The below log showed 101 threats: a combination of worms, trojans & packed.delfcrypts (sort of like Dorothy in the Wizard of Oz...lions, and tigers and bears, oh my!) I ran "AVG" antivirus and it still shows 1 packed.delfcrypt virus found. Should I just wipe my computer and reload my OS? Here's the log...

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3967

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/7/2010 11:09:56 PM
mbam-log-2010-04-07 (23-09-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 155402
Time elapsed: 28 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 9
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 80

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\dsdmoprp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\WINDOWS\system32\certcli32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{012c5e52-e797-4da1-a44d-68935f9f58de} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{012c5e52-e797-4da1-a44d-68935f9f58de} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\4451d652869 (Trojan.Tracur) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dsdmoprp32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dsdmoprp32.dll -> Delete on reboot.

Folders Infected:
C:\WINDOWS\system32\SysWoW32 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maria\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Amica\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\certcli32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsdmoprp32.dll (Trojan.Tracur) -> Delete on reboot.
C:\System Volume Information\_restore{E0977E64-2294-4866-B351-71D4817EE964}\RP113\A0013655.exe (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\credssp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptsvc32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cscdll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\capesnpn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dataclen32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\datime32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\davclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dciman3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmband32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmdlgs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ds32gt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gcdef32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\GEARAspi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gpkcsp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmprops32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cnvfat32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctl3dv232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CTWFLT3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CTWFLT323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dfrgsnap32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmocx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmsynth32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dnsapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dot3gpclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eapp3hst32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\els32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esent9732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hid32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clbcatq32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\compstui32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsnap32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgsetup32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgsetup3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpqec32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpqec3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpqec323232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3d8thk32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpmodemx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpvacm32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u504073224v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u504073224v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u504073224v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\@u504073224v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v4.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v5.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v6.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\mu504073224v7.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v0.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v1 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v1.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v2 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v2.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v3 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\wu504073224v3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u504073224v0 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u504073224v4 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u504073224v5 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u504073224v6 (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SysWoW32\_u504073224v7 (Worm.Archive) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSCRIPT32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSERVER32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmutil32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\GnuHashes.ini (Malware.Trace) -> Quarantined and deleted successfully.

No, let's see if it can be cleaned.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

Actually, I didn't need the combo fix. I removed the last virus and then rebooted. I scanned the computer after restart (did it twice to be sure) and it showed zero threats. Thanks so much. I'm thinking my next computer is going to be a MAC, they are impervious to viruses. Maybe I should get an Internet condom so I don't get infected again. I wasn't even surfing for porn!

All kidding aside...Really genius! Thank you for your expertise.

OK. But infections these days are much more dangerous and cannot necessarily be just detected using an antivirus, but oh well. Happy surfing.

Wait!!! What do you mean???? Are you saying a should do the combo fix anyway??????????????????

Okay, so you must be a born again geek because the fear tactic worked Below is comboFix log...

ComboFix 10-04-08.01 - Maria 04/08/2010 20:56:10.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.2098 [GMT -4:00]
Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Amica\Application Data\02000000098e44e3869C.manifest
c:\documents and settings\Amica\Application Data\02000000098e44e3869O.manifest
c:\documents and settings\Amica\Application Data\02000000098e44e3869P.manifest
c:\documents and settings\Amica\Application Data\02000000098e44e3869S.manifest
c:\documents and settings\Maria\Application Data\02000000098e44e3869C.manifest
c:\documents and settings\Maria\Application Data\02000000098e44e3869O.manifest
c:\documents and settings\Maria\Application Data\02000000098e44e3869P.manifest
c:\documents and settings\Maria\Application Data\02000000098e44e3869S.manifest
c:\windows\system32\1986244917
c:\windows\system32\CTWFLT32323232.dll
c:\windows\system32\Data
c:\windows\system32\dmband3232.dll
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-09 to 2010-04-09 )))))))))))))))))))))))))))))))
.

