Thread: Need Help computer has major problems Please Advise
View Single Post
Old 05-09-2008, 09:25 AM   #3 (permalink)
QueenDawn1
Registered User
 
Join Date: May 2008
Posts: 18
OS: xp


Re: Need Help computer has major problems Please Advise
Ok did the hijack this stuff and combo fix below are the logs..........also quick question I was told that there are a bunch of back doors on my computer and I should wipe the hard drive and start over.......are you seeing these and what is our thoughts on this? Thanks


ComboFix 08-05-08.1 - Dawn 2008-05-09 11:42:39.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.597 [GMT -4:00]
Running from: C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dawn\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\system
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\gjjte.cfg
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\hsseabhy.ini
C:\WINDOWS\system32\jyjlt.cfg
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\mupxryhm.ini
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\uwDffMoq.ini
C:\WINDOWS\system32\uwDffMoq.ini2
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\xgnfn.cfg
C:\WINDOWS\system32\zgxfdx.dll.LoG
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\Update.dat
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-07 10:30 . 2008-05-07 10:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-05 21:11 . 2008-05-05 21:11 <DIR> d-------- C:\Documents and Settings\Dawn\Application Data\Grisoft
2008-05-05 21:11 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-05 09:57 . 2008-05-06 09:58 109,430 --a------ C:\WINDOWS\BM33ccc471.xml
2008-05-04 16:15 . 2008-05-04 16:15 <DIR> d-------- C:\Deckard
2008-05-04 15:19 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-04 15:18 . 2008-05-05 12:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 15:18 . 2008-05-04 15:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-03 23:43 . 2008-05-04 13:06 <DIR> d-------- C:\Program Files\Family Feud III - Dream Home
2008-04-30 16:45 . 2008-04-30 18:35 <DIR> d-------- C:\Program Files\Brainiversity
2008-04-25 13:25 . 2008-04-25 13:25 <DIR> d-------- C:\Documents and Settings\Dawn\Application Data\Jane s Hotel Family Hero
2008-04-20 15:07 . 2008-04-20 15:07 280 --ahs---- C:\WINDOWS\system32\rdthr.cfg
2008-04-20 15:06 . 2008-04-20 15:08 4,530 --a------ C:\WINDOWS\system32\atielf.dat
2008-04-19 21:56 . 2008-04-19 21:57 <DIR> d-------- C:\Program Files\Build-a-lot 2 - Town of the Year
2008-04-12 23:22 . 2008-04-12 23:23 <DIR> d-------- C:\Program Files\Cooking Academy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 15:51 --------- d-----w C:\Program Files\TrueSwitchAT&TYahoo
2008-05-09 13:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 20:51 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-06 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 14:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-05 20:35 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Lavasoft
2008-04-29 00:59 --------- d-----w C:\Program Files\LimeWire
2008-04-25 17:24 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-20 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-13 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-13 03:10 --------- d-----w C:\Program Files\bfgclient
2008-03-31 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games
2008-03-30 19:39 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Boomzap
2008-03-24 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-23 23:33 --------- d-----w C:\Program Files\Doggie Dash
2008-03-23 23:33 --------- d-----w C:\Documents and Settings\Dawn\Application Data\PlayFirst
2008-03-23 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-21 23:24 --------- d-----w C:\Program Files\Escape From Paradise
2008-03-21 23:24 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Meridian93
2008-03-14 21:29 --------- d-----w C:\Program Files\RealArcade
2008-03-09 02:19 --------- d-----w C:\Documents and Settings\Dawn\Application Data\cerasus.media
2008-03-03 01:33 0 ----a-w C:\Program Files\temp01
2007-01-31 22:10 56 --sh--r C:\WINDOWS\system32\09E8528788.sys
2007-01-31 22:10 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-08-29 08:00 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\bak\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 187 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\0.dat

