Tech Support Forum - View Single Post - HijackThis Log

brandeewyne · 01-12-2008, 02:51 PM

First and foremost, thank you a great deal for your assistance.

I ran the combofix utility as instructed. The logfile follows, as well as the new hjt log.

ComboFix 08-01-13.1 - Brandee 2008-01-12 16:05:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.378 [GMT -5:00]
Running from: C:\Documents and Settings\Brandee\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\pos10.tmp
C:\pos100.tmp
C:\pos101.tmp
C:\pos102.tmp
C:\pos103.tmp
C:\pos104.tmp
C:\pos105.tmp
C:\pos106.tmp
C:\pos107.tmp
C:\pos108.tmp
C:\pos109.tmp
C:\pos10A.tmp
C:\pos10B.tmp
C:\pos10C.tmp
C:\pos10D.tmp
C:\pos10E.tmp
C:\pos10F.tmp
C:\pos11.tmp
C:\pos110.tmp
C:\pos111.tmp
C:\pos112.tmp
C:\pos113.tmp
C:\pos114.tmp
C:\pos115.tmp
C:\pos116.tmp
C:\pos117.tmp
C:\pos118.tmp
C:\pos119.tmp
C:\pos11A.tmp
C:\pos11B.tmp
C:\pos11C.tmp
C:\pos11D.tmp
C:\pos11E.tmp
C:\pos11F.tmp
C:\pos120.tmp
C:\pos121.tmp
C:\pos122.tmp
C:\pos123.tmp
C:\pos124.tmp
C:\pos125.tmp
C:\pos126.tmp
C:\pos127.tmp
C:\pos128.tmp
C:\pos129.tmp
C:\pos12A.tmp
C:\pos12B.tmp
C:\pos12C.tmp
C:\pos12D.tmp
C:\pos12E.tmp
C:\pos12F.tmp
C:\pos130.tmp
C:\pos131.tmp
C:\pos132.tmp
C:\pos133.tmp
C:\pos134.tmp
C:\pos135.tmp
C:\pos136.tmp
C:\pos137.tmp
C:\pos138.tmp
C:\pos139.tmp
C:\pos13A.tmp
C:\pos13B.tmp
C:\pos13C.tmp
C:\pos13D.tmp
C:\pos13E.tmp
C:\pos13F.tmp
C:\pos14.tmp
C:\pos140.tmp
C:\pos141.tmp
C:\pos142.tmp
C:\pos143.tmp
C:\pos144.tmp
C:\pos145.tmp
C:\pos146.tmp
C:\pos147.tmp
C:\pos148.tmp
C:\pos149.tmp
C:\pos14A.tmp
C:\pos14B.tmp
C:\pos14C.tmp
C:\pos14D.tmp
C:\pos14E.tmp
C:\pos14F.tmp
C:\pos15.tmp
C:\pos150.tmp
C:\pos151.tmp
C:\pos152.tmp
C:\pos153.tmp
C:\pos154.tmp
C:\pos155.tmp
C:\pos156.tmp
C:\pos157.tmp
C:\pos158.tmp
C:\pos159.tmp
C:\pos15A.tmp
C:\pos15B.tmp
C:\pos15C.tmp
C:\pos15D.tmp
C:\pos15E.tmp
C:\pos15F.tmp
C:\pos16.tmp
C:\pos160.tmp
C:\pos161.tmp
C:\pos162.tmp
C:\pos163.tmp
C:\pos164.tmp
C:\pos165.tmp
C:\pos166.tmp
C:\pos167.tmp
C:\pos168.tmp
C:\pos169.tmp
C:\pos16A.tmp
C:\pos16B.tmp
C:\pos16C.tmp
C:\pos16D.tmp
C:\pos16E.tmp
C:\pos16F.tmp
C:\pos17.tmp
C:\pos170.tmp
C:\pos171.tmp
C:\pos172.tmp
C:\pos173.tmp
C:\pos174.tmp
C:\pos175.tmp
C:\pos176.tmp
C:\pos177.tmp
C:\pos178.tmp
C:\pos179.tmp
C:\pos17A.tmp
C:\pos17B.tmp
C:\pos17C.tmp
C:\pos17D.tmp
C:\pos17E.tmp
C:\pos17F.tmp
C:\pos18.tmp
C:\pos180.tmp
C:\pos181.tmp
C:\pos182.tmp
C:\pos183.tmp
C:\pos184.tmp
C:\pos185.tmp
C:\pos186.tmp
C:\pos187.tmp
C:\pos188.tmp
C:\pos189.tmp
C:\pos18A.tmp
C:\pos18B.tmp
C:\pos18C.tmp
C:\pos18D.tmp
C:\pos18E.tmp
C:\pos18F.tmp
C:\pos19.tmp
C:\pos190.tmp
C:\pos191.tmp
C:\pos192.tmp
C:\pos193.tmp
C:\pos194.tmp
C:\pos195.tmp
C:\pos196.tmp
C:\pos197.tmp
C:\pos198.tmp
C:\pos199.tmp
C:\pos19A.tmp
C:\pos19B.tmp
C:\pos19C.tmp
C:\pos19D.tmp
C:\pos19E.tmp
C:\pos19F.tmp
C:\pos1A.tmp
C:\pos1A0.tmp
C:\pos1A1.tmp
C:\pos1A2.tmp
C:\pos1A3.tmp
C:\pos1A4.tmp
C:\pos1A5.tmp
C:\pos1A6.tmp
C:\pos1A7.tmp
C:\pos1A8.tmp
C:\pos1A9.tmp
C:\pos1AA.tmp
C:\pos1AB.tmp
C:\pos1AC.tmp
C:\pos1AD.tmp
C:\pos1AE.tmp
C:\pos1AF.tmp
C:\pos1B.tmp
C:\pos1B0.tmp
C:\pos1B1.tmp
C:\pos1B2.tmp
C:\pos1B3.tmp
C:\pos1B4.tmp
C:\pos1B5.tmp
C:\pos1B6.tmp
C:\pos1B7.tmp
C:\pos1B8.tmp
C:\pos1B9.tmp
C:\pos1BA.tmp
C:\pos1BB.tmp
C:\pos1BC.tmp
C:\pos1BD.tmp
C:\pos1BE.tmp
C:\pos1BF.tmp
C:\pos1C.tmp
C:\pos1C0.tmp
C:\pos1C1.tmp
C:\pos1C2.tmp
C:\pos1C3.tmp
C:\pos1C4.tmp
C:\pos1C5.tmp
C:\pos1C6.tmp
C:\pos1C7.tmp
C:\pos1C8.tmp
C:\pos1C9.tmp
C:\pos1CA.tmp
C:\pos1CB.tmp
C:\pos1CC.tmp
C:\pos1CD.tmp
C:\pos1CE.tmp
C:\pos1CF.tmp
C:\pos1D.tmp
C:\pos1D0.tmp
C:\pos1D1.tmp
C:\pos1D2.tmp
C:\pos1D3.tmp
C:\pos1D4.tmp
C:\pos1D5.tmp
C:\pos1D6.tmp
C:\pos1D7.tmp
C:\pos1D8.tmp
C:\pos1D9.tmp
C:\pos1DA.tmp
C:\pos1DB.tmp
C:\pos1DC.tmp
C:\pos1DD.tmp
C:\pos1DE.tmp
C:\pos1DF.tmp
C:\pos1E.tmp
C:\pos1E0.tmp
C:\pos1E1.tmp
C:\pos1E2.tmp
C:\pos1E3.tmp
C:\pos1E4.tmp
C:\pos1E5.tmp
C:\pos1E6.tmp
C:\pos1E7.tmp
C:\pos1E8.tmp
C:\pos1E9.tmp
C:\pos1EA.tmp
C:\pos1EB.tmp
C:\pos1EC.tmp
C:\pos1ED.tmp
C:\pos1EE.tmp
C:\pos1EF.tmp
C:\pos1F.tmp
C:\pos1F0.tmp
C:\pos1F1.tmp
C:\pos1F2.tmp
C:\pos1F3.tmp
C:\pos1F4.tmp
C:\pos1F5.tmp
C:\pos1F6.tmp
C:\pos1F7.tmp
C:\pos1F8.tmp
C:\pos1F9.tmp
C:\pos1FA.tmp
C:\pos1FB.tmp
C:\pos1FC.tmp
C:\pos1FD.tmp
C:\pos1FE.tmp
C:\pos1FF.tmp
C:\pos20.tmp
C:\pos200.tmp
C:\pos201.tmp
C:\pos202.tmp
C:\pos203.tmp
C:\pos204.tmp
C:\pos205.tmp
C:\pos206.tmp
C:\pos207.tmp
C:\pos208.tmp
C:\pos209.tmp
C:\pos20A.tmp
C:\pos20B.tmp
C:\pos20C.tmp
C:\pos20D.tmp
C:\pos20E.tmp
C:\pos20F.tmp
C:\pos21.tmp
C:\pos210.tmp
C:\pos211.tmp
C:\pos212.tmp
C:\pos213.tmp
C:\pos214.tmp
C:\pos215.tmp
C:\pos216.tmp
C:\pos217.tmp
C:\pos218.tmp
C:\pos219.tmp
C:\pos21A.tmp
C:\pos21B.tmp
C:\pos21C.tmp
C:\pos21D.tmp
C:\pos21E.tmp
C:\pos21F.tmp
C:\pos22.tmp
C:\pos220.tmp
C:\pos221.tmp
C:\pos222.tmp
C:\pos223.tmp
C:\pos224.tmp
C:\pos225.tmp
C:\pos226.tmp
C:\pos227.tmp
C:\pos228.tmp
C:\pos229.tmp
C:\pos22A.tmp
C:\pos22B.tmp
C:\pos22C.tmp
C:\pos22D.tmp
C:\pos22E.tmp
C:\pos22F.tmp
C:\pos23.tmp
C:\pos230.tmp
C:\pos231.tmp
C:\pos232.tmp
C:\pos234.tmp
C:\pos235.tmp
C:\pos236.tmp
C:\pos237.tmp
C:\pos238.tmp
C:\pos239.tmp
C:\pos23A.tmp
C:\pos23B.tmp
C:\pos23C.tmp
C:\pos23D.tmp
C:\pos23E.tmp
C:\pos23F.tmp
C:\pos24.tmp
C:\pos240.tmp
C:\pos241.tmp
C:\pos242.tmp
C:\pos243.tmp
C:\pos244.tmp
C:\pos245.tmp
C:\pos246.tmp
C:\pos249.tmp
C:\pos24A.tmp
C:\pos24B.tmp
C:\pos24D.tmp
C:\pos24E.tmp
C:\pos24F.tmp
C:\pos25.tmp
C:\pos250.tmp
C:\pos251.tmp
C:\pos254.tmp
C:\pos255.tmp
C:\pos256.tmp
C:\pos257.tmp
C:\pos258.tmp
C:\pos259.tmp
C:\pos25A.tmp
C:\pos25B.tmp
C:\pos25C.tmp
C:\pos25D.tmp
C:\pos25F.tmp
C:\pos26.tmp
C:\pos262.tmp
C:\pos263.tmp