2010-04-08 02:17 . 2010-04-08 02:17 -------- d-----w- c:\program files\Trend Micro
2010-04-08 00:14 . 2010-04-08 00:14 211456 ----a-w- c:\windows\system32\clusapi32.dll
2010-04-07 23:15 . 2010-04-07 23:15 211456 ----a-w- c:\windows\system32\dmconfig32.dll
2010-04-07 16:11 . 2010-04-07 16:11 211456 ----a-w- c:\windows\system32\cmsetacl32.dll
2010-04-02 00:18 . 2010-04-02 00:18 -------- d-----w- c:\program files\iPod
2010-04-02 00:18 . 2010-04-02 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 00:15 . 2010-04-02 00:15 -------- d-----w- c:\program files\QuickTime
2010-04-02 00:12 . 2010-04-02 00:12 -------- d-----w- c:\program files\Bonjour
2010-04-01 23:59 . 2010-04-01 23:59 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-01 20:06 . 2010-04-04 17:04 -------- d-----w- c:\program files\Ask.com
2010-03-23 16:23 . 2010-03-23 16:23 -------- d-----w- C:\temp
2010-03-23 16:23 . 2010-03-23 16:23 -------- d-----w- c:\program files\Avex
2010-03-23 13:54 . 2010-03-23 13:54 -------- d-----w- c:\program files\DVD Shrink
2010-03-23 13:52 . 2010-03-23 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-03-23 13:49 . 2007-11-10 13:58 89184 ------w- c:\windows\system32\drivers\imagedrv.sys
2010-03-23 13:48 . 2007-11-10 13:58 38912 ----a-r- c:\windows\system32\picn20.dll
2010-03-23 13:48 . 2007-11-10 13:58 569344 ----a-r- c:\windows\system32\imagr5.dll
2010-03-23 13:48 . 2007-11-10 13:58 544768 ----a-r- c:\windows\system32\imagx5.dll
2010-03-23 13:48 . 2007-11-10 13:58 283920 ----a-r- c:\windows\system32\ImagXpr5.dll
2010-03-23 13:48 . 2010-03-23 13:48 -------- d-----w- c:\program files\Common Files\Ahead
2010-03-23 13:48 . 2007-11-10 13:58 155648 ----a-r- c:\windows\system32\NeroCheck.exe
2010-03-23 13:48 . 2010-03-23 13:48 -------- d-----w- c:\program files\Ahead
2010-03-18 19:24 . 2010-03-18 19:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-16 01:59 . 2010-03-16 01:59 -------- d-----w- c:\program files\MSXML 4.0
2010-03-15 22:50 . 2010-03-21 18:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-15 19:59 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-15 19:32 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-15 19:32 . 2010-03-15 19:32 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-03-14 21:10 . 2010-03-14 21:10 -------- d-----w- c:\windows\system32\scripting
2010-03-14 21:10 . 2010-03-14 21:10 -------- d-----w- c:\windows\l2schemas
2010-03-14 21:10 . 2010-03-14 21:10 -------- d-----w- c:\windows\system32\en
2010-03-14 21:10 . 2010-03-14 21:10 -------- d-----w- c:\windows\system32\bits
2010-03-12 16:09 . 2010-03-12 16:09 -------- d-----w- c:\program files\Common Files\Java
2010-03-12 16:05 . 2010-03-12 16:05 503808 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ed1b0a-n\msvcp71.dll
2010-03-12 16:05 . 2010-03-12 16:05 499712 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ed1b0a-n\jmc.dll
2010-03-12 16:05 . 2010-03-12 16:05 348160 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-76ed1b0a-n\msvcr71.dll
2010-03-12 16:05 . 2010-03-12 16:05 61440 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b8076d1-n\decora-sse.dll
2010-03-12 16:05 . 2010-03-12 16:05 12800 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2b8076d1-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-08 04:25 . 2010-04-08 02:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-08 02:37 . 2010-04-08 02:37 -------- d-----w- c:\documents and settings\Maria\Application Data\Malwarebytes
2010-04-08 02:36 . 2010-04-08 02:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-07 16:42 . 2010-02-09 17:23 -------- d-----w- c:\documents and settings\Maria\Application Data\LimeWire
2010-04-06 14:12 . 2010-02-03 14:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-04-04 17:31 . 2010-02-01 01:17 -------- d-----w- c:\program files\AVG
2010-04-02 00:18 . 2010-02-05 01:31 -------- d-----w- c:\program files\iTunes
2010-04-02 00:18 . 2010-01-31 23:33 -------- d-----w- c:\program files\Common Files\Apple
2010-04-01 20:06 . 2010-02-09 17:20 -------- d-----w- c:\program files\LimeWire
2010-03-28 15:19 . 2010-02-01 04:20 -------- d-----w- c:\program files\CCleaner
