Need help bad. I think It's Virtumundo

G

gomer pyle

New member
From what I've read in the forum on Virtumundo my computer is badly infected.
I tried the Kapersky online scanner but it would'nt work with Firefox and I was not able to successfully find an internet connection with Internet Explorer to run the scan.
I hope you can help. Please.
Here is the hijack this file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:29 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: {27aaf506-2a50-3f58-4cd4-e5c11b961e23} - {32e169b1-1c5e-4dc4-85f3-05a2605faa72} - C:\WINDOWS\system32\wgwldktx.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59DCAE5F-479C-443B-B2AF-E31407BCC8EA} - C:\WINDOWS\system32\ddccd.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: BndVeano4 BHO Class - {8E4881AC-49E2-4761-9542-7E40C73CFB96} - C:\Program Files\QdrDrive\QdrDrive9.dll
O2 - BHO: MSEvents Object - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ymhjdxgx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow .exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [b8cf5291] rundll32.exe "C:\WINDOWS\system32\apbqctha.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [QdrPack11] "C:\Program Files\QdrPack\QdrPack11.exe" (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O20 - Winlogon Notify: khfddef - khfddef.dll (file missing)
O20 - Winlogon Notify: ymhjdxgx - C:\WINDOWS\SYSTEM32\ymhjdxgx.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yohjvtxd.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 11117 bytes
 
Hi gomer pyle and welcome to Safer Networking Forums :)

Are both AntiVir and McAfee up-to-date?

1. Download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here

Post:

- a fresh HijackThis log
- combofix report
 
hijackthis and combofix log 1

First off thanks for responding to my call for help.
Ihave run both the scans and am posting them in a series of replies because they are too long.
As far as Security programs being up to date - I believe they are but I have issues with both programs. They both are very buggy and do not respond well and ussually must be forced to quit because they become idle or juist freeze up.
Anyway, here are the logs.
Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:36 AM, on 1/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O20 - Winlogon Notify: khfddef - khfddef.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9565 bytes
 
Hijackthis and Combofix log 2

ComboFix 08-01-28.2 - Robin Cady 2008-01-28 10:39:29.1 - NTFSx86

Running from: C:\Documents and Settings\Robin Cady\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bkcrtwnz.dll
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\Documents and Settings\Robin Cady\My Documents\pos292A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos292B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos292C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos292D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos292E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos292F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2930.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2931.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2932.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2933.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2934.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2935.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2936.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2937.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2938.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2939.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos293F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2940.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2941.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2942.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2943.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2944.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2945.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2946.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2947.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2948.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2949.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos294F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2950.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2951.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2952.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2953.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2954.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2955.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2956.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2957.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2958.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2959.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos295F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2960.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2961.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2962.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2963.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2964.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2965.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2966.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2967.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2968.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2969.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos296F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2970.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2971.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2972.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2973.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2974.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2975.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2976.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2977.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2978.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2979.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos297F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2980.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2981.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2982.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2983.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2984.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2985.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2986.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2987.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2988.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2989.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos298F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2990.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2991.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2992.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2993.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2994.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2995.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2996.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2997.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2998.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2999.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos299F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29A9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29AF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29B9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29BF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29C9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29CF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29D9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29DF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29E9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29EA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29EB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29EC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29ED.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29EE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29EF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29F9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos29FF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A00.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A01.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A02.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A03.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A04.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A05.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A06.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A07.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A08.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A09.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A0F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A10.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A11.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A12.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A13.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A14.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A15.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A16.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A17.tmp
 
Hijackthis and Combofix log 3

C:\Documents and Settings\Robin Cady\My Documents\pos2A18.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A19.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A1F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A20.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A21.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A22.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A23.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A24.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A25.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A26.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A27.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A28.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A29.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A2F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A30.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A31.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A32.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A33.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A34.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A35.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A36.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A37.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A38.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A39.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A3F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A40.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A41.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A42.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A43.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A44.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A45.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A46.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A47.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A48.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A49.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A4F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A50.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A51.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A52.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A53.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A54.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A55.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A56.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A57.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A58.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A59.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A5F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A60.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A61.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A62.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A63.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A64.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A65.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A66.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A67.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A68.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A69.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A6F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A70.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A71.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A72.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A73.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A74.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A75.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A76.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A77.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A78.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A79.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A7F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A80.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A81.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A82.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A83.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A84.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A85.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A86.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A87.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A88.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A89.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A8F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A90.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A91.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A92.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A93.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A94.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A95.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A96.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A97.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A98.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A99.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2A9F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AA9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AAF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AB9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ABF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AC9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ACF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AD9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2ADF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AE9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AEA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AEB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AEC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AED.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AEE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AEF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF0.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF1.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF2.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF3.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF4.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF5.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF6.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF7.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF8.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AF9.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFA.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFB.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFC.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFD.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFE.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2AFF.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B00.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B01.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B02.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B03.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B04.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B05.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B06.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B07.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B08.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B09.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0D.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0E.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B0F.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B10.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B11.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B12.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B13.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B14.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B15.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B16.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B17.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B18.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B19.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B1A.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B1B.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B1C.tmp
C:\Documents and Settings\Robin Cady\My Documents\pos2B1D.tmp
C:\Documents and Settings\Robin Cady\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Robin Cady\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\pos2731.tmp
C:\pos2732.tmp
C:\pos2733.tmp
C:\pos2734.tmp
C:\pos2735.tmp
C:\pos2736.tmp
C:\pos2737.tmp
C:\pos2738.tmp
C:\pos2739.tmp
C:\pos273A.tmp
C:\pos273B.tmp
C:\pos273C.tmp
C:\pos273E.tmp
C:\pos273F.tmp
C:\pos2740.tmp
C:\pos2742.tmp
C:\pos2744.tmp
C:\pos2745.tmp
C:\pos2746.tmp
C:\pos2747.tmp
C:\pos2748.tmp
 