C:\pos264.tmp
C:\pos265.tmp
C:\pos266.tmp
C:\pos267.tmp
C:\pos268.tmp
C:\pos269.tmp
C:\pos26B.tmp
C:\pos26C.tmp
C:\pos26D.tmp
C:\pos27.tmp
C:\pos270.tmp
C:\pos271.tmp
C:\pos272.tmp
C:\pos273.tmp
C:\pos274.tmp
C:\pos275.tmp
C:\pos276.tmp
C:\pos277.tmp
C:\pos278.tmp
C:\pos279.tmp
C:\pos27A.tmp
C:\pos27C.tmp
C:\pos27D.tmp
C:\pos28.tmp
C:\pos280.tmp
C:\pos281.tmp
C:\pos282.tmp
C:\pos283.tmp
C:\pos284.tmp
C:\pos285.tmp
C:\pos286.tmp
C:\pos287.tmp
C:\pos289.tmp
C:\pos28A.tmp
C:\pos28B.tmp
C:\pos28C.tmp
C:\pos28D.tmp
C:\pos28E.tmp
C:\pos28F.tmp
C:\pos29.tmp
C:\pos290.tmp
C:\pos291.tmp
C:\pos292.tmp
C:\pos293.tmp
C:\pos294.tmp
C:\pos295.tmp
C:\pos296.tmp
C:\pos297.tmp
C:\pos299.tmp
C:\pos29B.tmp
C:\pos29C.tmp
C:\pos29D.tmp
C:\pos29E.tmp
C:\pos29F.tmp
C:\pos2A.tmp
C:\pos2A0.tmp
C:\pos2A2.tmp
C:\pos2A3.tmp
C:\pos2A4.tmp
C:\pos2A5.tmp
C:\pos2A6.tmp
C:\pos2A7.tmp
C:\pos2A8.tmp
C:\pos2A9.tmp
C:\pos2AA.tmp
C:\pos2AB.tmp
C:\pos2AC.tmp
C:\pos2AD.tmp
C:\pos2AE.tmp
C:\pos2B.tmp
C:\pos2B1.tmp
C:\pos2B2.tmp
C:\pos2B3.tmp
C:\pos2B4.tmp
C:\pos2B5.tmp
C:\pos2B7.tmp
C:\pos2B8.tmp
C:\pos2B9.tmp
C:\pos2BA.tmp
C:\pos2BB.tmp
C:\pos2BE.tmp
C:\pos2BF.tmp
C:\pos2C.tmp
C:\pos2C0.tmp
C:\pos2C1.tmp
C:\pos2C2.tmp
C:\pos2C3.tmp
C:\pos2C4.tmp
C:\pos2C5.tmp
C:\pos2C7.tmp
C:\pos2C8.tmp
C:\pos2C9.tmp
C:\pos2CA.tmp
C:\pos2CB.tmp
C:\pos2CC.tmp
C:\pos2CD.tmp
C:\pos2CF.tmp
C:\pos2D.tmp
C:\pos2D0.tmp
C:\pos2D1.tmp
C:\pos2D2.tmp
C:\pos2D3.tmp
C:\pos2D4.tmp
C:\pos2D5.tmp
C:\pos2D6.tmp
C:\pos2D7.tmp
C:\pos2D8.tmp
C:\pos2D9.tmp
C:\pos2DA.tmp
C:\pos2DB.tmp
C:\pos2DC.tmp
C:\pos2DD.tmp
C:\pos2DE.tmp
C:\pos2DF.tmp
C:\pos2E.tmp
C:\pos2E0.tmp
C:\pos2E1.tmp
C:\pos2E2.tmp
C:\pos2E3.tmp
C:\pos2E4.tmp
C:\pos2E5.tmp
C:\pos2E6.tmp
C:\pos2E7.tmp
C:\pos2E8.tmp
C:\pos2E9.tmp
C:\pos2EA.tmp
C:\pos2EB.tmp
C:\pos2EC.tmp
C:\pos2ED.tmp
C:\pos2EE.tmp
C:\pos2EF.tmp
C:\pos2F.tmp
C:\pos2F0.tmp
C:\pos2F1.tmp
C:\pos2F2.tmp
C:\pos2F3.tmp
C:\pos2F4.tmp
C:\pos2F5.tmp
C:\pos2F6.tmp
C:\pos2F7.tmp
C:\pos2F8.tmp
C:\pos2F9.tmp
C:\pos2FA.tmp
C:\pos2FB.tmp
C:\pos2FC.tmp
C:\pos2FD.tmp
C:\pos2FE.tmp
C:\pos2FF.tmp
C:\pos3.tmp
C:\pos30.tmp
C:\pos300.tmp
C:\pos301.tmp
C:\pos302.tmp
C:\pos303.tmp
C:\pos304.tmp
C:\pos305.tmp
C:\pos306.tmp
C:\pos307.tmp
C:\pos308.tmp
C:\pos309.tmp
C:\pos30A.tmp
C:\pos30B.tmp
C:\pos30C.tmp
C:\pos30D.tmp
C:\pos30E.tmp
C:\pos30F.tmp
C:\pos31.tmp
C:\pos310.tmp
C:\pos311.tmp
C:\pos312.tmp
C:\pos313.tmp
C:\pos314.tmp
C:\pos315.tmp
C:\pos316.tmp
C:\pos317.tmp
C:\pos318.tmp
C:\pos319.tmp
C:\pos31A.tmp
C:\pos31B.tmp
C:\pos31C.tmp
C:\pos31D.tmp
C:\pos31E.tmp
C:\pos31F.tmp
C:\pos32.tmp
C:\pos320.tmp
C:\pos321.tmp
C:\pos322.tmp
C:\pos323.tmp
C:\pos324.tmp
C:\pos325.tmp
C:\pos326.tmp
C:\pos327.tmp
C:\pos328.tmp
C:\pos329.tmp
C:\pos32A.tmp
C:\pos32B.tmp
C:\pos32C.tmp
C:\pos32D.tmp
C:\pos32E.tmp
C:\pos32F.tmp
C:\pos33.tmp
C:\pos330.tmp
C:\pos331.tmp
C:\pos332.tmp
C:\pos333.tmp
C:\pos334.tmp
C:\pos335.tmp
C:\pos336.tmp
C:\pos337.tmp
C:\pos338.tmp
C:\pos339.tmp
C:\pos33A.tmp
C:\pos33B.tmp
C:\pos33C.tmp
C:\pos33D.tmp
C:\pos33E.tmp
C:\pos33F.tmp
C:\pos34.tmp
C:\pos340.tmp
C:\pos341.tmp
C:\pos342.tmp
C:\pos343.tmp
C:\pos344.tmp
C:\pos345.tmp
C:\pos346.tmp
C:\pos347.tmp
C:\pos348.tmp
C:\pos349.tmp
C:\pos34A.tmp
C:\pos34B.tmp
C:\pos34C.tmp
C:\pos34D.tmp
C:\pos34E.tmp
C:\pos34F.tmp
C:\pos35.tmp
C:\pos350.tmp
C:\pos351.tmp
C:\pos352.tmp
C:\pos353.tmp
C:\pos354.tmp
C:\pos355.tmp
C:\pos356.tmp
C:\pos357.tmp
C:\pos358.tmp
C:\pos359.tmp
C:\pos35A.tmp
C:\pos35B.tmp
C:\pos35C.tmp
C:\pos35D.tmp
C:\pos35E.tmp
C:\pos35F.tmp
C:\pos36.tmp
C:\pos360.tmp
C:\pos361.tmp
C:\pos362.tmp
C:\pos363.tmp
C:\pos364.tmp
C:\pos365.tmp
C:\pos366.tmp
C:\pos367.tmp
C:\pos368.tmp
C:\pos369.tmp
C:\pos36A.tmp
C:\pos36B.tmp
C:\pos36C.tmp
C:\pos36D.tmp
C:\pos36E.tmp
C:\pos36F.tmp
C:\pos37.tmp
C:\pos370.tmp
C:\pos371.tmp
C:\pos372.tmp
C:\pos373.tmp
C:\pos374.tmp
C:\pos375.tmp
C:\pos376.tmp
C:\pos377.tmp
C:\pos378.tmp
C:\pos379.tmp
C:\pos37A.tmp
C:\pos37B.tmp
C:\pos37C.tmp
C:\pos37D.tmp
C:\pos37E.tmp
C:\pos37F.tmp
C:\pos38.tmp
C:\pos380.tmp
C:\pos381.tmp
C:\pos382.tmp
C:\pos383.tmp
C:\pos384.tmp
C:\pos385.tmp
C:\pos386.tmp
C:\pos387.tmp
C:\pos388.tmp
C:\pos389.tmp
C:\pos38A.tmp
C:\pos38B.tmp
C:\pos38C.tmp
C:\pos38D.tmp
C:\pos38E.tmp
C:\pos38F.tmp
C:\pos39.tmp
C:\pos390.tmp
C:\pos391.tmp
C:\pos392.tmp
C:\pos393.tmp
C:\pos394.tmp
C:\pos395.tmp
C:\pos396.tmp
C:\pos397.tmp
C:\pos398.tmp
C:\pos399.tmp
C:\pos39A.tmp
C:\pos39B.tmp
C:\pos39C.tmp
C:\pos39D.tmp
C:\pos39E.tmp
C:\pos39F.tmp
C:\pos3A.tmp
C:\pos3A0.tmp
C:\pos3A1.tmp
C:\pos3A2.tmp
C:\pos3A3.tmp
C:\pos3A4.tmp
C:\pos3A5.tmp
C:\pos3A6.tmp
C:\pos3A7.tmp
C:\pos3A8.tmp
C:\pos3A9.tmp
C:\pos3AA.tmp
C:\pos3AB.tmp
C:\pos3AC.tmp
C:\pos3AD.tmp
C:\pos3AE.tmp
C:\pos3AF.tmp
C:\pos3B.tmp
C:\pos3B0.tmp
C:\pos3B1.tmp
C:\pos3B2.tmp
C:\pos3B3.tmp
C:\pos3B4.tmp
C:\pos3B5.tmp
C:\pos3B6.tmp
C:\pos3B7.tmp
C:\pos3B8.tmp
C:\pos3B9.tmp
C:\pos3BA.tmp
C:\pos3BB.tmp
C:\pos3BC.tmp
C:\pos3BD.tmp
C:\pos3BE.tmp
C:\pos3BF.tmp
C:\pos3C.tmp
C:\pos3C0.tmp
C:\pos3C1.tmp
C:\pos3C2.tmp
C:\pos3C3.tmp
C:\pos3C4.tmp
C:\pos3C5.tmp
C:\pos3C6.tmp
C:\pos3C7.tmp
C:\pos3C8.tmp
C:\pos3C9.tmp
C:\pos3CA.tmp
C:\pos3CB.tmp
C:\pos3CC.tmp
C:\pos3CD.tmp
C:\pos3CE.tmp
C:\pos3CF.tmp
C:\pos3D.tmp
C:\pos3D0.tmp
C:\pos3D1.tmp
C:\pos3D2.tmp
C:\pos3D3.tmp
C:\pos3D4.tmp
C:\pos3D5.tmp
C:\pos3D6.tmp
C:\pos3D7.tmp
C:\pos3D8.tmp
C:\pos3D9.tmp
C:\pos3DA.tmp
C:\pos3DB.tmp
C:\pos3DC.tmp
C:\pos3DD.tmp
C:\pos3DE.tmp
C:\pos3DF.tmp
C:\pos3E.tmp
C:\pos3E0.tmp
C:\pos3E1.tmp
C:\pos3E2.tmp
C:\pos3E3.tmp
C:\pos3E4.tmp
C:\pos3E5.tmp
C:\pos3E6.tmp
C:\pos3E7.tmp
C:\pos3E8.tmp
C:\pos3E9.tmp
C:\pos3EA.tmp
C:\pos3EB.tmp
C:\pos3EC.tmp
C:\pos3ED.tmp
C:\pos3EE.tmp
