Infected w/possible Virus, Backdoor, Keylogger

Hi there - I have Guardian PC Tools and it keeps coming up with an entry that says I have a backdoor ciadoor. I quarantine or remove but it comes back every time I restart the computer. I have ran SEVERAL different types of virus, malware scans and some say I'm clean and others say I'm infected but can't remove. Can someone please help me look at my logs to tell me what if anything I have. I have attached my DSS log which includes the hijackthis log. Thank you in advance.

PS - This morning I ran a scan with a program that said I had win32 backdoor ciadoor.sdbot and perlovga (if that helps)


Deckard's System Scanner v20071014.68
Run by Carol on 2008-03-15 12:42:10
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Carol.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:14 PM, on 3/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\aaksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Boomerang Software\Guardian PC Security Tools\Pfft.exe
C:\Program Files\Palm\Hotsync.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Carol\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Carol.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe "
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKUS\S-1-5-21-2628613247-2060689918-2099334647-1005\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-21-2628613247-2060689918-2099334647-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-2628613247-2060689918-2099334647-1005\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Guardian PC Security Tools.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199988591953
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: aaksrv - Spydex, Inc. - C:\WINDOWS\system32\aaksrv.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiSpy Server - Boomerang Software, Inc. - C:\Program Files\Boomerang Software\Guardian PC Security Tools\PfftWrk.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12859 bytes

-- Files created between 2008-02-15 and 2008-03-15 -----------------------------

2008-03-15 12:40:42 388608 --a------ C:\WINDOWS\system32\CF2979.exe
2008-03-15 12:40:35 3514 --a------ C:\Start_.cmd
2008-03-15 12:40:35 0 d-------- C:\327882R2FWJFW
2008-03-15 12:27:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-15 12:27:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-15 12:27:17 0 d-------- C:\WINDOWS\LastGood
2008-03-15 11:24:14 0 d-------- C:\Program Files\Trend Micro
2008-03-15 11:15:38 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-03-15 10:00:36 0 d-------- C:\Program Files\a-squared Anti-Malware
2008-03-15 09:39:21 0 d-------- C:\Documents and Settings\Carol\Application Data\True Sword
2008-03-15 09:39:14 356352 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-03-15 09:39:14 81920 --a------ C:\WINDOWS\eSellerateControl350.dll <Not Verified; eSellerate Inc.; eSellerate ActiveX Control>
2008-03-15 09:39:13 0 d-------- C:\WINDOWS\system32\backuped
2008-03-15 09:39:13 0 d-------- C:\Program Files\True Sword 4
2008-03-13 14:39:37 0 d-------- C:\Documents and Settings\Carol\Application Data\Comodo
2008-03-13 14:39:33 0 d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-03-13 14:24:16 0 d-------- C:\Documents and Settings\Carol\Application Data\Malwarebytes
2008-03-13 14:24:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-13 14:24:09 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-13 14:23:57 0 d-------- C:\Program Files\Common Files\Download Manager
2008-03-13 14:07:27 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-13 14:07:27 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-13 14:07:27 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-13 14:03:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-13 14:03:13 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-13 13:40:46 0 d-------- C:\Program Files\Alwil Software
2008-03-13 12:47:10 0 dr-h----- C:\Documents and Settings\Carol\Recent
2008-03-12 16:27:19 0 d-------- C:\32938f8949442afee82b8e
2008-03-12 13:53:27 0 d-------- C:\Temp
2008-03-12 13:50:40 0 d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-03-12 13:50:34 0 d-------- C:\Program Files\DVDVideoSoft
2008-03-12 11:31:11 0 d-------- C:\Program Files\LexisNexis
2008-02-27 20:00:20 0 d-------- C:\Documents and Settings\Carol\Application Data\InstallShield
2008-02-27 18:22:04 0 d-------- C:\mp4 video
2008-02-27 18:21:35 0 d-------- C:\Program Files\Easy iPod MP4 PSP 3GP
2008-02-27 16:31:05 0 --a------ C:\Documents and Settings\Carol\Application Data\CopyToGo.dat
2008-02-27 11:40:19 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-27 10:16:47 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-27 10:16:47 0 d-------- C:\Documents and Settings\Carol\Application Data\Vso
2008-02-27 10:16:47 47360 --a------ C:\Documents and Settings\Carol\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-02-27 10:16:44 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-02-27 10:16:44 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-02-27 10:16:44 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-02-27 09:50:49 0 d-------- C:\Program Files\vso
2008-02-27 09:18:50 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-02-27 09:17:35 0 d-------- C:\Program Files\Reference Assemblies
2008-02-27 09:16:03 0 d-------- C:\e87561910c125d77ed
2008-02-27 00:43:19 0 d-------- C:\TempDVD
2008-02-27 00:43:13 0 d-------- C:\Program Files\dvdSanta
2008-02-27 00:20:10 0 d-------- C:\Program Files\SlySoft
2008-02-27 00:20:05 0 d-------- C:\Program Files\AVSMedia
2008-02-27 00:11:19 0 d-------- C:\Program Files\Elaborate Bytes
2008-02-26 23:21:04 0 d-------- C:\Documents and Settings\Carol\Application Data\AVS4YOU
2008-02-26 23:20:55 0 d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-02-26 23:20:05 0 d-------- C:\Program Files\Common Files\AVSMedia
2008-02-26 23:19:43 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-26 23:19:43 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-26 23:19:43 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
2008-02-26 23:19:43 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-02-26 23:19:43 0 d-------- C:\Program Files\AVS4YOU
2008-02-26 23:02:45 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-26 23:02:19 0 d-------- C:\Program Files\Avi2Dvd
2008-02-26 21:39:58 0 d-------- C:\Documents and Settings\Carol\Application Data\Nero
2008-02-26 21:37:20 0 d-------- C:\Program Files\Common Files\Nero
2008-02-26 21:37:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-25 15:49:45 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-25 15:48:38 0 d-------- C:\94df04c4cdb956045e6ac17353
2008-02-25 15:48:36 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-25 15:48:20 0 d-------- C:\323f793f327497aee543f1
2008-02-25 14:21:52 0 d-------- C:\Program Files\iPod
2008-02-25 14:21:49 0 d-------- C:\Program Files\iTunes
2008-02-25 14:21:17 0 d-------- C:\Program Files\Bonjour
2008-02-25 12:25:48 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-25 12:25:46 0 d-------- C:\Program Files\DVD Shrink
2008-02-25 12:16:10 0 d-------- C:\Documents and Settings\Carol\Application Data\Ulead Systems
2008-02-22 10:29:18 0 d-------- C:\WINDOWS\ERUNT
2008-02-21 12:07:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-20 11:46:17 0 d-------- C:\Program Files\iArt
2008-02-18 20:26:27 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-02-18 20:24:46 0 d-------- C:\Documents and Settings\Carol\Application Data\Tunebite
2008-02-18 20:24:12 0 d-------- C:\Program Files\RapidSolution
2008-02-18 20:24:12 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-02-18 18:51:45 513152 --a------ C:\WINDOWS\system32\drivers\SndTDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
2008-02-18 18:51:45 2688 --a------ C:\WINDOWS\system32\drivers\MovRVDrv32.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-02-18 18:35:26 0 d-------- C:\Documents and Settings\Carol\Application Data\Roxio
2008-02-18 18:10:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Napster