-c--a-w 867 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\1.dat

-c--a-w 944 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\10.dat

-c--a-w 1,154 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\11.dat

-c--a-w 760 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\12.dat

-c--a-w 865 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\13.dat

-c--a-w 1,447 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\14.dat

-c--a-w 1,247 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\15.dat

-c--a-w 900 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\16.dat

-c--a-w 1,218 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\17.dat

-c--a-w 424 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\18.dat

-c--a-w 970 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\19.dat

-c--a-w 978 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\2.dat

-c--a-w 1,092 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\20.dat

-c--a-w 810 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\21.dat

-c--a-w 611 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\22.dat

-c--a-w 949 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\23.dat

-c--a-w 1,058 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\24.dat

-c--a-w 384 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\25.dat

-c--a-w 1,346 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\26.dat

-c--a-w 244 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\27.dat

-c--a-w 1,676 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\28.dat

-c--a-w 1,326 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\29.dat

-c--a-w 89 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\3.dat

-c--a-w 364 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\30.dat

-c--a-w 875 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\31.dat

-c--a-w 941 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\32.dat

-c--a-w 424 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\33.dat

-c--a-w 104 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\34.dat

-c--a-w 421 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\35.dat

-c--a-w 1,178 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\36.dat

-c--a-w 1,078 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\37.dat

-c--a-w 1,132 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\38.dat

-c--a-w 1,073 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\4.dat

-c--a-w 1,167 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\5.dat

-c--a-w 672 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\6.dat

-c--a-w 432 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\7.dat

-c--a-w 600 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\8.dat

-c--a-w 1,037 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\9.dat

-c--a-w 901 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\offsets.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\0.dat

-c--a-w 736 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\1.dat

-c--a-w 1,509 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\10.dat

-c--a-w 1,582 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\11.dat

-c--a-w 651 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\12.dat

-c--a-w 1,579 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\13.dat

-c--a-w 2,365 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\14.dat

-c--a-w 1,229 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\15.dat

-c--a-w 2,413 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\16.dat

-c--a-w 2,427 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\17.dat

-c--a-w 1,762 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\18.dat

-c--a-w 935 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\19.dat

-c--a-w 274 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\2.dat

-c--a-w 1,273 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\20.dat

-c--a-w 1,867 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\21.dat

-c--a-w 804 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\22.dat

-c--a-w 682 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\23.dat

-c--a-w 1,770 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\24.dat

-c--a-w 789 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\25.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\26.dat

-c--a-w 2,309 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\27.dat

-c--a-w 1,105 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\28.dat

-c--a-w 2,082 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\29.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\3.dat

-c--a-w 1,787 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\30.dat

-c--a-w 1,654 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\31.dat

-c--a-w 841 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\32.dat

-c--a-w 2,671 2006-08-08 02:33:33 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\33.dat

-c--a-w 1,826 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\34.dat

-c--a-w 903 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\35.dat

-c--a-w 835 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\36.dat

-c--a-w 2,172 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\37.dat

-c--a-w 1,491 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\38.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\39.dat

-c--a-w 1,055 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\4.dat

-c--a-w 1,878 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\40.dat

-c--a-w 173 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\41.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\42.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\5.dat

-c--a-w 1,760 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\6.dat

-c--a-w 1,701 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\7.dat

-c--a-w 948 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\8.dat

-c--a-w 1,108 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\9.dat

-c--a-w 1,005 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\offsets.dat

-c--a-w 131,057 2007-10-16 00:57:32 C:\Program Files\Ahead\InCD\bak\Error.log
-c--a-w 127,746 2007-09-27 14:48:17 C:\Program Files\Ahead\InCD\Error.log

-c--a-w 1,269,870 2004-02-27 15:02:32 C:\Program Files\Ahead\InCD\bak\InCD.exe

-c--a-w 2,321,600 2007-06-09 21:31:05 C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe

-c--a-w 50,792 2005-11-03 03:01:14 C:\Program Files\Common Files\AOL\1124841373\ee\bak\AOLSoftware.exe

-c--a-w 180,269 2006-11-11 23:31:46 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 59,040 2006-04-13 18:20:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 115,816 2007-01-10 05:59:52 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 387,584 2005-01-28 10:23:22 C:\Program Files\Labtec\Media Keyboard\V5.0\bak\KbdAp32A.exe

----a-w 802,816 2006-06-23 17:45:35 C:\Program Files\Labtec\Mouse\2.1\bak\moffice.exe

-c--a-w 86,100 2003-03-04 12:49:22 C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe

----a-w 274,432 2005-09-16 13:43:06 C:\Program Files\LimeWire\bak\iTunesHelper.exe