C:\pos3EF.tmp
C:\pos3F.tmp
C:\pos3F0.tmp
C:\pos3F1.tmp
C:\pos3F2.tmp
C:\pos3F3.tmp
C:\pos3F4.tmp
C:\pos3F5.tmp
C:\pos3F6.tmp
C:\pos3F7.tmp
C:\pos3F8.tmp
C:\pos3F9.tmp
C:\pos3FA.tmp
C:\pos3FB.tmp
C:\pos3FC.tmp
C:\pos3FD.tmp
C:\pos3FE.tmp
C:\pos3FF.tmp
C:\pos4.tmp
C:\pos40.tmp
C:\pos400.tmp
C:\pos401.tmp
C:\pos402.tmp
C:\pos403.tmp
C:\pos404.tmp
C:\pos405.tmp
C:\pos406.tmp
C:\pos407.tmp
C:\pos41.tmp
C:\pos42.tmp
C:\pos43.tmp
C:\pos44.tmp
C:\pos45.tmp
C:\pos46.tmp
C:\pos47.tmp
C:\pos48.tmp
C:\pos49.tmp
C:\pos4A.tmp
C:\pos4B.tmp
C:\pos4C.tmp
C:\pos4D.tmp
C:\pos4E.tmp
C:\pos4F.tmp
C:\pos5.tmp
C:\pos50.tmp
C:\pos51.tmp
C:\pos52.tmp
C:\pos53.tmp
C:\pos54.tmp
C:\pos55.tmp
C:\pos56.tmp
C:\pos57.tmp
C:\pos58.tmp
C:\pos59.tmp
C:\pos5A.tmp
C:\pos5B.tmp
C:\pos5C.tmp
C:\pos5D.tmp
C:\pos5E.tmp
C:\pos5F.tmp
C:\pos6.tmp
C:\pos60.tmp
C:\pos61.tmp
C:\pos62.tmp
C:\pos63.tmp
C:\pos64.tmp
C:\pos65.tmp
C:\pos66.tmp
C:\pos67.tmp
C:\pos68.tmp
C:\pos69.tmp
C:\pos6A.tmp
C:\pos6B.tmp
C:\pos6C.tmp
C:\pos6D.tmp
C:\pos6E.tmp
C:\pos6F.tmp
C:\pos70.tmp
C:\pos71.tmp
C:\pos72.tmp
C:\pos73.tmp
C:\pos74.tmp
C:\pos75.tmp
C:\pos76.tmp
C:\pos77.tmp
C:\pos78.tmp
C:\pos79.tmp
C:\pos7A.tmp
C:\pos7B.tmp
C:\pos7C.tmp
C:\pos7D.tmp
C:\pos7E.tmp
C:\pos7F.tmp
C:\pos8.tmp
C:\pos80.tmp
C:\pos81.tmp
C:\pos82.tmp
C:\pos83.tmp
C:\pos84.tmp
C:\pos85.tmp
C:\pos86.tmp
C:\pos87.tmp
C:\pos88.tmp
C:\pos89.tmp
C:\pos8A.tmp
C:\pos8B.tmp
C:\pos8C.tmp
C:\pos8D.tmp
C:\pos8E.tmp
C:\pos8F.tmp
C:\pos9.tmp
C:\pos90.tmp
C:\pos91.tmp
C:\pos92.tmp
C:\pos93.tmp
C:\pos94.tmp
C:\pos95.tmp
C:\pos96.tmp
C:\pos97.tmp
C:\pos98.tmp
C:\pos99.tmp
C:\pos9A.tmp
C:\pos9B.tmp
C:\pos9C.tmp
C:\pos9D.tmp
C:\pos9E.tmp
C:\pos9F.tmp
C:\posA.tmp
C:\posA0.tmp
C:\posA1.tmp
C:\posA2.tmp
C:\posA3.tmp
C:\posA4.tmp
C:\posA5.tmp
C:\posA6.tmp
C:\posA7.tmp
C:\posA8.tmp
C:\posA9.tmp
C:\posAA.tmp
C:\posAB.tmp
C:\posAC.tmp
C:\posAD.tmp
C:\posAE.tmp
C:\posAF.tmp
C:\posB.tmp
C:\posB0.tmp
C:\posB1.tmp
C:\posB2.tmp
C:\posB3.tmp
C:\posB4.tmp
C:\posB5.tmp
C:\posB6.tmp
C:\posB7.tmp
C:\posB8.tmp
C:\posB9.tmp
C:\posBA.tmp
C:\posBB.tmp
C:\posBC.tmp
C:\posBD.tmp
C:\posBE.tmp
C:\posBF.tmp
C:\posC.tmp
C:\posC0.tmp
C:\posC1.tmp
C:\posC2.tmp
C:\posC3.tmp
C:\posC4.tmp
C:\posC5.tmp
C:\posC6.tmp
C:\posC7.tmp
C:\posC8.tmp
C:\posC9.tmp
C:\posCA.tmp
C:\posCB.tmp
C:\posCC.tmp
C:\posCD.tmp
C:\posCE.tmp
C:\posCF.tmp
C:\posD.tmp
C:\posD0.tmp
C:\posD1.tmp
C:\posD2.tmp
C:\posD3.tmp
C:\posD4.tmp
C:\posD5.tmp
C:\posD6.tmp
C:\posD7.tmp
C:\posD8.tmp
C:\posD9.tmp
C:\posDA.tmp
C:\posDB.tmp
C:\posDC.tmp
C:\posDD.tmp
C:\posDE.tmp
C:\posDF.tmp
C:\posE.tmp
C:\posE0.tmp
C:\posE1.tmp
C:\posE2.tmp
C:\posE3.tmp
C:\posE4.tmp
C:\posE5.tmp
C:\posE6.tmp
C:\posE7.tmp
C:\posE8.tmp
C:\posE9.tmp
C:\posEA.tmp
C:\posEB.tmp
C:\posEC.tmp
C:\posED.tmp
C:\posEE.tmp
C:\posEF.tmp
C:\posF.tmp
C:\posF0.tmp
C:\posF1.tmp
C:\posF2.tmp
C:\posF3.tmp
C:\posF4.tmp
C:\posF5.tmp
C:\posF6.tmp
C:\posF7.tmp
C:\posF8.tmp
C:\posF9.tmp
C:\posFA.tmp
C:\posFB.tmp
C:\posFC.tmp
C:\posFD.tmp
C:\posFE.tmp
C:\posFF.tmp
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\kernel
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Temporary
C:\Program Files\Temporary\kernInstall.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\system32\amlhvqvf.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\system32\dslnjfsm.dll
C:\WINDOWS\SYSTEM32\fvqvhlma.ini
C:\WINDOWS\system32\fxibhuxd.dll
C:\WINDOWS\system32\hgxfdsxp.dll
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\kfhncrmw.dll
C:\WINDOWS\system32\lgenbhsb.dll
C:\WINDOWS\SYSTEM32\lptakeub.ini
C:\WINDOWS\SYSTEM32\mbipjnps.ini
C:\WINDOWS\SYSTEM32\orutv.ini
C:\WINDOWS\SYSTEM32\orutv.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\pxsdfxgh.ini
C:\WINDOWS\system32\sosndqby.exe
C:\WINDOWS\system32\taesrpqq.dll
C:\WINDOWS\system32\tvnannxg.exe
C:\WINDOWS\system32\urjkxhng.dll
C:\WINDOWS\system32\urjkxhng.dllbox
C:\WINDOWS\system32\uvtqplit.exe
C:\WINDOWS\system32\vtsphlxp.exe
C:\WINDOWS\system32\vturo.dll
C:\WINDOWS\system32\vturo.exe
C:\WINDOWS\system32\windows
C:\WINDOWS\SYSTEM32\ymxysckb.ini
C:\WINDOWS\system32\z1
C:\WINDOWS\system32\z9
C:\winlogon.exe
C:\x.dat
C:\z.dat

Code:

 <pre>
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli .exe ---> cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ---> SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG .exe ---> WMPNSCFG.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro .exe ---> FreeRAM XP Pro.exe
C:\WINDOWS\SYSTEM32\hkcmd .exe ---> hkcmd.exe
C:\WINDOWS\SYSTEM32\igfxtray .exe ---> igfxtray.exe
</pre>

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\DomainService

((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 )))))))))))))))))))))))))))))))
.

2008-01-12 16:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 14:27 . 2008-01-09 14:27 <DIR> d-------- C:\Deckard
2008-01-09 14:06 . 2008-01-09 14:06 <DIR> d-------- C:\ie-spyad_zo
2008-01-08 16:54 . 2008-01-08 16:54 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-08 16:54 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL
2008-01-08 14:04 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS
2008-01-08 13:26 . 2008-01-08 15:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2008-01-08 13:26 . 2008-01-08 13:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2008-01-08 13:26 . 2008-01-08 13:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2008-01-08 13:26 . 2008-01-08 13:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2008-01-07 22:03 . 2008-01-07 22:03 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 22:07 . 2008-01-06 22:07 <DIR> d-------- C:\VundoFix Backups