Hijackthis and Combofix log 4

C:\pos2749.tmp
C:\pos274A.tmp
C:\pos274B.tmp
C:\pos274C.tmp
C:\pos274D.tmp
C:\pos274E.tmp
C:\pos274F.tmp
C:\pos2750.tmp
C:\pos2751.tmp
C:\pos2753.tmp
C:\pos2754.tmp
C:\pos2755.tmp
C:\pos2756.tmp
C:\pos2757.tmp
C:\pos2758.tmp
C:\pos2759.tmp
C:\pos275A.tmp
C:\pos275B.tmp
C:\pos275C.tmp
C:\pos275E.tmp
C:\pos275F.tmp
C:\pos2760.tmp
C:\pos2761.tmp
C:\pos2762.tmp
C:\pos2763.tmp
C:\pos2764.tmp
C:\pos2765.tmp
C:\pos2766.tmp
C:\pos2767.tmp
C:\pos2768.tmp
C:\pos2769.tmp
C:\pos276A.tmp
C:\pos276B.tmp
C:\pos276C.tmp
C:\pos276D.tmp
C:\pos276E.tmp
C:\pos276F.tmp
C:\pos2770.tmp
C:\pos2771.tmp
C:\pos2772.tmp
C:\pos2773.tmp
C:\pos2774.tmp
C:\pos2775.tmp
C:\pos2776.tmp
C:\pos2777.tmp
C:\pos2778.tmp
C:\pos2779.tmp
C:\pos277A.tmp
C:\pos277B.tmp
C:\pos277C.tmp
C:\pos277D.tmp
C:\pos277E.tmp
C:\pos277F.tmp
C:\pos2780.tmp
C:\pos2781.tmp
C:\pos2782.tmp
C:\pos2783.tmp
C:\pos2784.tmp
C:\pos2785.tmp
C:\pos2786.tmp
C:\pos2787.tmp
C:\pos2788.tmp
C:\pos2789.tmp
C:\pos278A.tmp
C:\pos278B.tmp
C:\pos278C.tmp
C:\pos278D.tmp
C:\pos278E.tmp
C:\pos278F.tmp
C:\pos2790.tmp
C:\pos2791.tmp
C:\pos2792.tmp
C:\pos2793.tmp
C:\pos2794.tmp
C:\pos2795.tmp
C:\pos2796.tmp
C:\pos2797.tmp
C:\pos2798.tmp
C:\pos2799.tmp
C:\pos279A.tmp
C:\pos279B.tmp
C:\pos279C.tmp
C:\pos279D.tmp
C:\pos279E.tmp
C:\pos279F.tmp
C:\pos27A0.tmp
C:\pos27A1.tmp
C:\pos27A2.tmp
C:\pos27A3.tmp
C:\pos27A4.tmp
C:\pos27A5.tmp
C:\pos27A6.tmp
C:\pos27A7.tmp
C:\pos27A8.tmp
C:\pos27A9.tmp
C:\pos27AA.tmp
C:\pos27AB.tmp
C:\pos27AC.tmp
C:\pos27AD.tmp
C:\pos27AE.tmp
C:\pos27AF.tmp
C:\pos27B0.tmp
C:\pos27B1.tmp
C:\pos27B2.tmp
C:\pos27B3.tmp
C:\pos27B4.tmp
C:\pos27B5.tmp
C:\pos27B6.tmp
C:\pos27B7.tmp
C:\pos27B8.tmp
C:\pos27B9.tmp
C:\pos27BA.tmp
C:\pos27BB.tmp
C:\pos27BC.tmp
C:\pos27BD.tmp
C:\pos27BE.tmp
C:\pos27BF.tmp
C:\pos27C0.tmp
C:\pos27C1.tmp
C:\pos27C2.tmp
C:\pos27C3.tmp
C:\pos27C4.tmp
C:\pos27C5.tmp
C:\pos27C6.tmp
C:\pos27C7.tmp
C:\pos27C8.tmp
C:\pos27C9.tmp
C:\pos27CA.tmp
C:\pos27CB.tmp
C:\pos27CC.tmp
C:\pos27CD.tmp
C:\pos27CE.tmp
C:\pos27CF.tmp
C:\pos27D0.tmp
C:\pos27D1.tmp
C:\pos27D2.tmp
C:\pos27D3.tmp
C:\pos27D4.tmp
C:\pos27D5.tmp
C:\pos27D6.tmp
C:\pos27D7.tmp
C:\pos27D8.tmp
C:\pos27D9.tmp
C:\pos27DA.tmp
C:\pos27DB.tmp
C:\pos27DC.tmp
C:\pos27DD.tmp
C:\pos27DE.tmp
C:\pos27DF.tmp
C:\pos27E0.tmp
C:\pos27E1.tmp
C:\pos27E2.tmp
C:\pos27E3.tmp
C:\pos27E4.tmp
C:\pos27E5.tmp
C:\pos27E6.tmp
C:\pos27E7.tmp
C:\pos27E8.tmp
C:\pos27E9.tmp
C:\pos27EA.tmp
C:\pos27EB.tmp
C:\pos27EC.tmp
C:\pos27ED.tmp
C:\pos27EE.tmp
C:\pos27EF.tmp
C:\pos27F0.tmp