-c--a-w 631,362 2002-11-23 07:15:00 C:\Program Files\Logitech\iTouch\bak\iTouch.exe

----a-w 155,648 2005-12-25 18:44:09 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 100,056 2006-11-09 17:28:44 C:\Program Files\SymNetDrv\bak\SNDMon.exe

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 21:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2005-12-25 14:44 155648]
"Logitech Utility"="LOGI_MWX.EXE" [2002-11-08 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zzzHPSETUP"="D:\Setup.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Dawn\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [2007-09-13 08:45:20 1028096]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-19 22:28:34 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 02:55:44 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dawn.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
"2008-05-02 19:17:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe)/scan-full /scheduleignorenav /scheduled&C:\Program Files\Norton Security Scan
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 11:51:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-05-09 12:15:27 - machine was rebooted [Dawn]
ComboFix-quarantined-files.txt 2008-05-09 16:15:19
ComboFix2.txt 2008-02-29 15:50:53
ComboFix3.txt 2008-02-28 23:40:49
ComboFix4.txt 2008-02-28 22:36:23
ComboFix5.txt 2007-10-07 21:10:17

Pre-Run: 66,881,163,264 bytes free
Post-Run: 67,002,888,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

324 --- E O F --- 2008-04-22 02:43:23

--------------------------------hijack this-----------------

ComboFix 08-05-08.1 - Dawn 2008-05-09 11:42:39.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.597 [GMT -4:00]
Running from: C:\Documents and Settings\Dawn\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Dawn\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\123messenger.per
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\system
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\gjjte.cfg
C:\WINDOWS\system32\gmnait.cfg
C:\WINDOWS\system32\hsseabhy.ini
C:\WINDOWS\system32\jyjlt.cfg
C:\WINDOWS\system32\kmd.exe
C:\WINDOWS\system32\mupxryhm.ini
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\uwDffMoq.ini
C:\WINDOWS\system32\uwDffMoq.ini2
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\xgnfn.cfg
C:\WINDOWS\system32\zgxfdx.dll.LoG
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\Update.dat
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Service_clbdriver


((((((((((((((((((((((((( Files Created from 2008-04-09 to 2008-05-09 )))))))))))))))))))))))))))))))
.

2008-05-07 10:30 . 2008-05-07 10:30 <DIR> d-------- C:\Program Files\Panda Security
2008-05-05 21:11 . 2008-05-05 21:11 <DIR> d-------- C:\Documents and Settings\Dawn\Application Data\Grisoft
2008-05-05 21:11 . 2007-05-30 08:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-05-05 09:57 . 2008-05-06 09:58 109,430 --a------ C:\WINDOWS\BM33ccc471.xml
2008-05-04 16:15 . 2008-05-04 16:15 <DIR> d-------- C:\Deckard
2008-05-04 15:19 . 2002-08-29 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-05-04 15:18 . 2008-05-05 12:33 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-04 15:18 . 2008-05-04 15:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-03 23:43 . 2008-05-04 13:06 <DIR> d-------- C:\Program Files\Family Feud III - Dream Home
2008-04-30 16:45 . 2008-04-30 18:35 <DIR> d-------- C:\Program Files\Brainiversity
2008-04-25 13:25 . 2008-04-25 13:25 <DIR> d-------- C:\Documents and Settings\Dawn\Application Data\Jane s Hotel Family Hero
2008-04-20 15:07 . 2008-04-20 15:07 280 --ahs---- C:\WINDOWS\system32\rdthr.cfg
2008-04-20 15:06 . 2008-04-20 15:08 4,530 --a------ C:\WINDOWS\system32\atielf.dat
2008-04-19 21:56 . 2008-04-19 21:57 <DIR> d-------- C:\Program Files\Build-a-lot 2 - Town of the Year
2008-04-12 23:22 . 2008-04-12 23:23 <DIR> d-------- C:\Program Files\Cooking Academy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 15:51 --------- d-----w C:\Program Files\TrueSwitchAT&TYahoo
2008-05-09 13:46 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-08 17:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-06 20:51 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-06 15:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-06 14:26 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-05 20:35 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Lavasoft
2008-04-29 00:59 --------- d-----w C:\Program Files\LimeWire
2008-04-25 17:24 --------- d-----w C:\Program Files\Yahoo! Games
2008-04-20 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-13 03:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-13 03:10 --------- d-----w C:\Program Files\bfgclient
2008-03-31 21:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Astar Games
2008-03-30 19:39 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Boomzap
2008-03-24 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-23 23:33 --------- d-----w C:\Program Files\Doggie Dash
2008-03-23 23:33 --------- d-----w C:\Documents and Settings\Dawn\Application Data\PlayFirst
2008-03-23 23:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-03-21 23:24 --------- d-----w C:\Program Files\Escape From Paradise
2008-03-21 23:24 --------- d-----w C:\Documents and Settings\Dawn\Application Data\Meridian93
2008-03-14 21:29 --------- d-----w C:\Program Files\RealArcade
2008-03-09 02:19 --------- d-----w C:\Documents and Settings\Dawn\Application Data\cerasus.media
2008-03-03 01:33 0 ----a-w C:\Program Files\temp01
2007-01-31 22:10 56 --sh--r C:\WINDOWS\system32\09E8528788.sys
2007-01-31 22:10 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2002-08-29 08:00 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-04 03:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\bak\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 187 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\0.dat