2008-01-04 11:32 . 2008-01-04 11:32 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Lavasoft
2008-01-04 11:25 . 2004-04-23 10:41 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Jasc Software Inc
2008-01-04 11:25 . 2005-05-26 08:59 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Gtek
2008-01-03 15:58 . 2008-01-04 10:37 696 --a------ C:\WINDOWS\wininit.ini
2008-01-03 13:18 . 2008-01-12 15:17 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-03 13:18 . 2008-01-12 15:17 126,976 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-03 12:20 . 2008-01-03 12:20 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll
2008-01-03 12:18 . 2008-01-04 10:41 379,904 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\mr9
2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo18
2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\aj2
2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d--hs---- C:\WINDOWS\SHVnaCBTdHVsbA
2008-01-03 12:17 . 2008-01-03 12:17 <DIR> d-------- C:\temp\cEeer12
2008-01-03 12:17 . 2008-01-03 12:17 166,945 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache(2).dsk
2008-01-03 12:17 . 2008-01-03 12:17 134 --a------ C:\n.bat
2007-12-30 17:05 . 2007-12-30 17:05 <DIR> d-------- C:\Program Files\abrViewer.NET
2007-12-28 13:11 . 2003-12-12 16:06 1,693,696 --a------ C:\WINDOWS\SYSTEM32\ltclr13n.dll
2007-12-28 13:11 . 2003-11-04 15:11 155,648 --a------ C:\WINDOWS\SYSTEM32\lftif13n.dll
2007-12-28 13:11 . 2003-11-04 15:10 98,304 --a------ C:\WINDOWS\SYSTEM32\lffax13n.dll
2007-12-28 13:11 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\SYSTEM32\lfpsd13n.dll
2007-12-27 00:09 . 2007-12-27 00:09 <DIR> d-------- C:\Program Files\High-Logic
2007-12-27 00:09 . 2007-12-27 00:10 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\FontCreator
2007-12-27 00:09 . 2008-01-07 19:04 147 --a------ C:\WINDOWS\fcp5.cfg
2007-12-26 03:37 . 2007-12-26 03:37 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI
2007-12-26 01:15 . 2007-12-26 01:15 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\ATI
2007-12-26 01:12 . 2007-12-26 01:12 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies
2007-12-26 01:03 . 2007-12-26 01:09 <DIR> d-------- C:\Program Files\ATI Technologies
2007-12-26 01:03 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\SYSTEM32\ati2sgag.exe
2007-12-26 01:02 . 2005-10-14 07:10 58,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativckxx.vp
2007-12-26 01:02 . 2006-05-03 10:09 28,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativvpxx.vp
2007-12-26 01:02 . 2006-01-25 17:48 6,005 --a------ C:\WINDOWS\SYSTEM32\atifglpf.xml
2007-12-26 01:02 . 2006-02-08 13:44 929 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativcaxx.vp
2007-12-25 11:30 . 2007-12-25 14:13 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\U3
2007-12-25 11:30 . 2004-08-04 02:08 26,496 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys
2007-12-20 01:45 . 2007-12-20 01:45 <DIR> d-------- C:\Program Files\SecondLife
2007-12-20 01:45 . 2007-12-20 02:21 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\SecondLife
2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\Move Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 21:29 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-01-13 21:25 --------- d-----w C:\Program Files\QuickTime
2008-01-08 20:29 --------- d-----w C:\Program Files\Palm
2008-01-08 20:23 --------- d-----w C:\Program Files\MSN Messenger
2008-01-08 20:23 --------- d-----w C:\Program Files\Last.fm
2008-01-08 20:17 --------- d-----w C:\Program Files\Google
2008-01-05 16:13 --------- d-----w C:\Documents and Settings\Guest\Application Data\OpenOffice.org2
2008-01-01 19:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-01 19:47 --------- d-----w C:\Documents and Settings\Brandee\Application Data\AdobeUM
2007-12-28 18:36 --------- d-----w C:\Documents and Settings\Brandee\Application Data\OpenOffice.org2
2007-12-26 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 15:18 68856]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2008-01-12 15:18 1591808]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-12 15:18 1318912]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-12 15:18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-12 15:17 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-12 15:17 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-12 15:17 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-12 15:17 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 15:17 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008]

C:\Documents and Settings\Guest\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-23 17:46 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
path=
backup=

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmpmgr]
--a------ 2008-01-12 15:17 126976 C:\WINDOWS\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McUpdate]
--a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-05-29 20:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched]
--a------ 2006-12-30 12:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-12-30 12:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pml Driver HPZ12"=3 (0x3)

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 21:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-04-20 02:00:24 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2006-12-05 15:31:28 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-13 16:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-13 16:38:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-13 21:38:50
.
