
2009-08-23 16:30 . 2009-08-23 16:30 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-23 16:30 . 2009-08-23 16:30 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2009-08-23 16:30 .. 2009-08-23 16:30 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2009-08-23 16:30 . 2009-08-23 16:30 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-23 16:23 . 2009-08-23 16:23 87040 ----a-w- c:\windows\system32\msoert2.dll
2009-08-23 16:23 . 2009-08-23 16:23 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2009-08-23 16:23 . 2009-08-23 16:23 205824 ----a-w- c:\windows\system32\msoeacct.dll
2009-08-23 16:16 . 2009-08-23 16:16 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2009-08-23 16:16 . 2009-08-23 16:16 194560 ----a-w- c:\windows\system32\WebClnt.dll
2009-08-23 16:09 . 2009-08-23 16:09 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-08-23 16:02 . 2009-08-23 16:02 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-08-23 16:02 . 2009-08-23 16:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-23 16:02 . 2009-08-23 16:02 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-23 16:02 . 2009-08-23 16:02 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-23 16:02 . 2009-08-23 16:02 24064 ----a-w- c:\windows\system32\lpk.dll
2009-08-23 16:02 . 2009-08-23 16:02 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-23 15:54 . 2009-08-23 15:54 49664 ----a-w- c:\windows\system32\csrsrv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-09-03 21:05 . 2009-08-05 17:22 -------- d-----w- c:\programdata\dozusefo
2009-09-03 21:05 . 2009-08-06 11:45 -------- d-----w- c:\programdata\deguyigi
2009-09-03 21:00 . 2009-08-03 00:17 -------- d-----w- c:\programdata\fejoniso
2009-09-03 21:00 . 2009-08-05 17:21 -------- d-----w- c:\programdata\fayosipu
2009-09-03 21:00 . 2009-08-02 00:14 -------- d-----w- c:\programdata\vadelote
2009-09-03 21:00 . 2009-08-07 12:18 -------- d-----w- c:\programdata\tomasunu
2009-09-03 21:00 . 2009-08-02 12:15 -------- d-----w- c:\programdata\taposizo
2009-09-03 21:00 . 2009-08-03 00:17 -------- d-----w- c:\programdata\susanala
2009-09-03 21:00 . 2009-08-04 00:15 -------- d-----w- c:\programdata\suhaleti
2009-09-03 21:00 . 2009-08-06 23:44 -------- d-----w- c:\programdata\mebatajo
2009-09-03 21:00 . 2009-08-08 11:00 -------- d-----w- c:\programdata\lavejipu
2009-09-03 21:00 . 2009-08-02 12:15 -------- d-----w- c:\programdata\kihiloto
2009-09-03 21:00 . 2009-08-02 00:15 -------- d-----w- c:\programdata\bonikelo
2009-09-03 21:00 . 2009-08-03 12:15 -------- d-----w- c:\programdata\bijerudi
2009-09-03 21:00 . 2009-08-02 00:15 -------- d-----w- c:\programdata\bagatova
2009-08-31 13:26 . 2009-08-08 23:01 -------- d-----w- c:\programdata\kasusihu
2009-08-29 13:11 . 2006-12-26 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-29 12:22 . 2009-08-29 12:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-29 12:22 . 2009-08-29 12:22 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-29 12:18 . 2006-12-26 12:55 -------- d-----w- c:\programdata\Symantec
2009-08-24 08:08 . 2009-08-24 08:08 3102720 ----a-w- c:\windows\system32\NlsData0045.dll
2009-08-23 16:53 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-23 16:52 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-08-23 12:45 . 2009-08-23 12:45 260096 ----a-w- c:\windows\system32\dpx.dll
2009-08-23 12:09 . 2009-08-23 12:09 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-23 12:09 . 2009-08-23 12:09 827392 ----a-w- c:\windows\system32\wininet.dll
2009-08-23 12:08 . 2009-08-23 12:08 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-08-23 12:08 . 2009-08-23 12:08 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 12:08 . 2009-08-23 12:08 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-08-09 02:29 . 2009-08-08 11:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-09 02:26 . 2009-08-08 11:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\suzozizi
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\kifohala
2009-08-05 17:22 . 2009-08-04 00:16 -------- d-----w- c:\programdata\jaboyava
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\programdata\pulelabi
2009-08-05 17:21 . 2009-08-05 17:21 -------- d-----w- c:\programdata\fohevepu
2009-08-05 05:01 . 2009-08-05 05:01 -------- d-----w- c:\programdata\sigosemo
2009-08-05 05:01 . 2009-08-05 05:01 -------- d-----w- c:\programdata\koyelulo
2009-08-04 17:01 . 2009-08-04 17:01 -------- d-----w- c:\programdata\yonijuwe
2009-08-04 17:01 . 2009-08-04 17:01 -------- d-----w- c:\programdata\fogususe
2009-08-04 00:15 . 2009-08-04 00:15 -------- d-----w- c:\programdata\yupaliba
2009-07-25 13:04 . 2007-07-02 13:43 -------- d-----w- c:\program files\LimeWire
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"vikafulah"="c:\progra~2\fedoniko\fedoniko.dll " [2009-09-07 88064]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-02 1004136]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-04 1261568]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"PCMService"="c:\acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 151552]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-06-20 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-26 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{294C820B-769C-45F8-9085-23141B98D6A3}"= UDP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D7E57710-B00B-42E3-BAB9-FF15A039A970}"= TCP:c:\acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{61A20DFF-D7ED-4B5D-A92B-3667356E14C9}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{97702059-5105-4897-8112-B6C99225E271}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\030000 0.086\SymEFA.sys [8/29/2009 7:21 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.08 6\BHDrvx86.sys [8/29/2009 7:21 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000. 086\cchpx86.sys [8/29/2009 7:21 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904. 002\IDSvix86.sys [9/5/2009 2:04 PM 293424]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [8/29/2009 7:21 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/2/2009 2:42 PM 102448]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.08 6\symndisv.sys [8/29/2009 7:21 AM 39984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.us.acer.yahoo.com
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.us.acer.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*Yahoo!
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 14:26
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5572)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\progra~2\fedoniko\fedoniko.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-09-08 14:31
ComboFix-quarantined-files.txt 2009-09-08 19:31
Pre-Run: 57,635,262,464 bytes free
Post-Run: 57,589,673,984 bytes free
292 --- E O F --- 2009-09-02 08:04