-c--a-w 867 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\1.dat

-c--a-w 944 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\10.dat

-c--a-w 1,154 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\11.dat

-c--a-w 760 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\12.dat

-c--a-w 865 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\13.dat

-c--a-w 1,447 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\14.dat

-c--a-w 1,247 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\15.dat

-c--a-w 900 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\16.dat

-c--a-w 1,218 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\17.dat

-c--a-w 424 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\18.dat

-c--a-w 970 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\19.dat

-c--a-w 978 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\2.dat

-c--a-w 1,092 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\20.dat

-c--a-w 810 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\21.dat

-c--a-w 611 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\22.dat

-c--a-w 949 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\23.dat

-c--a-w 1,058 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\24.dat

-c--a-w 384 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\25.dat

-c--a-w 1,346 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\26.dat

-c--a-w 244 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\27.dat

-c--a-w 1,676 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\28.dat

-c--a-w 1,326 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\29.dat

-c--a-w 89 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\3.dat

-c--a-w 364 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\30.dat

-c--a-w 875 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\31.dat

-c--a-w 941 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\32.dat

-c--a-w 424 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\33.dat

-c--a-w 104 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\34.dat

-c--a-w 421 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\35.dat

-c--a-w 1,178 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\36.dat

-c--a-w 1,078 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\37.dat

-c--a-w 1,132 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\38.dat

-c--a-w 1,073 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\4.dat

-c--a-w 1,167 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\5.dat

-c--a-w 672 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\6.dat

-c--a-w 432 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\7.dat

-c--a-w 600 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\8.dat

-c--a-w 1,037 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\9.dat

-c--a-w 901 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\4\bak\offsets.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\0.dat

-c--a-w 736 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\1.dat

-c--a-w 1,509 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\10.dat

-c--a-w 1,582 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\11.dat

-c--a-w 651 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\12.dat

-c--a-w 1,579 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\13.dat

-c--a-w 2,365 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\14.dat

-c--a-w 1,229 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\15.dat

-c--a-w 2,413 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\16.dat

-c--a-w 2,427 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\17.dat

-c--a-w 1,762 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\18.dat

-c--a-w 935 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\19.dat

-c--a-w 274 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\2.dat

-c--a-w 1,273 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\20.dat

-c--a-w 1,867 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\21.dat

-c--a-w 804 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\22.dat

-c--a-w 682 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\23.dat

-c--a-w 1,770 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\24.dat

-c--a-w 789 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\25.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\26.dat

-c--a-w 2,309 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\27.dat

-c--a-w 1,105 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\28.dat

-c--a-w 2,082 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\29.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\3.dat

-c--a-w 1,787 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\30.dat

-c--a-w 1,654 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\31.dat

-c--a-w 841 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\32.dat

-c--a-w 2,671 2006-08-08 02:33:33 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\33.dat

-c--a-w 1,826 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\34.dat

-c--a-w 903 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\35.dat

-c--a-w 835 2006-08-08 02:33:29 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\36.dat

-c--a-w 2,172 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\37.dat

-c--a-w 1,491 2006-08-08 02:33:31 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\38.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\39.dat