2007-12-13 08:05:03 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:41 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124628481531
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.geni.com/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://brandeewynne.spaces.live.com/...d/MsnPUpld.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab55579.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by141fd.bay141.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 9240 bytes

01-12-2008, 02:51 PM	#4 (permalink)
brandeewyne Registered User Join Date: Jan 2008 Posts: 18 OS: win xp sp2	Re: HijackThis Log - completed 5 steps First and foremost, thank you a great deal for your assistance. I ran the combofix utility as instructed. The logfile follows, as well as the new hjt log. ComboFix 08-01-13.1 - Brandee 2008-01-12 16:05:03.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.378 [GMT -5:00] Running from: C:\Documents and Settings\Brandee\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\pos10.tmp C:\pos100.tmp C:\pos101.tmp C:\pos102.tmp C:\pos103.tmp C:\pos104.tmp C:\pos105.tmp C:\pos106.tmp C:\pos107.tmp C:\pos108.tmp C:\pos109.tmp C:\pos10A.tmp C:\pos10B.tmp C:\pos10C.tmp C:\pos10D.tmp C:\pos10E.tmp C:\pos10F.tmp C:\pos11.tmp C:\pos110.tmp C:\pos111.tmp C:\pos112.tmp C:\pos113.tmp C:\pos114.tmp C:\pos115.tmp C:\pos116.tmp C:\pos117.tmp C:\pos118.tmp C:\pos119.tmp C:\pos11A.tmp C:\pos11B.tmp C:\pos11C.tmp C:\pos11D.tmp C:\pos11E.tmp C:\pos11F.tmp C:\pos120.tmp C:\pos121.tmp C:\pos122.tmp C:\pos123.tmp C:\pos124.tmp C:\pos125.tmp C:\pos126.tmp C:\pos127.tmp C:\pos128.tmp C:\pos129.tmp C:\pos12A.tmp C:\pos12B.tmp C:\pos12C.tmp C:\pos12D.tmp C:\pos12E.tmp C:\pos12F.tmp C:\pos130.tmp C:\pos131.tmp C:\pos132.tmp C:\pos133.tmp C:\pos134.tmp C:\pos135.tmp C:\pos136.tmp C:\pos137.tmp C:\pos138.tmp C:\pos139.tmp C:\pos13A.tmp C:\pos13B.tmp C:\pos13C.tmp C:\pos13D.tmp C:\pos13E.tmp C:\pos13F.tmp C:\pos14.tmp C:\pos140.tmp C:\pos141.tmp C:\pos142.tmp C:\pos143.tmp C:\pos144.tmp C:\pos145.tmp C:\pos146.tmp C:\pos147.tmp C:\pos148.tmp C:\pos149.tmp C:\pos14A.tmp C:\pos14B.tmp C:\pos14C.tmp C:\pos14D.tmp C:\pos14E.tmp C:\pos14F.tmp C:\pos15.tmp C:\pos150.tmp C:\pos151.tmp C:\pos152.tmp C:\pos153.tmp C:\pos154.tmp C:\pos155.tmp C:\pos156.tmp C:\pos157.tmp C:\pos158.tmp C:\pos159.tmp C:\pos15A.tmp C:\pos15B.tmp C:\pos15C.tmp C:\pos15D.tmp C:\pos15E.tmp C:\pos15F.tmp C:\pos16.tmp C:\pos160.tmp C:\pos161.tmp C:\pos162.tmp C:\pos163.tmp C:\pos164.tmp C:\pos165.tmp C:\pos166.tmp C:\pos167.tmp C:\pos168.tmp C:\pos169.tmp C:\pos16A.tmp C:\pos16B.tmp C:\pos16C.tmp C:\pos16D.tmp C:\pos16E.tmp C:\pos16F.tmp C:\pos17.tmp C:\pos170.tmp C:\pos171.tmp C:\pos172.tmp C:\pos173.tmp C:\pos174.tmp C:\pos175.tmp C:\pos176.tmp C:\pos177.tmp C:\pos178.tmp C:\pos179.tmp C:\pos17A.tmp C:\pos17B.tmp C:\pos17C.tmp C:\pos17D.tmp C:\pos17E.tmp C:\pos17F.tmp C:\pos18.tmp C:\pos180.tmp C:\pos181.tmp C:\pos182.tmp C:\pos183.tmp C:\pos184.tmp C:\pos185.tmp C:\pos186.tmp C:\pos187.tmp C:\pos188.tmp C:\pos189.tmp C:\pos18A.tmp C:\pos18B.tmp C:\pos18C.tmp C:\pos18D.tmp C:\pos18E.tmp C:\pos18F.tmp C:\pos19.tmp C:\pos190.tmp C:\pos191.tmp C:\pos192.tmp C:\pos193.tmp C:\pos194.tmp C:\pos195.tmp C:\pos196.tmp C:\pos197.tmp C:\pos198.tmp C:\pos199.tmp C:\pos19A.tmp C:\pos19B.tmp C:\pos19C.tmp C:\pos19D.tmp C:\pos19E.tmp C:\pos19F.tmp C:\pos1A.tmp C:\pos1A0.tmp C:\pos1A1.tmp C:\pos1A2.tmp C:\pos1A3.tmp C:\pos1A4.tmp C:\pos1A5.tmp C:\pos1A6.tmp C:\pos1A7.tmp C:\pos1A8.tmp C:\pos1A9.tmp C:\pos1AA.tmp C:\pos1AB.tmp C:\pos1AC.tmp C:\pos1AD.tmp C:\pos1AE.tmp C:\pos1AF.tmp C:\pos1B.tmp C:\pos1B0.tmp C:\pos1B1.tmp C:\pos1B2.tmp C:\pos1B3.tmp C:\pos1B4.tmp C:\pos1B5.tmp C:\pos1B6.tmp C:\pos1B7.tmp C:\pos1B8.tmp C:\pos1B9.tmp C:\pos1BA.tmp C:\pos1BB.tmp C:\pos1BC.tmp C:\pos1BD.tmp C:\pos1BE.tmp C:\pos1BF.tmp C:\pos1C.tmp C:\pos1C0.tmp C:\pos1C1.tmp C:\pos1C2.tmp C:\pos1C3.tmp C:\pos1C4.tmp C:\pos1C5.tmp C:\pos1C6.tmp C:\pos1C7.tmp C:\pos1C8.tmp C:\pos1C9.tmp C:\pos1CA.tmp C:\pos1CB.tmp C:\pos1CC.tmp C:\pos1CD.tmp C:\pos1CE.tmp C:\pos1CF.tmp C:\pos1D.tmp C:\pos1D0.tmp C:\pos1D1.tmp C:\pos1D2.tmp C:\pos1D3.tmp C:\pos1D4.tmp C:\pos1D5.tmp C:\pos1D6.tmp C:\pos1D7.tmp C:\pos1D8.tmp C:\pos1D9.tmp C:\pos1DA.tmp C:\pos1DB.tmp C:\pos1DC.tmp C:\pos1DD.tmp C:\pos1DE.tmp C:\pos1DF.tmp C:\pos1E.tmp C:\pos1E0.tmp C:\pos1E1.tmp C:\pos1E2.tmp C:\pos1E3.tmp C:\pos1E4.tmp C:\pos1E5.tmp C:\pos1E6.tmp C:\pos1E7.tmp C:\pos1E8.tmp C:\pos1E9.tmp C:\pos1EA.tmp C:\pos1EB.tmp C:\pos1EC.tmp C:\pos1ED.tmp C:\pos1EE.tmp C:\pos1EF.tmp C:\pos1F.tmp C:\pos1F0.tmp C:\pos1F1.tmp C:\pos1F2.tmp C:\pos1F3.tmp C:\pos1F4.tmp C:\pos1F5.tmp C:\pos1F6.tmp C:\pos1F7.tmp C:\pos1F8.tmp C:\pos1F9.tmp C:\pos1FA.tmp C:\pos1FB.tmp C:\pos1FC.tmp C:\pos1FD.tmp C:\pos1FE.tmp C:\pos1FF.tmp C:\pos20.tmp C:\pos200.tmp C:\pos201.tmp C:\pos202.tmp C:\pos203.tmp C:\pos204.tmp C:\pos205.tmp C:\pos206.tmp C:\pos207.tmp C:\pos208.tmp C:\pos209.tmp C:\pos20A.tmp C:\pos20B.tmp C:\pos20C.tmp C:\pos20D.tmp C:\pos20E.tmp C:\pos20F.tmp C:\pos21.tmp C:\pos210.tmp C:\pos211.tmp C:\pos212.tmp C:\pos213.tmp C:\pos214.tmp C:\pos215.tmp C:\pos216.tmp C:\pos217.tmp C:\pos218.tmp C:\pos219.tmp C:\pos21A.tmp C:\pos21B.tmp C:\pos21C.tmp C:\pos21D.tmp C:\pos21E.tmp C:\pos21F.tmp C:\pos22.tmp C:\pos220.tmp C:\pos221.tmp C:\pos222.tmp C:\pos223.tmp C:\pos224.tmp C:\pos225.tmp C:\pos226.tmp C:\pos227.tmp C:\pos228.tmp C:\pos229.tmp C:\pos22A.tmp C:\pos22B.tmp C:\pos22C.tmp C:\pos22D.tmp C:\pos22E.tmp C:\pos22F.tmp C:\pos23.tmp C:\pos230.tmp C:\pos231.tmp C:\pos232.tmp C:\pos234.tmp C:\pos235.tmp C:\pos236.tmp C:\pos237.tmp C:\pos238.tmp C:\pos239.tmp C:\pos23A.tmp C:\pos23B.tmp C:\pos23C.tmp C:\pos23D.tmp C:\pos23E.tmp C:\pos23F.tmp C:\pos24.tmp C:\pos240.tmp C:\pos241.tmp C:\pos242.tmp C:\pos243.tmp C:\pos244.tmp C:\pos245.tmp C:\pos246.tmp C:\pos249.tmp C:\pos24A.tmp C:\pos24B.tmp C:\pos24D.tmp C:\pos24E.tmp C:\pos24F.tmp C:\pos25.tmp C:\pos250.tmp C:\pos251.tmp C:\pos254.tmp C:\pos255.tmp C:\pos256.tmp C:\pos257.tmp C:\pos258.tmp C:\pos259.tmp C:\pos25A.tmp C:\pos25B.tmp C:\pos25C.tmp C:\pos25D.tmp C:\pos25F.tmp C:\pos26.tmp C:\pos262.tmp C:\pos263.tmp C:\pos264.tmp C:\pos265.tmp C:\pos266.tmp C:\pos267.tmp C:\pos268.tmp C:\pos269.tmp C:\pos26B.tmp C:\pos26C.tmp C:\pos26D.tmp C:\pos27.tmp C:\pos270.tmp