There are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Please note that as long as you are using any form of P2P networking to download files you can anticipate infestations of malware to occur.

P2P file sharing used to be fairly safe. This is no longer true; continue to use P2P sharing at your own risk!

Keep in mind that this practice may be the source of your current malware infestation.

References... citing the risk factors, of using P2P programs:
Malware: Help prevent the Infection
IM And P2P Malware Threats Nearly Triple
How to Prevent the Online Invasion of Spyware and Adware

I strongly recommend that you uninstall:

Limewire

You can do so using the Control Panel >> Add or Remove Programs function. However, that choice is up to you.

As long as you have the P2P program(s) installed, per PCHF Policy, I can offer you no further assistance.

If you choose to remove these programs, when finished:
Please generate a new ComboFix log

ok Ill get rid of that (never use it anyway) but before I do as for generating a new combofix log I hear Im only supposed to use combofix once (or something bad will happen?) so running combofix a second time after getting rid of limewire will be fine or is there some other way Id generate a new log?

Also will keeping the SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A} enabled still be fine (like i said combofix still worked even with it enabled) if not how would I go about disabling it since righting clicking it on the system tray icon only gives me the options to disable the norton 360 firewall and the AV (which Im guessing is the norton active scan) and when i bring up taskmanger the the process tabs to look for norton 360 process running and end the process its not on the process list so Im guessing norton isnt really running thus its ok right?

Nope. You'll be fine running ComboFix a second time. Whoever told you that was wrong.

You're fine keeping in enabled. We disable the resident shield as a precaution so ComboFix is not flagged as Malware and blocked