C:\pos27F1.tmp
C:\pos27F2.tmp
C:\pos27F3.tmp
C:\pos27F4.tmp
C:\pos27F5.tmp
C:\pos27F6.tmp
C:\pos27F7.tmp
C:\pos27F8.tmp
C:\pos27F9.tmp
C:\pos27FA.tmp
C:\pos27FB.tmp
C:\pos27FC.tmp
C:\pos27FD.tmp
C:\pos27FE.tmp
C:\pos27FF.tmp
C:\pos2800.tmp
C:\pos2801.tmp
C:\pos2802.tmp
C:\pos2803.tmp
C:\pos2804.tmp
C:\pos2805.tmp
C:\pos2806.tmp
C:\pos2807.tmp
C:\pos2808.tmp
C:\pos2809.tmp
C:\pos280A.tmp
C:\pos280B.tmp
C:\pos280C.tmp
C:\pos280D.tmp
C:\pos280E.tmp
C:\pos280F.tmp
C:\pos2810.tmp
C:\pos2811.tmp
C:\pos2812.tmp
C:\pos2813.tmp
C:\pos2814.tmp
C:\pos2815.tmp
C:\pos2816.tmp
C:\pos2817.tmp
C:\pos2818.tmp
C:\pos2819.tmp
C:\pos281A.tmp
C:\pos281B.tmp
C:\pos281C.tmp
C:\pos281D.tmp
C:\pos281E.tmp
C:\pos281F.tmp
C:\pos2820.tmp
C:\pos2821.tmp
C:\pos2822.tmp
C:\pos2823.tmp
C:\pos2824.tmp
C:\pos2825.tmp
C:\pos2826.tmp
C:\pos2827.tmp
C:\pos2828.tmp
C:\pos2829.tmp
C:\pos282A.tmp
C:\pos282B.tmp
C:\pos282C.tmp
C:\pos282D.tmp
C:\pos282E.tmp
C:\pos282F.tmp
C:\pos2830.tmp
C:\pos2831.tmp
C:\pos2832.tmp
C:\pos2833.tmp
C:\pos2834.tmp
C:\pos2835.tmp
C:\pos2836.tmp
C:\pos2837.tmp
C:\pos2838.tmp
C:\pos2839.tmp
C:\pos283A.tmp
C:\pos283B.tmp
C:\pos283C.tmp
C:\pos283D.tmp
C:\pos283E.tmp
C:\pos283F.tmp
C:\pos2840.tmp
C:\pos2841.tmp
C:\pos2842.tmp
C:\pos2843.tmp
C:\pos2844.tmp
C:\pos2845.tmp
C:\pos2846.tmp
C:\pos2847.tmp
C:\pos2848.tmp
C:\pos2849.tmp
C:\pos284A.tmp
C:\pos284B.tmp
C:\pos284C.tmp
C:\pos284D.tmp
C:\pos284E.tmp
C:\pos284F.tmp
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\trgts.gz
C:\temp\tn3
C:\WINDOWS\mantec~1
C:\WINDOWS\SYSTEM32\ahtcqbpa.ini
C:\WINDOWS\system32\apbqctha.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bkcrtwnz.dll
C:\WINDOWS\system32\bkcrtwnz.dllbox
C:\WINDOWS\system32\bxyprgvp.dll
C:\WINDOWS\system32\ckuswcwf.dll
C:\WINDOWS\SYSTEM32\dccdd.ini
C:\WINDOWS\SYSTEM32\dccdd.ini2
C:\WINDOWS\system32\ddccd.dll
C:\WINDOWS\system32\ddccd.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\dsfianvp.exe
C:\WINDOWS\SYSTEM32\eqqemsrf.ini
C:\WINDOWS\SYSTEM32\eumjrocx.ini
C:\WINDOWS\SYSTEM32\fwcwsukc.ini
C:\WINDOWS\system32\hbkltyfy.dll
C:\WINDOWS\SYSTEM32\hlvhmbji.ini
C:\WINDOWS\SYSTEM32\kgpgiixx.ini
C:\WINDOWS\SYSTEM32\mancmrwp.ini
C:\WINDOWS\SYSTEM32\mauglbbj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vvnotmnt.exe
C:\WINDOWS\system32\wgwldktx.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wnsapisv32.exe
C:\WINDOWS\SYSTEM32\ychvwtsi.ini
C:\WINDOWS\system32\ymhjdxgx.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\core
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.