-- Find3M Report ---------------------------------------------------------------

2008-03-15 12:15:54 0 d-------- C:\Program Files\Common Files\LightScribe
2008-03-15 12:15:50 0 d-------- C:\Program Files\Windows Desktop Search
2008-03-15 12:15:45 0 d-------- C:\Program Files\Common Files\aolshare
2008-03-15 12:15:31 0 d-------- C:\Program Files\Palm
2008-03-14 16:15:30 0 d-------- C:\Program Files\Comodo
2008-03-14 16:13:54 0 d-------- C:\Program Files\Rtgbills3
2008-03-14 09:02:43 6580 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-03-13 14:23:57 0 d-------- C:\Program Files\Common Files
2008-03-13 14:04:01 0 d-------- C:\Program Files\Lavasoft
2008-03-13 14:04:00 0 d-------- C:\Documents and Settings\Carol\Application Data\Lavasoft
2008-03-13 11:19:09 0 d-------- C:\Program Files\PeerGuardian2
2008-03-13 09:47:51 0 d-------- C:\Program Files\InterVideo
2008-03-13 09:47:51 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 09:31:31 0 d-------- C:\Program Files\Yahoo!
2008-03-09 14:33:19 0 d-------- C:\Documents and Settings\Carol\Application Data\Corel
2008-03-01 15:34:49 0 d-------- C:\Program Files\BitComet
2008-02-27 22:38:01 0 d-------- C:\Documents and Settings\Carol\Application Data\LimeWire
2008-02-27 10:16:56 34 --a------ C:\Documents and Settings\Carol\Application Data\pcouffin.log
2008-02-27 10:16:47 1144 --a------ C:\Documents and Settings\Carol\Application Data\pcouffin.inf
2008-02-27 10:16:47 7887 --a------ C:\Documents and Settings\Carol\Application Data\pcouffin.cat
2008-02-27 09:51:41 0 d-------- C:\Program Files\Common Files\InterVideo
2008-02-27 09:51:21 0 d-------- C:\Program Files\Corel
2008-02-27 09:22:05 0 d-------- C:\Program Files\MSBuild
2008-02-26 15:56:33 0 d-------- C:\Documents and Settings\Carol\Application Data\Ahead
2008-02-25 14:21:00 0 d-------- C:\Program Files\QuickTime
2008-02-18 20:57:33 0 d-------- C:\Program Files\LimeWire
2008-02-18 18:35:02 0 d-------- C:\Documents and Settings\Carol\Application Data\AdobeUM
2008-02-18 14:32:57 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-18 10:57:08 0 d-------- C:\Documents and Settings\Carol\Application Data\Adobe
2008-02-15 11:27:11 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-07 14:10:51 0 d-------- C:\Program Files\America Online 9.0
2008-02-06 17:16:47 0 d-------- C:\Program Files\GPLGS
2008-02-06 17:16:17 0 d-------- C:\Program Files\Acro Software
2008-02-06 13:11:12 0 d-------- C:\Program Files\ESPNMotion
2008-02-06 12:21:25 90112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2008-02-06 12:21:25 221184 --a------ C:\WINDOWS\SnoopFreeUI.exe <Not Verified; SnoopFree Software; SnoopFree Privacy Shield>
2008-02-06 12:21:25 45056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2008-02-05 20:03:55 237568 --a------ C:\WINDOWS\system32\aaksrv.exe <Not Verified; Spydex, Inc.; Spydex, Inc. Advanced Anti Keylogger>
2008-02-05 20:03:55 20768 --a------ C:\WINDOWS\system32\aakbdrv.sys <Not Verified; Spydex, Inc.; Spydex, Inc. Advanced Anti Keylogger>
2008-02-05 20:03:55 34272 --a------ C:\WINDOWS\system32\aakah.sys <Not Verified; Spydex, Inc.; Spydex, Inc. Advanced Anti Keylogger>
2008-02-05 20:03:55 81920 --a------ C:\WINDOWS\system32\aakah.dll <Not Verified; Spydex, Inc.; Spydex, Inc. Advanced Anti Keylogger>
2008-02-04 17:24:19 0 d-------- C:\Program Files\WordPerfect Office X3 Installer
2008-02-04 17:24:16 0 d-------- C:\Program Files\RGB
2008-02-04 17:23:37 0 d-------- C:\Program Files\AMICUS50
2008-02-04 17:23:36 0 d-------- C:\Program Files\Palm - b