2010-03-25 18:37 . 2010-02-03 14:43 86928 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-16 19:46 . 2010-01-31 02:32 176240 ----a-w- c:\documents and settings\Maria\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 02:09 . 2010-01-31 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-16 02:06 . 2010-01-31 23:11 -------- d-----w- c:\program files\Microsoft Works
2010-03-14 21:13 . 2010-01-31 01:02 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-12 16:04 . 2010-02-09 17:23 -------- d-----w- c:\program files\Java
2010-03-03 14:37 . 2010-03-03 14:37 -------- d-----w- c:\program files\Expert Software
2010-02-28 20:35 . 2010-02-28 20:35 -------- d-----w- c:\documents and settings\Maria\Application Data\Final Draft
2010-02-28 20:35 . 2010-02-28 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Final Draft
2010-02-28 20:30 . 2010-02-28 20:30 51712 ----a-r- c:\documents and settings\Maria\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D174.exe
2010-02-28 20:30 . 2010-02-28 20:30 51712 ----a-r- c:\documents and settings\Maria\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D173.exe
2010-02-28 20:30 . 2010-02-28 20:30 51712 ----a-r- c:\documents and settings\Maria\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D172.exe
2010-02-28 20:30 . 2010-02-28 20:30 27648 ----a-r- c:\documents and settings\Maria\Application Data\Microsoft\Installer\{78D62D17-D970-42DA-B8CF-5E5576293B33}\Icon78D62D171.exe
2010-02-28 20:30 . 2010-02-28 20:30 -------- d-----w- c:\program files\Final Draft Tagger
2010-02-28 20:30 . 2010-02-28 20:30 -------- d-----w- c:\program files\Final Draft 7
2010-02-28 20:30 . 2010-02-28 20:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-25 14:36 . 2010-02-01 01:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 06:24 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 03:29 . 2010-02-23 21:31 -------- d-----w- c:\program files\WinWay Resume - Express Edition
2010-02-19 14:58 . 2010-02-18 16:39 -------- d-----w- c:\program files\Web Publish
2010-02-18 19:20 . 2010-02-18 19:20 -------- d-----w- c:\program files\VSTplugins
2010-02-18 19:20 . 2010-02-18 19:20 -------- d-----w- c:\documents and settings\Maria\Application Data\Publish Providers
2010-02-18 19:20 . 2010-02-18 19:20 -------- d-----w- c:\documents and settings\Maria\Application Data\Sony
2010-02-18 16:54 . 2010-02-18 16:37 -------- d-----w- c:\program files\The Print Shop 20
2010-02-18 16:52 . 2010-02-18 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Riverdeep Interactive Learning Limited
2010-02-18 16:37 . 2010-02-18 16:37 -------- d-----w- c:\program files\Common Files\Broderbund
2010-02-18 16:37 . 2010-02-18 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Broderbund Software
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-10 16:52 . 2010-02-10 16:52 152576 -c--a-w- c:\documents and settings\Maria\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-10 16:52 . 2010-02-10 16:52 79488 ----a-w- c:\documents and settings\Maria\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-09 17:23 . 2010-02-09 17:23 152576 -c--a-w- c:\documents and settings\Maria\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-02-01 20:44 . 2010-02-01 20:44 28664 -c--a-w- c:\documents and settings\Amica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 17:51 . 2010-01-31 17:51 82400 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-01-31 17:51 . 2010-01-31 17:51 37888 ----a-w- c:\windows\system32\setupnt.dll
2010-01-31 17:51 . 2010-01-31 17:51 28896 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-01-31 17:51 . 2010-01-31 17:51 211520 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-01-31 17:51 . 2010-01-31 17:51 126976 ----a-w- c:\windows\system32\snapapi.dll
2010-01-31 01:47 . 2010-01-31 01:47 7915696 ----a-w- C:\BellSouthIW.reg
2010-01-31 01:00 . 2010-01-31 01:00 21640 -c--a-w- c:\windows\system32\emptyregdb.dat
2010-01-25 12:47 . 2010-02-03 14:56 3777816 ----a-w- c:\documents and settings\All Users\Application Data\Temp\AVG\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Acronis True Image Monitor"="c:\program files\Acronis\TrueImage\TrueImageMonitor.exe" [2010-01-31 419408]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-01-31 69632]
"Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2007-11-10 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 7:13 PM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:13]