2008-01-28 10:40 . 2008-01-28 10:40 14,033 --a------ C:\pos28CB.tmp
2008-01-27 15:25 . 2008-01-27 15:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-01-26 19:12 . 2008-01-26 19:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-26 19:09 . 2008-01-26 19:09 <DIR> d-------- C:\KAV
2008-01-26 18:57 . 2008-01-26 18:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-22 09:15 . 2008-01-22 10:56 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\HouseCall 6.6
2008-01-22 09:08 . 2008-01-22 09:13 <DIR> d-------- C:\Documents and Settings\Robin Cady\.housecall6.6
2008-01-19 22:20 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 22:19 . 2008-01-19 22:19 <DIR> d-------- C:\Program Files\Real
2008-01-19 22:19 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-19 12:54 . 2008-01-19 12:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\Uniblue
2008-01-18 21:44 . 2008-01-20 17:52 <DIR> d-------- C:\Program Files\Remove-it
2008-01-18 19:08 . 2008-01-18 19:12 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\PrevxCSI
2008-01-18 19:08 . 2008-01-18 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-17 09:12 . 2008-01-17 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-17 03:06 . 2008-01-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:46 . 2008-01-16 21:46 163,904 --a------ C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir
2008-01-16 05:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-16 05:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Program Files\Avira
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 17:06 . 2004-08-03 23:56 185,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framedyn.dll
2008-01-15 09:57 . 2008-01-19 12:13 <DIR> d-------- C:\VundoFix Backups
2008-01-14 14:37 . 2008-01-14 19:40 2,112,131 --ahs---- C:\WINDOWS\SYSTEM32\lheyudco.ini
2008-01-10 20:15 . 2008-01-10 20:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-08 14:22 . 2000-01-03 11:05 131,072 --a------ C:\WINDOWS\SYSTEM32\DZIP32.dll
2008-01-08 13:58 . 2008-01-19 16:09 8,678 --a------ C:\WINDOWS\hh.dat
2008-01-08 13:54 . 2008-01-08 13:54 <DIR> d-------- C:\Program Files\Virtual Studio Systems
2007-12-30 11:16 . 2008-01-11 09:05 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-29 11:18 . 2008-01-19 16:20 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\McAfee
2007-12-28 11:31 . 2007-12-28 11:31 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\Ace
2007-12-28 11:29 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\SYSTEM32\d3dx9_32.dll
2007-12-28 11:29 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\SYSTEM32\xinput1_3.dll
2007-12-28 11:28 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\SYSTEM32\d3dx9_31.dll
2007-12-28 11:20 . 2007-12-28 11:20 <DIR> d-------- C:\Program Files\THQ

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 18:52 --------- d-----w C:\Program Files\iTunes
2008-01-26 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-18 17:11 --------- d-----w C:\Program Files\McAfee
2008-01-18 01:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Audacity
2008-01-11 04:37 --------- d-----w C:\Program Files\Easy Songwriter
2008-01-11 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:16 --------- d-----w C:\Program Files\QuickTime
2008-01-02 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-29 03:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Image Zone Express
2007-12-28 19:13 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2007-12-28 05:20 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-28 05:12 --------- d-----w C:\Program Files\McAfee.com
2007-12-27 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-29 02:21 724,984 ----a-w C:\Documents and Settings\Isabella Cady\gotomypc_437.exe
2007-09-25 00:53 724,984 ----a-w C:\Documents and Settings\Robin Cady\gotomypc_437.exe
.
Code: 
<pre>
----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E9C47B8-A8C4-478A-9EA2-73203B9BC50B}]
C:\WINDOWS\system32\ddccd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e44ddc3-4262-4097-b2c1-9915038a0ea2}]
C:\WINDOWS\system32\bxyprgvp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winshow"="C:\WINDOWS\winshow .exe" [ ]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]
"b8cf5291"="C:\WINDOWS\system32\ckuswcwf.dll" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]
"combofix"="C:\ComboFix\kmd.exe" [2004-08-03 23:56 388608]

C:\Documents and Settings\Robin Cady\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 06:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 19:22:22 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)
"DisableTaskMgr"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SFCDisable"=dword:00000004
"System"=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkcrtwnz]
bkcrtwnz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfddef]
khfddef.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddccd


.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 15:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 10:10:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:00:56 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 11:02:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
.
**************************************************************************
.
Completion time: 2008-01-28 11:07:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 19:07:32
.
2008-01-17 11:10:05 --- E O F ---
 
Hi

Open notepad and copy/paste the text in the quotebox below into it:

Code: 
RenV::
----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe

File::
C:\pos28CB.tmp
C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir
C:\WINDOWS\SYSTEM32\lheyudco.ini

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkcrtwnz]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfddef]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E9C47B8-A8C4-478A-9EA2-73203B9BC50B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e44ddc3-4262-4097-b2c1-9915038a0ea2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winshow"=-
"b8cf5291"=-
"combofix"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScript.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
 
new combofix log and hijackthis - part1

Thanks for the last message.
I did as you said and then ran the new scans.