2008-02-04 17:23:34 0 d-------- C:\Program Files\GemMaster
2008-02-04 17:23:33 0 d-------- C:\Program Files\EnglishOtto
2008-02-04 17:23:33 0 d-------- C:\Program Files\Documents To Go
2008-02-04 17:23:32 0 d-------- C:\Program Files\Microsoft Works
2008-02-04 17:23:32 0 d-------- C:\Program Files\MagicISO
2008-02-04 17:23:32 0 d-------- C:\Program Files\DivX
2008-02-04 17:23:30 0 d-------- C:\Program Files\Messenger
2008-02-01 16:57:54 0 d-------- C:\Program Files\Rtgbills
2008-01-30 14:53:00 0 d-------- C:\Program Files\Java
2008-01-30 14:51:07 0 d-------- C:\Documents and Settings\Carol\Application Data\Sun
2008-01-30 11:09:06 0 d-------- C:\Program Files\Visioneer OneTouch
2008-01-30 08:38:44 0 d-------- C:\Program Files\Rtgbills2
2008-01-29 17:40:06 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-01-29 16:29:34 0 d-------- C:\Documents and Settings\Carol\Application Data\Symantec
2008-01-29 15:21:57 0 d-------- C:\Program Files\MarchNetworks
2008-01-29 15:18:23 0 d-------- C:\Documents and Settings\Carol\Application Data\DivX
2008-01-29 11:16:53 0 d-------- C:\Program Files\a-squared Free
2008-01-29 10:45:38 0 d-------- C:\Program Files\Smart Projects
2008-01-29 10:30:05 0 d-------- C:\Program Files\PC Registry Cleaner
2008-01-25 09:44:31 0 d-------- C:\Documents and Settings\Carol\Application Data\MySpace
2008-01-24 12:25:42 0 d-------- C:\Documents and Settings\Carol\Application Data\Help
2008-01-23 12:56:00 0 d-------- C:\Documents and Settings\Carol\Application Data\U3
2008-01-22 23:31:47 0 d-------- C:\Documents and Settings\Carol\Application Data\Apple Computer
2008-01-13 19:02:36 1238689 --a------ C:\MGtools.exe
2008-01-13 18:29:46 1158 --a------ C:\WINDOWS\mozver.dat
2008-01-11 17:08:43 729088 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-01-09 22:31:22 999506 --a------ C:\WINDOWS\etrnview.exe <Not Verified; RealLegal; e-transcript>
2008-01-09 21:55:18 25030 --a------ C:\Documents and Settings\Carol\Application Data\Comma Separated Values (Windows).ADR
2008-01-09 19:22:07 56 -r-hs---- C:\WINDOWS\system32\AF822943B4.sys
2008-01-09 18:55:22 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast! "= "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]
"a-squared "= "C:\Program Files\a-squared Anti-Malware\a2guard.exe" [01/07/2008 05:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [12/30/2004 04:32 AM]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 08:00 AM]
"updateMgr "= "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe [1/9/2008 7:10:58 PM]
Guardian PC Security Tools.lnk - C:\Program Files\Boomerang Software\Guardian PC Security Tools\Pfft.exe [1/9/2008 3:56:21 PM]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [6/9/2004 3:27:34 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2/15/2006 12:31:42 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools "=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton 360.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton 360.lnk
backup=C:\WINDOWS\pss\Norton 360.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Carol^Start Menu^Programs^Startup^avast! Antivirus.lnk]
path=C:\Documents and Settings\Carol\Start Menu\Programs\Startup\avast! Antivirus.lnk
backup=C:\WINDOWS\pss\avast! Antivirus.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Carol^Start Menu^Programs^Startup^Palm Registration.lnk]
path=C:\Documents and Settings\Carol\Start Menu\Programs\Startup\Palm Registration.lnk
backup=C:\WINDOWS\pss\Palm Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
"C:\Program Files\CCleaner\CCleaner.exe" /AUTO