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 23:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-08 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-08 21:00:06
ComboFix-quarantined-files.txt 2010-04-09 01:00

Pre-Run: 38,568,542,208 bytes free
Post-Run: 38,550,749,184 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 74509EB53B66A166AF082B32D3070680

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

It shows 3 infections: Trojan.Tracur

00003464 00002540 04/09/10:09:13:00:390,8 DllMain Called: 0

00003464 00002540 04/09/10:09:13:00:390,5 PCTLsp.dll: DLL_PROCESS_DETACH (1)
00003464 00002540 04/09/10:09:13:00:593,2 INI_EndModules IN 0
00003848 00001756 04/09/10:09:13:00:593,8 DllMain Called: 2

00003848 00001756 04/09/10:09:13:00:593,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001176 04/09/10:09:13:00:593,8 DllMain Called: 2

00003520 00001176 04/09/10:09:13:00:609,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00002236 04/09/10:09:13:45:093,8 DllMain Called: 2

00003520 00002236 04/09/10:09:13:45:093,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001064 04/09/10:09:13:45:093,8 DllMain Called: 2

00003520 00001064 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00000248 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00000248 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003160 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00003160 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001592 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00001592 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00000744 04/09/10:09:13:45:156,8 DllMain Called: 3

00003848 00000744 04/09/10:09:13:45:156,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00002432 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00002432 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000368 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00000368 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000748 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00000748 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00002216 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00002216 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00003936 04/09/10:09:13:45:187,8 DllMain Called: 2

00003848 00003936 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00002212 04/09/10:09:13:45:250,8 DllMain Called: 2

00003520 00000760 04/09/10:09:13:45:265,8 DllMain Called: 2

00003848 00002212 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00000760 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001880 04/09/10:09:13:45:265,8 DllMain Called: 2

00003520 00001880 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003724 04/09/10:09:13:45:281,8 DllMain Called: 3

00003520 00003724 04/09/10:09:13:45:281,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000924 04/09/10:09:13:45:296,8 DllMain Called: 2

00003848 00000924 04/09/10:09:13:45:296,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003960 04/09/10:09:13:45:296,8 DllMain Called: 2

00003520 00003960 04/09/10:09:13:45:312,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00001356 04/09/10:09:13:45:328,8 DllMain Called: 0

00003848 00001356 04/09/10:09:13:45:328,5 PCTLsp.dll: DLL_PROCESS_DETACH (1)
00003848 00001356 04/09/10:09:13:45:531,2 INI_EndModules IN 0

What log is that from?

maleware. this 1 popped up after i sent the log earlier...
00003464 00002540 04/09/10:09:13:00:390,8 DllMain Called: 0

00003464 00002540 04/09/10:09:13:00:390,5 PCTLsp.dll: DLL_PROCESS_DETACH (1)
00003464 00002540 04/09/10:09:13:00:593,2 INI_EndModules IN 0
00003848 00001756 04/09/10:09:13:00:593,8 DllMain Called: 2

00003848 00001756 04/09/10:09:13:00:593,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001176 04/09/10:09:13:00:593,8 DllMain Called: 2

00003520 00001176 04/09/10:09:13:00:609,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00002236 04/09/10:09:13:45:093,8 DllMain Called: 2

00003520 00002236 04/09/10:09:13:45:093,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001064 04/09/10:09:13:45:093,8 DllMain Called: 2

00003520 00001064 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00000248 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00000248 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003160 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00003160 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001592 04/09/10:09:13:45:109,8 DllMain Called: 2

00003520 00001592 04/09/10:09:13:45:109,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00000744 04/09/10:09:13:45:156,8 DllMain Called: 3

00003848 00000744 04/09/10:09:13:45:156,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00002432 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00002432 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000368 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00000368 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000748 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00000748 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00002216 04/09/10:09:13:45:187,8 DllMain Called: 3

00003848 00002216 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00003936 04/09/10:09:13:45:187,8 DllMain Called: 2

00003848 00003936 04/09/10:09:13:45:187,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00002212 04/09/10:09:13:45:250,8 DllMain Called: 2

00003520 00000760 04/09/10:09:13:45:265,8 DllMain Called: 2

00003848 00002212 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00000760 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00001880 04/09/10:09:13:45:265,8 DllMain Called: 2

00003520 00001880 04/09/10:09:13:45:265,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003724 04/09/10:09:13:45:281,8 DllMain Called: 3

00003520 00003724 04/09/10:09:13:45:281,5 PCTLsp.dll: DLL_THREAD_DETACH (1)
00003848 00000924 04/09/10:09:13:45:296,8 DllMain Called: 2

00003848 00000924 04/09/10:09:13:45:296,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003520 00003960 04/09/10:09:13:45:296,8 DllMain Called: 2

00003520 00003960 04/09/10:09:13:45:312,5 PCTLsp.dll: DLL_THREAD_ATTACH (1)
00003848 00001356 04/09/10:09:13:45:328,8 DllMain Called: 0

00003848 00001356 04/09/10:09:13:45:328,5 PCTLsp.dll: DLL_PROCESS_DETACH (1)
00003848 00001356 04/09/10:09:13:45:531,2 INI_EndModules IN 0

Ok. What tool did those logs come from?

I thought Malwarebytes scan. I opened Malwarebytes and clicked on log and cut and pasted the below, so I know for sure it came from this program...
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3972

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/9/2010 9:29:43 AM
mbam-log-2010-04-09 (09-29-43).txt

Scan type: Quick scan
Objects scanned: 115031
Time elapsed: 3 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dmconfig32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cmsetacl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clusapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

found trojan...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=af09272f4f812a448803c795ad770650
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-04-11 03:10:33
# local_time=2010-04-11 11:10:33 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=50715
# found=1
# cleaned=1
# scan_time=3476
C:\Documents and Settings\Maria\My Documents\LimeWire\Saved\lady isadora - greatest hits.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.