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:04 PM, on 1/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O20 - Winlogon Notify: khfddef - khfddef.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9670 bytes
 
new combofix log and hijackthis - part2

Here is the Combofix Log:



ComboFix 08-01-28.2 - Robin Cady 2008-01-29 10:55:38.2 - NTFSx86

Running from: C:\Documents and Settings\Robin Cady\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-27 15:25 . 2008-01-27 15:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-01-26 19:12 . 2008-01-26 19:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-26 19:09 . 2008-01-26 19:09 <DIR> d-------- C:\KAV
2008-01-26 18:57 . 2008-01-26 18:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-22 09:15 . 2008-01-22 10:56 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\HouseCall 6.6
2008-01-22 09:08 . 2008-01-22 09:13 <DIR> d-------- C:\Documents and Settings\Robin Cady\.housecall6.6
2008-01-19 22:20 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 22:19 . 2008-01-19 22:19 <DIR> d-------- C:\Program Files\Real
2008-01-19 22:19 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-19 12:54 . 2008-01-19 12:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\Uniblue
2008-01-18 21:44 . 2008-01-20 17:52 <DIR> d-------- C:\Program Files\Remove-it
2008-01-18 19:08 . 2008-01-18 19:12 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\PrevxCSI
2008-01-18 19:08 . 2008-01-18 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-17 09:12 . 2008-01-17 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-17 03:06 . 2008-01-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 21:46 . 2008-01-16 21:46 163,904 --a------ C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir
2008-01-16 05:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-16 05:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Program Files\Avira
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 17:06 . 2004-08-03 23:56 185,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framedyn.dll
2008-01-15 09:57 . 2008-01-19 12:13 <DIR> d-------- C:\VundoFix Backups
2008-01-14 14:37 . 2008-01-14 19:40 2,112,131 --ahs---- C:\WINDOWS\SYSTEM32\lheyudco.ini
2008-01-10 20:15 . 2008-01-10 20:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-08 14:22 . 2000-01-03 11:05 131,072 --a------ C:\WINDOWS\SYSTEM32\DZIP32.dll
2008-01-08 13:58 . 2008-01-19 16:09 8,678 --a------ C:\WINDOWS\hh.dat
2008-01-08 13:54 . 2008-01-08 13:54 <DIR> d-------- C:\Program Files\Virtual Studio Systems
2007-12-30 11:16 . 2008-01-11 09:05 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-29 11:18 . 2008-01-19 16:20 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 01:56 --------- d-----w C:\Program Files\iTunes
2008-01-26 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-22 04:22 158,208 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
2008-01-22 04:08 508,928 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-20 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-18 17:11 --------- d-----w C:\Program Files\McAfee
2008-01-18 01:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Audacity
2008-01-11 04:37 --------- d-----w C:\Program Files\Easy Songwriter
2008-01-11 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:16 --------- d-----w C:\Program Files\QuickTime
2008-01-02 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-29 03:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Image Zone Express
2007-12-28 19:31 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Ace
2007-12-28 19:20 --------- d-----w C:\Program Files\THQ
2007-12-28 19:13 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2007-12-28 05:20 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-28 05:12 --------- d-----w C:\Program Files\McAfee.com
2007-12-27 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-29 02:21 724,984 ----a-w C:\Documents and Settings\Isabella Cady\gotomypc_437.exe
2007-09-25 00:53 724,984 ----a-w C:\Documents and Settings\Robin Cady\gotomypc_437.exe
.
Code: 
<pre>
----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14 271672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 19:27 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]

C:\Documents and Settings\Robin Cady\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 06:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 19:22:22 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfddef]
khfddef.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\ddccd


.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 15:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 10:10:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:00:56 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 11:08:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-01-29 11:14:45 - machine was rebooted [Robin Cady]
ComboFix-quarantined-files.txt 2008-01-29 19:14:34
ComboFix2.txt 2008-01-28 19:07:42
.
2008-01-17 11:10:05 --- E O F ---
 
Hi

You didn't seem to follow my instructions.

You are supposed to create a file named CFScript and drag and drop it into ComboFix.exe and not just doubleclick ComboFix.exe in order to run it.

Please try again and ask if something isn't clear before that :)
 
Your instructions

Hi Shaba,
I dragged the file to combofix and it started like it was working and then just quit itself.
So the last post was posted differently than your instructions because I did'nt recieve a log by doing it by just dragging the txt file into the exe file.
Did I do something wrong?
I tried it again and still the same results.
The program acts like it is working and a few command prompt screens pop up but then dissapear with no results.

Thanks and I look forward to more instruction.
 
Hi

Ensure that CFScript is in Desktop.

Go to start and run

Type this and click ok:

"%Userprofile%\Desktop\Combofix /CFScript.txt"

And let me know how it went :)
 
Ok. CFScript is in desktop.
I opened start - run and typed in what you said to do.

It gives me this message:


Windows cannot fin 'C:\documents and settings\robin cady\desktop\Combofix/CFScript.txt'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button and then click Search

I did a search and did confirm that the both of the files do exist at C:\documents and settings\robin cady\desktop

So I don't know what else to do.