C:\pos271.tmp C:\pos272.tmp C:\pos273.tmp C:\pos274.tmp C:\pos275.tmp C:\pos276.tmp C:\pos277.tmp C:\pos278.tmp C:\pos279.tmp C:\pos27A.tmp C:\pos27C.tmp C:\pos27D.tmp C:\pos28.tmp C:\pos280.tmp C:\pos281.tmp C:\pos282.tmp C:\pos283.tmp C:\pos284.tmp C:\pos285.tmp C:\pos286.tmp C:\pos287.tmp C:\pos289.tmp C:\pos28A.tmp C:\pos28B.tmp C:\pos28C.tmp C:\pos28D.tmp C:\pos28E.tmp C:\pos28F.tmp C:\pos29.tmp C:\pos290.tmp C:\pos291.tmp C:\pos292.tmp C:\pos293.tmp C:\pos294.tmp C:\pos295.tmp C:\pos296.tmp C:\pos297.tmp C:\pos299.tmp C:\pos29B.tmp C:\pos29C.tmp C:\pos29D.tmp C:\pos29E.tmp C:\pos29F.tmp C:\pos2A.tmp C:\pos2A0.tmp C:\pos2A2.tmp C:\pos2A3.tmp C:\pos2A4.tmp C:\pos2A5.tmp C:\pos2A6.tmp C:\pos2A7.tmp C:\pos2A8.tmp C:\pos2A9.tmp C:\pos2AA.tmp C:\pos2AB.tmp C:\pos2AC.tmp C:\pos2AD.tmp C:\pos2AE.tmp C:\pos2B.tmp C:\pos2B1.tmp C:\pos2B2.tmp C:\pos2B3.tmp C:\pos2B4.tmp C:\pos2B5.tmp C:\pos2B7.tmp C:\pos2B8.tmp C:\pos2B9.tmp C:\pos2BA.tmp C:\pos2BB.tmp C:\pos2BE.tmp C:\pos2BF.tmp C:\pos2C.tmp C:\pos2C0.tmp C:\pos2C1.tmp C:\pos2C2.tmp C:\pos2C3.tmp C:\pos2C4.tmp C:\pos2C5.tmp C:\pos2C7.tmp C:\pos2C8.tmp C:\pos2C9.tmp C:\pos2CA.tmp C:\pos2CB.tmp C:\pos2CC.tmp C:\pos2CD.tmp C:\pos2CF.tmp C:\pos2D.tmp C:\pos2D0.tmp C:\pos2D1.tmp C:\pos2D2.tmp C:\pos2D3.tmp C:\pos2D4.tmp C:\pos2D5.tmp C:\pos2D6.tmp C:\pos2D7.tmp C:\pos2D8.tmp C:\pos2D9.tmp C:\pos2DA.tmp C:\pos2DB.tmp C:\pos2DC.tmp C:\pos2DD.tmp C:\pos2DE.tmp C:\pos2DF.tmp C:\pos2E.tmp C:\pos2E0.tmp C:\pos2E1.tmp C:\pos2E2.tmp C:\pos2E3.tmp C:\pos2E4.tmp C:\pos2E5.tmp C:\pos2E6.tmp C:\pos2E7.tmp C:\pos2E8.tmp C:\pos2E9.tmp C:\pos2EA.tmp C:\pos2EB.tmp C:\pos2EC.tmp C:\pos2ED.tmp C:\pos2EE.tmp C:\pos2EF.tmp C:\pos2F.tmp C:\pos2F0.tmp C:\pos2F1.tmp C:\pos2F2.tmp C:\pos2F3.tmp C:\pos2F4.tmp C:\pos2F5.tmp C:\pos2F6.tmp C:\pos2F7.tmp C:\pos2F8.tmp C:\pos2F9.tmp C:\pos2FA.tmp C:\pos2FB.tmp C:\pos2FC.tmp C:\pos2FD.tmp C:\pos2FE.tmp C:\pos2FF.tmp C:\pos3.tmp C:\pos30.tmp C:\pos300.tmp C:\pos301.tmp C:\pos302.tmp C:\pos303.tmp C:\pos304.tmp C:\pos305.tmp C:\pos306.tmp C:\pos307.tmp C:\pos308.tmp C:\pos309.tmp C:\pos30A.tmp C:\pos30B.tmp C:\pos30C.tmp C:\pos30D.tmp C:\pos30E.tmp C:\pos30F.tmp C:\pos31.tmp C:\pos310.tmp C:\pos311.tmp C:\pos312.tmp C:\pos313.tmp C:\pos314.tmp C:\pos315.tmp C:\pos316.tmp C:\pos317.tmp C:\pos318.tmp C:\pos319.tmp C:\pos31A.tmp C:\pos31B.tmp C:\pos31C.tmp C:\pos31D.tmp C:\pos31E.tmp C:\pos31F.tmp C:\pos32.tmp C:\pos320.tmp C:\pos321.tmp C:\pos322.tmp C:\pos323.tmp C:\pos324.tmp C:\pos325.tmp C:\pos326.tmp C:\pos327.tmp C:\pos328.tmp C:\pos329.tmp C:\pos32A.tmp C:\pos32B.tmp C:\pos32C.tmp C:\pos32D.tmp C:\pos32E.tmp C:\pos32F.tmp C:\pos33.tmp C:\pos330.tmp C:\pos331.tmp C:\pos332.tmp C:\pos333.tmp C:\pos334.tmp C:\pos335.tmp C:\pos336.tmp C:\pos337.tmp C:\pos338.tmp C:\pos339.tmp C:\pos33A.tmp C:\pos33B.tmp C:\pos33C.tmp C:\pos33D.tmp C:\pos33E.tmp C:\pos33F.tmp C:\pos34.tmp C:\pos340.tmp C:\pos341.tmp C:\pos342.tmp C:\pos343.tmp C:\pos344.tmp C:\pos345.tmp C:\pos346.tmp C:\pos347.tmp C:\pos348.tmp C:\pos349.tmp C:\pos34A.tmp C:\pos34B.tmp C:\pos34C.tmp C:\pos34D.tmp C:\pos34E.tmp C:\pos34F.tmp C:\pos35.tmp C:\pos350.tmp C:\pos351.tmp C:\pos352.tmp C:\pos353.tmp C:\pos354.tmp C:\pos355.tmp C:\pos356.tmp C:\pos357.tmp C:\pos358.tmp C:\pos359.tmp C:\pos35A.tmp C:\pos35B.tmp C:\pos35C.tmp C:\pos35D.tmp C:\pos35E.tmp C:\pos35F.tmp C:\pos36.tmp C:\pos360.tmp C:\pos361.tmp C:\pos362.tmp C:\pos363.tmp C:\pos364.tmp C:\pos365.tmp C:\pos366.tmp C:\pos367.tmp C:\pos368.tmp C:\pos369.tmp C:\pos36A.tmp C:\pos36B.tmp C:\pos36C.tmp C:\pos36D.tmp C:\pos36E.tmp C:\pos36F.tmp C:\pos37.tmp C:\pos370.tmp C:\pos371.tmp C:\pos372.tmp C:\pos373.tmp C:\pos374.tmp C:\pos375.tmp C:\pos376.tmp C:\pos377.tmp C:\pos378.tmp C:\pos379.tmp C:\pos37A.tmp C:\pos37B.tmp C:\pos37C.tmp C:\pos37D.tmp C:\pos37E.tmp C:\pos37F.tmp C:\pos38.tmp C:\pos380.tmp C:\pos381.tmp C:\pos382.tmp C:\pos383.tmp C:\pos384.tmp C:\pos385.tmp C:\pos386.tmp C:\pos387.tmp C:\pos388.tmp C:\pos389.tmp C:\pos38A.tmp C:\pos38B.tmp C:\pos38C.tmp C:\pos38D.tmp C:\pos38E.tmp C:\pos38F.tmp C:\pos39.tmp C:\pos390.tmp C:\pos391.tmp C:\pos392.tmp C:\pos393.tmp C:\pos394.tmp C:\pos395.tmp C:\pos396.tmp C:\pos397.tmp C:\pos398.tmp C:\pos399.tmp C:\pos39A.tmp C:\pos39B.tmp C:\pos39C.tmp C:\pos39D.tmp C:\pos39E.tmp C:\pos39F.tmp C:\pos3A.tmp C:\pos3A0.tmp C:\pos3A1.tmp C:\pos3A2.tmp C:\pos3A3.tmp C:\pos3A4.tmp C:\pos3A5.tmp C:\pos3A6.tmp C:\pos3A7.tmp C:\pos3A8.tmp C:\pos3A9.tmp C:\pos3AA.tmp C:\pos3AB.tmp C:\pos3AC.tmp C:\pos3AD.tmp C:\pos3AE.tmp C:\pos3AF.tmp C:\pos3B.tmp C:\pos3B0.tmp C:\pos3B1.tmp C:\pos3B2.tmp C:\pos3B3.tmp C:\pos3B4.tmp C:\pos3B5.tmp C:\pos3B6.tmp C:\pos3B7.tmp C:\pos3B8.tmp C:\pos3B9.tmp C:\pos3BA.tmp C:\pos3BB.tmp C:\pos3BC.tmp C:\pos3BD.tmp C:\pos3BE.tmp C:\pos3BF.tmp C:\pos3C.tmp C:\pos3C0.tmp C:\pos3C1.tmp C:\pos3C2.tmp C:\pos3C3.tmp C:\pos3C4.tmp C:\pos3C5.tmp C:\pos3C6.tmp C:\pos3C7.tmp C:\pos3C8.tmp C:\pos3C9.tmp C:\pos3CA.tmp C:\pos3CB.tmp C:\pos3CC.tmp C:\pos3CD.tmp C:\pos3CE.tmp C:\pos3CF.tmp C:\pos3D.tmp C:\pos3D0.tmp C:\pos3D1.tmp C:\pos3D2.tmp C:\pos3D3.tmp C:\pos3D4.tmp C:\pos3D5.tmp C:\pos3D6.tmp C:\pos3D7.tmp C:\pos3D8.tmp C:\pos3D9.tmp C:\pos3DA.tmp C:\pos3DB.tmp C:\pos3DC.tmp C:\pos3DD.tmp C:\pos3DE.tmp C:\pos3DF.tmp C:\pos3E.tmp C:\pos3E0.tmp C:\pos3E1.tmp C:\pos3E2.tmp C:\pos3E3.tmp C:\pos3E4.tmp C:\pos3E5.tmp C:\pos3E6.tmp C:\pos3E7.tmp C:\pos3E8.tmp C:\pos3E9.tmp C:\pos3EA.tmp C:\pos3EB.tmp C:\pos3EC.tmp C:\pos3ED.tmp C:\pos3EE.tmp C:\pos3EF.tmp C:\pos3F.tmp C:\pos3F0.tmp C:\pos3F1.tmp C:\pos3F2.tmp C:\pos3F3.tmp C:\pos3F4.tmp C:\pos3F5.tmp C:\pos3F6.tmp C:\pos3F7.tmp C:\pos3F8.tmp C:\pos3F9.tmp C:\pos3FA.tmp C:\pos3FB.tmp C:\pos3FC.tmp C:\pos3FD.tmp C:\pos3FE.tmp C:\pos3FF.tmp C:\pos4.tmp C:\pos40.tmp C:\pos400.tmp C:\pos401.tmp C:\pos402.tmp C:\pos403.tmp C:\pos404.tmp C:\pos405.tmp C:\pos406.tmp C:\pos407.tmp C:\pos41.tmp C:\pos42.tmp C:\pos43.tmp C:\pos44.tmp C:\pos45.tmp C:\pos46.tmp C:\pos47.tmp C:\pos48.tmp C:\pos49.tmp C:\pos4A.tmp C:\pos4B.tmp C:\pos4C.tmp C:\pos4D.tmp C:\pos4E.tmp C:\pos4F.tmp C:\pos5.tmp C:\pos50.tmp C:\pos51.tmp C:\pos52.tmp C:\pos53.tmp C:\pos54.tmp C:\pos55.tmp C:\pos56.tmp C:\pos57.tmp C:\pos58.tmp C:\pos59.tmp C:\pos5A.tmp C:\pos5B.tmp C:\pos5C.tmp C:\pos5D.tmp C:\pos5E.tmp C:\pos5F.tmp C:\pos6.tmp C:\pos60.tmp C:\pos61.tmp