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian]
C:\Program Files\PeerGuardian2\pg2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
"C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

*Newly Created Service* - MCHINJDRV
*Newly Created Service* - RKPAVPROC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- End of Deckard's System Scanner: finished at 2008-03-15 12:43:15 ------------

 

Hi mandy030702
Welcome to Windowsbbs.

I see you have P2P software ([color= "Red"] Limewire, BitTorrent Bitcomet, uTorrent etc… [/color]) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and thier infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Was this also found by Guardian PC or a different scanner?


I would like to get a file scanned, so please do this.

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan "box on the top of the page: one at a time
  
  • C:\WINDOWS\system32\CF2979.exe
• Click on the submit button
  
• Please post the results in your next reply.

Thanks
Geri

 

The win32 backdoor ciadoor was found by a different scanner - the backdoor ciadoor (without the "win32" in front of it) was found by guardian pc tools.

The results of the Jotti scan are as follows:

Scan taken on 16 Mar 2008 13:17:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Also - I have uninstalled Limewire. THanks in advance for your help.

 

One more thing I did run Panda Active Scan yesterday afternoon after my post - here is a report from that scan in case that helps.


Incident Status Location

Spyware:Cookie/onestat.com Not disinfected C:\Documents and ettings\Administrator\Cookies\administrator@stat.onestat[2].txt

Spyware:Cookie/Tribalfusion Not disinfected Cocments and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\01az9lcp.default\Cache\C2152591d01[327882R2FWJFW\nircmd.com]

Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\01az9lcp.default\Cache\C2152591d01[327882R2FWJFW\nircmd.cfexe]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\wzda8mth.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\wzda8mth.default\cookies.txt[.com.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\wzda8mth.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Overture

 

Sorry, but I just wanted to give you as much info as possible - I also did a Kaspersky scan yesterday afternoon after my post and here is the log from that scan.


KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 2:41:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/03/2008
Kaspersky Anti-Virus database records: 631503
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Carol\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 25348
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 00:33:52

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E73A1825-A2A6-4CDA-B01B-15A20B1BC9EF}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lqoe89kr.lwp Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\a2cache_51F61360.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_170.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\DOCUME~1\Carol\LOCALS~1\Temp\a2archive\Nero-8.1.1.0_eng.exe Object is locked skipped
C:\DOCUME~1\Carol\LOCALS~1\Temp\~DFBF28.tmp Object is locked skipped
Scan process completed.

 

Hi mandy030702
Thanks for those scans.

Glad to hear you uninstalled LimeWire.

It could be that it is finding quarantined files.
You still have Combofix on your machine, Combofix is updated almost daily and a old version will do you no good.

So please do this.

Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created.

Other then Combofix Panda is just showing Cookies, and Kasperksy is showing clean.

Here is a good tool for cleaning out your cookies, if you don't have it already.

Download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• 
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

After doing the above scan again and see if you get any warnings.

Let me know,

Thanks
Geri