Standing by ------ Thanks
 
Hi

Then we remove things using different tools:

First we'll need to backup registry:

Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\bkcrtwnz]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfddef]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0E9C47B8-A8C4-478A-9EA2-73203B9BC50B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4e44ddc3-4262-4097-b2c1-9915038a0ea2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winshow"=-
"b8cf5291"=-
"combofix"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\pos28CB.tmp
C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir
C:\WINDOWS\SYSTEM32\lheyudco.ini
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download and save to RenV.exe from following link to Desktop:

http://download.bleepingcomputer.com/sUBs/Beta/RenV.exe

Open NOTEPAD and copy/paste the text in the quotebox below into it:

Code: 
----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe

Save this as Log.txt to Desktop.

RenV.gif


Refering to the picture above, drag Log.txt into RenV.exe

When finished, it shall produce a new log for you. Post that log in your next reply.

Re-run combofix.

Post:

- a fresh HijackThis log
- RenV log
- combofix report
- otmoveit2 log
 
Ok thanks here are the results.
My computer is starting to behave itself.
Seems like whatever is happening is working.
I am very happy with the results so far.
Thanks Shaba!

Otmoveit log file.

File/Folder C:\pos28CB.tmp not found.
File move failed. C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir scheduled to be moved on reboot.

08-01-27 03:31:47 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w 153,136 2007-12-28 19:13:35 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 152,872 2007-12-28 19:13:51 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w 185,632 2007-12-28 19:13:40 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 70,816 2007-12-27 23:07:38 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 135,264 2007-12-28 19:14:31 C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w 53,248 2007-12-28 19:13:06 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w 49,152 2007-12-28 19:13:13 C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w 271,672 2008-01-27 03:31:42 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 1,694,208 2007-12-28 19:13:51 C:\Program Files\Messenger\msmsgs .exe
----a-w 282,624 2008-01-11 12:47:04 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-11 12:47:05 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-11 12:47:06 C:\Program Files\QuickTime\qttask .exe
----a-w 282,624 2008-01-11 12:47:06 C:\Program Files\QuickTime\qttask .exe
----a-w 1,773,568 2007-12-29 08:20:13 C:\Program Files\support.com\bin\tgcmd .exe
----a-w 90,112 2007-12-28 19:13:12 C:\WINDOWS\UpdReg .EXE
----a-w 158,208 2008-01-22 04:22:06 C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w 114,688 2007-12-28 19:13:07 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2007-12-28 19:13:07 C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w 151,552 2007-12-28 19:13:17 C:\WINDOWS\SYSTEM32\NeroCheck .exe

Entries: 22 (22)
Directories: 0 Files: 22
Bytes: 6,693,672 Blocks: 13,079
[/code]


HiJackThis log

Code: 
Ran on Thu 01/31/2008 - 16:22:37.79

----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe

 Entries:               22  (22)
 Directories:            0  Files:            22
 Bytes:          6,693,672  Blocks:       13,079


COMBOFIX LOG


ComboFix 08-01-28.2 - Robin Cady 2008-01-31 16:29:07.3 - NTFSx86

Running from: C:\Documents and Settings\Robin Cady\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-27 15:25 . 2008-01-27 15:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-01-26 19:12 . 2008-01-26 19:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-26 19:09 . 2008-01-26 19:09 <DIR> d-------- C:\KAV
2008-01-26 18:57 . 2008-01-26 18:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-22 09:15 . 2008-01-22 10:56 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\HouseCall 6.6
2008-01-22 09:08 . 2008-01-22 09:13 <DIR> d-------- C:\Documents and Settings\Robin Cady\.housecall6.6
2008-01-19 22:20 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 22:19 . 2008-01-19 22:19 <DIR> d-------- C:\Program Files\Real
2008-01-19 22:19 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-19 12:54 . 2008-01-19 12:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\Uniblue
2008-01-18 21:44 . 2008-01-20 17:52 <DIR> d-------- C:\Program Files\Remove-it
2008-01-18 19:08 . 2008-01-18 19:12 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\PrevxCSI
2008-01-18 19:08 . 2008-01-18 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-17 09:12 . 2008-01-17 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-17 03:06 . 2008-01-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 05:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-16 05:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Program Files\Avira
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 17:06 . 2004-08-03 23:56 185,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framedyn.dll
2008-01-15 09:57 . 2008-01-19 12:13 <DIR> d-------- C:\VundoFix Backups
2008-01-10 20:15 . 2008-01-10 20:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-08 14:22 . 2000-01-03 11:05 131,072 --a------ C:\WINDOWS\SYSTEM32\DZIP32.dll
2008-01-08 13:58 . 2008-01-19 16:09 8,678 --a------ C:\WINDOWS\hh.dat
2008-01-08 13:54 . 2008-01-08 13:54 <DIR> d-------- C:\Program Files\Virtual Studio Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 01:56 --------- d-----w C:\Program Files\iTunes
2008-01-26 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-20 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-20 00:20 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\McAfee
2008-01-18 17:11 --------- d-----w C:\Program Files\McAfee
2008-01-18 01:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Audacity
2008-01-11 17:05 --------- d-----w C:\Program Files\RcvSystem
2008-01-11 04:37 --------- d-----w C:\Program Files\Easy Songwriter
2008-01-11 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-08 22:16 --------- d-----w C:\Program Files\QuickTime
2008-01-02 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-29 03:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Image Zone Express
2007-12-28 19:31 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Ace
2007-12-28 19:20 --------- d-----w C:\Program Files\THQ
2007-12-28 19:13 90,112 ----a-w C:\WINDOWS\UpdReg .EXE
2007-12-28 05:20 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-28 05:12 --------- d-----w C:\Program Files\McAfee.com
2007-12-27 23:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-27 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-29 02:21 724,984 ----a-w C:\Documents and Settings\Isabella Cady\gotomypc_437.exe
2007-09-25 00:53 724,984 ----a-w C:\Documents and Settings\Robin Cady\gotomypc_437.exe
.
Code: 
<pre>
----a-w            63,712 2007-12-28 19:13:20  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w           249,896 2008-01-27 03:31:47  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\WINDOWS\SYSTEM32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14 271672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 19:27 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]