C:\pos62.tmp C:\pos63.tmp C:\pos64.tmp C:\pos65.tmp C:\pos66.tmp C:\pos67.tmp C:\pos68.tmp C:\pos69.tmp C:\pos6A.tmp C:\pos6B.tmp C:\pos6C.tmp C:\pos6D.tmp C:\pos6E.tmp C:\pos6F.tmp C:\pos70.tmp C:\pos71.tmp C:\pos72.tmp C:\pos73.tmp C:\pos74.tmp C:\pos75.tmp C:\pos76.tmp C:\pos77.tmp C:\pos78.tmp C:\pos79.tmp C:\pos7A.tmp C:\pos7B.tmp C:\pos7C.tmp C:\pos7D.tmp C:\pos7E.tmp C:\pos7F.tmp C:\pos8.tmp C:\pos80.tmp C:\pos81.tmp C:\pos82.tmp C:\pos83.tmp C:\pos84.tmp C:\pos85.tmp C:\pos86.tmp C:\pos87.tmp C:\pos88.tmp C:\pos89.tmp C:\pos8A.tmp C:\pos8B.tmp C:\pos8C.tmp C:\pos8D.tmp C:\pos8E.tmp C:\pos8F.tmp C:\pos9.tmp C:\pos90.tmp C:\pos91.tmp C:\pos92.tmp C:\pos93.tmp C:\pos94.tmp C:\pos95.tmp C:\pos96.tmp C:\pos97.tmp C:\pos98.tmp C:\pos99.tmp C:\pos9A.tmp C:\pos9B.tmp C:\pos9C.tmp C:\pos9D.tmp C:\pos9E.tmp C:\pos9F.tmp C:\posA.tmp C:\posA0.tmp C:\posA1.tmp C:\posA2.tmp C:\posA3.tmp C:\posA4.tmp C:\posA5.tmp C:\posA6.tmp C:\posA7.tmp C:\posA8.tmp C:\posA9.tmp C:\posAA.tmp C:\posAB.tmp C:\posAC.tmp C:\posAD.tmp C:\posAE.tmp C:\posAF.tmp C:\posB.tmp C:\posB0.tmp C:\posB1.tmp C:\posB2.tmp C:\posB3.tmp C:\posB4.tmp C:\posB5.tmp C:\posB6.tmp C:\posB7.tmp C:\posB8.tmp C:\posB9.tmp C:\posBA.tmp C:\posBB.tmp C:\posBC.tmp C:\posBD.tmp C:\posBE.tmp C:\posBF.tmp C:\posC.tmp C:\posC0.tmp C:\posC1.tmp C:\posC2.tmp C:\posC3.tmp C:\posC4.tmp C:\posC5.tmp C:\posC6.tmp C:\posC7.tmp C:\posC8.tmp C:\posC9.tmp C:\posCA.tmp C:\posCB.tmp C:\posCC.tmp C:\posCD.tmp C:\posCE.tmp C:\posCF.tmp C:\posD.tmp C:\posD0.tmp C:\posD1.tmp C:\posD2.tmp C:\posD3.tmp C:\posD4.tmp C:\posD5.tmp C:\posD6.tmp C:\posD7.tmp C:\posD8.tmp C:\posD9.tmp C:\posDA.tmp C:\posDB.tmp C:\posDC.tmp C:\posDD.tmp C:\posDE.tmp C:\posDF.tmp C:\posE.tmp C:\posE0.tmp C:\posE1.tmp C:\posE2.tmp C:\posE3.tmp C:\posE4.tmp C:\posE5.tmp C:\posE6.tmp C:\posE7.tmp C:\posE8.tmp C:\posE9.tmp C:\posEA.tmp C:\posEB.tmp C:\posEC.tmp C:\posED.tmp C:\posEE.tmp C:\posEF.tmp C:\posF.tmp C:\posF0.tmp C:\posF1.tmp C:\posF2.tmp C:\posF3.tmp C:\posF4.tmp C:\posF5.tmp C:\posF6.tmp C:\posF7.tmp C:\posF8.tmp C:\posF9.tmp C:\posFA.tmp C:\posFB.tmp C:\posFC.tmp C:\posFD.tmp C:\posFE.tmp C:\posFF.tmp C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\kernel C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask .exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Temporary C:\Program Files\Temporary\kernInstall.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\temp\tn3 C:\WINDOWS\b122.exe C:\WINDOWS\cookies.ini C:\WINDOWS\Fonts\a.zip C:\WINDOWS\system32\amlhvqvf.dll C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\dslnjfsm.dll C:\WINDOWS\SYSTEM32\fvqvhlma.ini C:\WINDOWS\system32\fxibhuxd.dll C:\WINDOWS\system32\hgxfdsxp.dll C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\kfhncrmw.dll C:\WINDOWS\system32\lgenbhsb.dll C:\WINDOWS\SYSTEM32\lptakeub.ini C:\WINDOWS\SYSTEM32\mbipjnps.ini C:\WINDOWS\SYSTEM32\orutv.ini C:\WINDOWS\SYSTEM32\orutv.ini2 C:\WINDOWS\system32\pac.txt C:\WINDOWS\SYSTEM32\pxsdfxgh.ini C:\WINDOWS\system32\sosndqby.exe C:\WINDOWS\system32\taesrpqq.dll C:\WINDOWS\system32\tvnannxg.exe C:\WINDOWS\system32\urjkxhng.dll C:\WINDOWS\system32\urjkxhng.dllbox C:\WINDOWS\system32\uvtqplit.exe C:\WINDOWS\system32\vtsphlxp.exe C:\WINDOWS\system32\vturo.dll C:\WINDOWS\system32\vturo.exe C:\WINDOWS\system32\windows C:\WINDOWS\SYSTEM32\ymxysckb.ini C:\WINDOWS\system32\z1 C:\WINDOWS\system32\z9 C:\winlogon.exe C:\x.dat C:\z.dat Code: <pre> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe ---> Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\cli .exe ---> cli.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe ---> GoogleToolbarNotifier.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe ---> jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ---> SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG .exe ---> WMPNSCFG.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro .exe ---> FreeRAM XP Pro.exe C:\WINDOWS\SYSTEM32\hkcmd .exe ---> hkcmd.exe C:\WINDOWS\SYSTEM32\igfxtray .exe ---> igfxtray.exe </pre> . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_DOMAINSERVICE -------\DomainService ((((((((((((((((((((((((( Files Created from 2007-12-13 to 2008-01-13 ))))))))))))))))))))))))))))))) . 2008-01-12 16:01 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-09 14:27 . 2008-01-09 14:27 <DIR> d-------- C:\Deckard 2008-01-09 14:06 . 2008-01-09 14:06 <DIR> d-------- C:\ie-spyad_zo 2008-01-08 16:54 . 2008-01-08 16:54 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-01-08 16:54 . 2005-08-25 18:18 118,784 --a------ C:\WINDOWS\SYSTEM32\MSSTDFMT.DLL 2008-01-08 14:04 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SDTHOOK.SYS 2008-01-08 13:26 . 2008-01-08 15:53 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan 2008-01-08 13:26 . 2008-01-08 13:26 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico 2008-01-08 13:26 . 2008-01-08 13:26 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico 2008-01-08 13:26 . 2008-01-08 13:26 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico 2008-01-07 22:03 . 2008-01-07 22:03 <DIR> d-------- C:\Program Files\Trend Micro 2008-01-06 22:07 . 2008-01-06 22:07 <DIR> d-------- C:\VundoFix Backups 2008-01-04 11:32 . 2008-01-04 11:32 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Lavasoft 2008-01-04 11:25 . 2004-04-23 10:41 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Jasc Software Inc 2008-01-04 11:25 . 2005-05-26 08:59 <DIR> d-------- C:\Documents and Settings\Administrator.BRAN\Application Data\Gtek 2008-01-03 15:58 . 2008-01-04 10:37 696 --a------ C:\WINDOWS\wininit.ini 2008-01-03 13:18 . 2008-01-12 15:17 155,648 --a------ C:\WINDOWS\SYSTEM32\igfxtray.exe 2008-01-03 13:18 . 2008-01-12 15:17 126,976 --a------ C:\WINDOWS\SYSTEM32\hkcmd.exe 2008-01-03 12:20 . 2008-01-03 12:20 147,456 --a------ C:\WINDOWS\SYSTEM32\vbzip10.dll 2008-01-03 12:18 . 2008-01-04 10:41 379,904 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp 2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\mr9 2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\ardCo18 2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d-------- C:\WINDOWS\SYSTEM32\aj2 2008-01-03 12:17 . 2008-01-04 14:15 <DIR> d--hs---- C:\WINDOWS\SHVnaCBTdHVsbA 2008-01-03 12:17 . 2008-01-03 12:17 <DIR> d-------- C:\temp\cEeer12 2008-01-03 12:17 . 