-c--a-w 1,055 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\4.dat

-c--a-w 1,878 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\40.dat

-c--a-w 173 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\41.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\42.dat

-c--a-w 70 2006-08-08 02:33:28 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\5.dat

-c--a-w 1,760 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\6.dat

-c--a-w 1,701 2006-08-08 02:33:32 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\7.dat

-c--a-w 948 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\8.dat

-c--a-w 1,108 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\9.dat

-c--a-w 1,005 2006-08-08 02:33:30 C:\My Games\Inca Quest\media\graphics\backgrounds\AdventureBackground7\5\bak\offsets.dat

-c--a-w 131,057 2007-10-16 00:57:32 C:\Program Files\Ahead\InCD\bak\Error.log
-c--a-w 127,746 2007-09-27 14:48:17 C:\Program Files\Ahead\InCD\Error.log

-c--a-w 1,269,870 2004-02-27 15:02:32 C:\Program Files\Ahead\InCD\bak\InCD.exe

-c--a-w 2,321,600 2007-06-09 21:31:05 C:\Program Files\Common Files\Adobe\Updater5\bak\AdobeUpdater.exe

-c--a-w 50,792 2005-11-03 03:01:14 C:\Program Files\Common Files\AOL\1124841373\ee\bak\AOLSoftware.exe

-c--a-w 180,269 2006-11-11 23:31:46 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 59,040 2006-04-13 18:20:52 C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe
----a-w 115,816 2007-01-10 05:59:52 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
----a-w 6,731,312 2007-06-11 09:25:42 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

----a-w 83,608 2007-03-14 07:43:44 C:\Program Files\Java\jre1.6.0_01\bin\bak\jusched.exe

----a-w 387,584 2005-01-28 10:23:22 C:\Program Files\Labtec\Media Keyboard\V5.0\bak\KbdAp32A.exe

----a-w 802,816 2006-06-23 17:45:35 C:\Program Files\Labtec\Mouse\2.1\bak\moffice.exe

-c--a-w 86,100 2003-03-04 12:49:22 C:\Program Files\Lexmark X5100 Series\bak\lxbabmgr.exe

----a-w 274,432 2005-09-16 13:43:06 C:\Program Files\LimeWire\bak\iTunesHelper.exe

-c--a-w 631,362 2002-11-23 07:15:00 C:\Program Files\Logitech\iTouch\bak\iTouch.exe

----a-w 155,648 2005-12-25 18:44:09 C:\Program Files\QuickTime\bak\qttask.exe

----a-w 100,056 2006-11-09 17:28:44 C:\Program Files\SymNetDrv\bak\SNDMon.exe

----a-w 15,360 2004-08-04 07:56:48 C:\WINDOWS\system32\bak\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 21:19 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"QuickTime Task"="C:\Program Files\QuickTime\bak\qttask.exe" [2005-12-25 14:44 155648]
"Logitech Utility"="LOGI_MWX.EXE" [2002-11-08 05:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"zzzHPSETUP"="D:\Setup.exe" [ ]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 20:51 583048]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-10-26 16:42 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 03:56 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\Dawn\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueSwitchAT&TYahoo\TrueWizard.exe [2007-09-13 08:45:20 1028096]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-01-19 22:28:34 169472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.JPEG"= JPEGCODE.DLL
"VIDC.MJPG"= JPEGCODE.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
S3 SGUARD;SGUARD;C:\WINDOWS\system32\drivers\SGuard.sys []

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 02:55:44 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Dawn.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
"2008-05-02 19:17:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe)/scan-full /scheduleignorenav /scheduled&C:\Program Files\Norton Security Scan
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-09 11:51:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\incdsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
.
**************************************************************************
.
Completion time: 2008-05-09 12:15:27 - machine was rebooted [Dawn]
ComboFix-quarantined-files.txt 2008-05-09 16:15:19
ComboFix2.txt 2008-02-29 15:50:53
ComboFix3.txt 2008-02-28 23:40:49
ComboFix4.txt 2008-02-28 22:36:23
ComboFix5.txt 2007-10-07 21:10:17

Pre-Run: 66,881,163,264 bytes free
Post-Run: 67,002,888,192 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

324 --- E O F --- 2008-04-22 02:43:23
QueenDawn1 is offline