C:\Documents and Settings\Robin Cady\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 06:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 19:22:22 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=" "


.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 15:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 10:10:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-01-01 09:00:56 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 16:34:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-31 16:37:58
ComboFix-quarantined-files.txt 2008-02-01 00:37:48
ComboFix2.txt 2008-01-29 19:14:45
ComboFix3.txt 2008-01-28 19:07:42
.
2008-01-17 11:10:05 --- E O F ---
 
Otmoveit Log

I don't think the entirety posted in my last post.
Here it is.

File/Folder C:\pos28CB.tmp not found.
File move failed. C:\WINDOWS\SYSTEM32\ymhjdxgx.dll.vir scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\lheyudco.ini moved successfully.

OTMoveIt2 v1.0.17 log created on 01312008_160202
 
HiJackThis Log

Here is a fresh log.
Thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:10 AM, on 2/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-4219811858-3455423638-1855872279-1008\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-4219811858-3455423638-1855872279-1008 Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe (User '?')
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robin Cady\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1200448995890
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe (file missing)

--
End of file - 9662 bytes
 
Hi

As RenV didn't work, we need to delete certain startup programs and you will need to re-install; unfortunately we can do nothing about that.

  • Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: 
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl 
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Messenger\msmsgs .exe
C:\Program Files\QuickTime\qttask    .exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\support.com\bin\tgcmd .exe
C:\WINDOWS\UpdReg .EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\WINDOWS\SYSTEM32\NeroCheck .exe
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run combofix.

Post:

- a fresh HijackThis log
- combofix report
- otmoveit2 log
 
most current log reports part1

Here's the latest.

Thanks a million


OTMoveIt Log


C:\Program Files\Common Files\Symantec Shared\ccApp .exe moved successfully.
C:\Program Files\Creative\SBLive\Diagnostics\diagent .exe moved successfully.
C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe moved successfully.
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe moved successfully.
C:\Program Files\iTunes\iTunesHelper .exe moved successfully.
C:\Program Files\Messenger\msmsgs .exe moved successfully.
C:\Program Files\QuickTime\qttask .exe moved successfully.
C:\Program Files\QuickTime\qttask .exe moved successfully.
C:\Program Files\QuickTime\qttask .exe moved successfully.
C:\Program Files\QuickTime\qttask .exe moved successfully.
C:\Program Files\support.com\bin\tgcmd .exe moved successfully.
C:\WINDOWS\UpdReg .EXE moved successfully.
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe moved successfully.
C:\WINDOWS\SYSTEM32\hkcmd .exe moved successfully.
C:\WINDOWS\SYSTEM32\igfxtray .exe moved successfully.
C:\WINDOWS\SYSTEM32\NeroCheck .exe moved successfully.

OTMoveIt2 v1.0.17 log created on 02012008_120817


COMBOFIX LOG

ComboFix 08-01-28.2 - Robin Cady 2008-02-01 12:22:01.4 - NTFSx86

Running from: C:\Documents and Settings\Robin Cady\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01 )))))))))))))))))))))))))))))))
.