2008-01-03 12:17 166,945 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\core.cache(2).dsk 2008-01-03 12:17 . 2008-01-03 12:17 134 --a------ C:\n.bat 2007-12-30 17:05 . 2007-12-30 17:05 <DIR> d-------- C:\Program Files\abrViewer.NET 2007-12-28 13:11 . 2003-12-12 16:06 1,693,696 --a------ C:\WINDOWS\SYSTEM32\ltclr13n.dll 2007-12-28 13:11 . 2003-11-04 15:11 155,648 --a------ C:\WINDOWS\SYSTEM32\lftif13n.dll 2007-12-28 13:11 . 2003-11-04 15:10 98,304 --a------ C:\WINDOWS\SYSTEM32\lffax13n.dll 2007-12-28 13:11 . 2003-05-22 16:31 55,808 --a------ C:\WINDOWS\SYSTEM32\lfpsd13n.dll 2007-12-27 00:09 . 2007-12-27 00:09 <DIR> d-------- C:\Program Files\High-Logic 2007-12-27 00:09 . 2007-12-27 00:10 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\FontCreator 2007-12-27 00:09 . 2008-01-07 19:04 147 --a------ C:\WINDOWS\fcp5.cfg 2007-12-26 03:37 . 2007-12-26 03:37 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\ATI 2007-12-26 01:15 . 2007-12-26 01:15 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\ATI 2007-12-26 01:12 . 2007-12-26 01:12 <DIR> d-------- C:\Program Files\Common Files\ATI Technologies 2007-12-26 01:03 . 2007-12-26 01:09 <DIR> d-------- C:\Program Files\ATI Technologies 2007-12-26 01:03 . 2006-05-03 11:57 520,192 --a------ C:\WINDOWS\SYSTEM32\ati2sgag.exe 2007-12-26 01:02 . 2005-10-14 07:10 58,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativckxx.vp 2007-12-26 01:02 . 2006-05-03 10:09 28,080 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativvpxx.vp 2007-12-26 01:02 . 2006-01-25 17:48 6,005 --a------ C:\WINDOWS\SYSTEM32\atifglpf.xml 2007-12-26 01:02 . 2006-02-08 13:44 929 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ativcaxx.vp 2007-12-25 11:30 . 2007-12-25 14:13 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\U3 2007-12-25 11:30 . 2004-08-04 02:08 26,496 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbstor.sys 2007-12-20 01:45 . 2007-12-20 01:45 <DIR> d-------- C:\Program Files\SecondLife 2007-12-20 01:45 . 2007-12-20 02:21 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\SecondLife 2007-12-20 01:23 . 2007-12-20 01:23 <DIR> d-------- C:\Documents and Settings\Brandee\Application Data\Move Networks . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-13 21:29 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-01-13 21:25 --------- d-----w C:\Program Files\QuickTime 2008-01-08 20:29 --------- d-----w C:\Program Files\Palm 2008-01-08 20:23 --------- d-----w C:\Program Files\MSN Messenger 2008-01-08 20:23 --------- d-----w C:\Program Files\Last.fm 2008-01-08 20:17 --------- d-----w C:\Program Files\Google 2008-01-05 16:13 --------- d-----w C:\Documents and Settings\Guest\Application Data\OpenOffice.org2 2008-01-01 19:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-01-01 19:47 --------- d-----w C:\Documents and Settings\Brandee\Application Data\AdobeUM 2007-12-28 18:36 --------- d-----w C:\Documents and Settings\Brandee\Application Data\OpenOffice.org2 2007-12-26 06:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 15:18 68856] "FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2008-01-12 15:18 1591808] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-12 15:18 1318912] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-12 15:18 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-12 15:17 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-12 15:17 126976] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-12 15:17 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2008-01-12 15:17 45056] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 15:17 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34 5419008] C:\Documents and Settings\Guest\Start Menu\Programs\Startup\ OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 14:27:34] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-05-23 17:46 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL path= backup= [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpcmpmgr] --a------ 2008-01-12 15:17 126976 C:\WINDOWS\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] --a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McUpdate] --a--c--- 2003-09-03 20:12 221184 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM] --a------ 2007-05-29 20:34 5419008 C:\Program Files\MySpace\IM\MySpaceIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\realsched] --a------ 2006-12-30 12:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper] C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2006-12-30 12:31 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Pml Driver HPZ12"=3 (0x3) R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 21:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2007-04-20 02:00:24 C:\WINDOWS\Tasks\RegCure Program Check.job" - C:\Program Files\RegCure\RegCure.exe "2006-12-05 15:31:28 C:\WINDOWS\Tasks\RegCure.job" - C:\Program Files\RegCure\RegCure.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 16:30:35 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-01-13 16:38:53 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-13 21:38:50 . 2007-12-13 08:05:03 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:40:41 PM, on 1/13/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\netdde.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Palm\Hotsync.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10...I.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {339234B4-4E14-4280-B8B4-8BAE5AF99063} (Chess Object) - http://zone.msn.com/bingame/zpagames...p.cab55579.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10...y.cab55579.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/re...s/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10...t.cab55579.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1124628481531 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.geni.com/ImageUploader4.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://brandeewynne.spaces.live.com/...d/MsnPUpld.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames...z.cab55579.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10...y.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by141fd.bay141.hotmail.msn.co...x/HMAtchmt.ocx O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 9240 bytes