2008-01-27 15:25 . 2008-01-27 15:25 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-01-26 19:12 . 2008-01-26 19:12 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-26 19:09 . 2008-01-26 19:09 <DIR> d-------- C:\KAV
2008-01-26 18:57 . 2008-01-26 18:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-22 09:19 . 2007-08-01 16:47 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2008-01-22 09:15 . 2008-01-22 10:56 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\HouseCall 6.6
2008-01-22 09:08 . 2008-01-22 09:13 <DIR> d-------- C:\Documents and Settings\Robin Cady\.housecall6.6
2008-01-19 22:20 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-01-19 22:19 . 2008-01-19 22:19 <DIR> d-------- C:\Program Files\Real
2008-01-19 22:19 . 2008-01-19 22:20 <DIR> d-------- C:\Program Files\Common Files\Real
2008-01-19 12:54 . 2008-01-19 12:54 24,576 --a------ C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
2008-01-19 12:08 . 2008-01-19 12:08 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\Uniblue
2008-01-18 21:44 . 2008-01-20 17:52 <DIR> d-------- C:\Program Files\Remove-it
2008-01-18 19:08 . 2008-01-18 19:12 <DIR> d-------- C:\Documents and Settings\Robin Cady\Application Data\PrevxCSI
2008-01-18 19:08 . 2008-01-18 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-17 09:12 . 2008-01-17 09:12 <DIR> d-------- C:\Program Files\CCleaner
2008-01-17 03:06 . 2008-01-17 03:06 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-16 05:05 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-16 05:05 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Program Files\Avira
2008-01-15 18:24 . 2008-01-15 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-15 17:06 . 2004-08-03 23:56 185,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\framedyn.dll
2008-01-15 09:57 . 2008-01-19 12:13 <DIR> d-------- C:\VundoFix Backups
2008-01-10 20:15 . 2008-01-10 20:15 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2008-01-08 14:22 . 2000-01-03 11:05 131,072 --a------ C:\WINDOWS\SYSTEM32\DZIP32.dll
2008-01-08 13:58 . 2008-01-19 16:09 8,678 --a------ C:\WINDOWS\hh.dat
2008-01-08 13:54 . 2008-01-08 13:54 <DIR> d-------- C:\Program Files\Virtual Studio Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 20:08 --------- d-----w C:\Program Files\QuickTime
2008-02-01 20:08 --------- d-----w C:\Program Files\iTunes
2008-02-01 20:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-26 02:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-22 04:08 508,928 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2008-01-20 00:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-20 00:20 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\McAfee
2008-01-18 17:11 --------- d-----w C:\Program Files\McAfee
2008-01-18 01:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Audacity
2008-01-11 17:05 --------- d-----w C:\Program Files\RcvSystem
2008-01-11 04:37 --------- d-----w C:\Program Files\Easy Songwriter
2008-01-11 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 02:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-29 03:12 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Image Zone Express
2007-12-28 19:31 --------- d-----w C:\Documents and Settings\Robin Cady\Application Data\Ace
2007-12-28 19:20 --------- d-----w C:\Program Files\THQ
2007-12-28 05:20 --------- d-----w C:\Program Files\Common Files\McAfee
2007-12-28 05:12 --------- d-----w C:\Program Files\McAfee.com
2007-12-27 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jscript.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\SYSTEM32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\lsasrv.dll
2007-09-29 02:21 724,984 ----a-w C:\Documents and Settings\Isabella Cady\gotomypc_437.exe
2007-09-25 00:53 724,984 ----a-w C:\Documents and Settings\Robin Cady\gotomypc_437.exe
.
Code: 
<pre>
----a-w            39,792 2007-12-28 19:13:23  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w            63,712 2007-12-28 19:13:20  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w           249,896 2008-01-27 03:31:47  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt .exe
----a-w           153,136 2007-12-28 19:13:35  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w           152,872 2007-12-28 19:13:51  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Common Files\Ahead\Lib\NMBgMonitor .exe
----a-w           185,632 2007-12-28 19:13:40  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            70,816 2007-12-27 23:07:38  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           135,264 2007-12-28 19:14:31  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Creative\SBLive\Diagnostics\diagent .exe
----a-w            53,248 2007-12-28 19:13:06  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w            49,152 2007-12-28 19:13:13  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\HP\HP Software Update\HPWuSchd2 .exe
----a-w           271,672 2008-01-27 03:31:42  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\iTunes\iTunesHelper .exe
----a-w         1,694,208 2007-12-28 19:13:51  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\Messenger\msmsgs .exe
----a-w           282,624 2008-01-11 12:47:04  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\QuickTime\qttask    .exe
----a-w           282,624 2008-01-11 12:47:05  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\QuickTime\qttask   .exe
----a-w           282,624 2008-01-11 12:47:06  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\QuickTime\qttask  .exe
----a-w           282,624 2008-01-11 12:47:06  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\QuickTime\qttask .exe
----a-w         1,773,568 2007-12-29 08:20:13  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\Program Files\support.com\bin\tgcmd .exe
----a-w            90,112 2007-12-28 19:13:12  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\WINDOWS\UpdReg .EXE
----a-w           158,208 2008-01-22 04:22:06  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
----a-w           114,688 2007-12-28 19:13:07  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2007-12-28 19:13:07  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\WINDOWS\SYSTEM32\igfxtray .exe
----a-w           151,552 2007-12-28 19:13:17  C:\_OTMoveIt\MovedFiles\[u]0[/u]2012008_120817\WINDOWS\SYSTEM32\NeroCheck .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"NeroCheck"="C:\WINDOWS\System32\NeroCheck.exe" [ ]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14 271672]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [ ]
"diagent"="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" [ ]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-28 19:27 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [ ]

C:\Documents and Settings\Robin Cady\Start Menu\Programs\Startup\
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2005-04-02 06:08:48 372224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-30 19:22:22 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24 258048]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"=" "


.
Contents of the 'Scheduled Tasks' folder
"2008-01-26 15:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-15 10:10:08 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 09:00:27 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-01 12:28:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-01 12:32:33
ComboFix-quarantined-files.txt 2008-02-01 20:32:24
ComboFix2.txt 2008-02-01 00:37:59
ComboFix3.txt 2008-01-29 19:14:45
ComboFix4.txt 2008-01-28 19:07:42
.
2008-01-17 11:10:05 --- E O F ---
 
You must log in or register to reply here.
Back
Top