Hey, thanks for the response, here are the logs
ComboFix 08-06-20.4 - sdasd 2008-06-30 12:12:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.299 [GMT -4:00]
Running from: C:\Documents and Settings\TEMP.D5S3ZG81\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\TEMP~1.D5S\LOCALS~1\Temp\_A00F45B00DB.exe
C:\DOCUME~1\TEMP~1.D5S\LOCALS~1\Temp\_A00F97FBB31.exe
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\mike.D5S3ZG81\Local Settings\Temp\_A00F8691C1B.exe
C:\Documents and Settings\Mike\Application Data\DOBE~1
C:\Program Files\AIM6\aim6 .exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon .exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Online Services\hoqexizim24418.dll
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\racle~1
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Temp\1cb
C:\Temp\sanR24
C:\WINDOWS\BMff2d89b8.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaefrvfh.ini
C:\WINDOWS\system32\abodoyqi.ini
C:\WINDOWS\system32\aghhshoc.ini
C:\WINDOWS\system32\aoknxfjv.ini
C:\WINDOWS\system32\arnypaxy.dll
C:\WINDOWS\system32\aruhhatv.dll
C:\WINDOWS\system32\auceosqx.ini
C:\WINDOWS\system32\auvitumk.ini
C:\WINDOWS\system32\awaxoixk.exe
C:\WINDOWS\system32\awffchtg.ini
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\awtqo.exe
C:\WINDOWS\system32\barivxyw.ini
C:\WINDOWS\system32\beebgexu.ini
C:\WINDOWS\system32\bfldtchi.ini
C:\WINDOWS\system32\bfqtvxgl.exe
C:\WINDOWS\system32\bhufwyef.exe
C:\WINDOWS\system32\bhwdojlm.ini
C:\WINDOWS\system32\bmrnbmeo.dll
C:\WINDOWS\system32\bnalismf.ini
C:\WINDOWS\system32\bnbteael.exe
C:\WINDOWS\system32\bojouyfq.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\bttlkrpw.ini
C:\WINDOWS\system32\btxjfqih.ini
C:\WINDOWS\system32\byqbesme.dll
C:\WINDOWS\system32\byxxxvu.dll
C:\WINDOWS\system32\ceygxumb.exe
C:\WINDOWS\system32\cfggepak.ini
C:\WINDOWS\system32\cfhjiggk.exe
C:\WINDOWS\system32\cgaqextm.exe
C:\WINDOWS\system32\cigcbyln.dll
C:\WINDOWS\system32\clihdkik.ini
C:\WINDOWS\system32\clmadamb.ini
C:\WINDOWS\system32\clrgrywb.ini
C:\WINDOWS\system32\copqxfwx.exe
C:\WINDOWS\system32\cpkuwwio.ini
C:\WINDOWS\system32\crbqdgpm.ini
C:\WINDOWS\system32\crovcaod.ini
C:\WINDOWS\system32\csihwyhi.ini
C:\WINDOWS\system32\ctjbjxvc.dll
C:\WINDOWS\system32\cvtpnhug.dll
C:\WINDOWS\system32\cwnejwmg.ini
C:\WINDOWS\system32\cxhlor.dll
C:\WINDOWS\system32\cxtdohmx.ini
C:\WINDOWS\system32\cymanmkm.ini
C:\WINDOWS\system32\dacjxiit.dll
C:\WINDOWS\system32\dbawffqw.ini
C:\WINDOWS\system32\ddexsrhc.ini
C:\WINDOWS\system32\dfghbawm.ini
C:\WINDOWS\system32\dgjienpd.ini
C:\WINDOWS\system32\dhnyulhr.ini
C:\WINDOWS\system32\dibnotqm.ini
C:\WINDOWS\system32\divclpqp.ini
C:\WINDOWS\system32\dixhcuqd.ini
C:\WINDOWS\system32\djdonfdh.ini
C:\WINDOWS\system32\dlmlbiet.exe
C:\WINDOWS\system32\dlnbywju.dll
C:\WINDOWS\system32\doiabhqy.ini
C:\WINDOWS\system32\dolsroix.ini
C:\WINDOWS\system32\dpdnelas.dll
C:\WINDOWS\system32\dpwhdfbl.ini
C:\WINDOWS\system32\dxoyefia.dll
C:\WINDOWS\system32\ecvmyrko.ini
C:\WINDOWS\system32\edobngby.dll
C:\WINDOWS\system32\efbmwtal.exe
C:\WINDOWS\system32\ehfhcovd.ini
C:\WINDOWS\system32\eiasygfg.ini
C:\WINDOWS\system32\eihskygy.ini
C:\WINDOWS\system32\eixtnfgm.ini
C:\WINDOWS\system32\ekrdmeio.ini
C:\WINDOWS\system32\elwoljsv.ini
C:\WINDOWS\system32\eofmnsjx.ini
C:\WINDOWS\system32\eslvabtl.ini
C:\WINDOWS\system32\etnqhgsf.ini
C:\WINDOWS\system32\etpkfhni.exe
C:\WINDOWS\system32\etrpqygy.exe
C:\WINDOWS\system32\evmqppjj.ini
C:\WINDOWS\system32\fanyqxyq.ini
C:\WINDOWS\system32\fbkafekg.ini
C:\WINDOWS\system32\fdijqwyy.ini
C:\WINDOWS\system32\fgehotjh.exe
C:\WINDOWS\system32\figdbofl.ini
C:\WINDOWS\system32\fjqmmrje.ini
C:\WINDOWS\system32\fmyrprqu.exe
C:\WINDOWS\system32\foeifqva.ini
C:\WINDOWS\system32\fortluqe.ini
C:\WINDOWS\system32\ftkvkfje.ini
C:\WINDOWS\system32\fuyjvffx.ini
C:\WINDOWS\system32\fvkffedi.ini
C:\WINDOWS\system32\gaffbfnn.ini
C:\WINDOWS\system32\gatkiasr.ini
C:\WINDOWS\system32\gbvirdpe.ini
C:\WINDOWS\system32\gdrydiym.ini
C:\WINDOWS\system32\geegnbaf.exe
C:\WINDOWS\system32\gekxmgek.dll
C:\WINDOWS\system32\ggjpvuej.ini
C:\WINDOWS\system32\ggvpyvsv.ini
C:\WINDOWS\system32\ghpjjvyr.ini
C:\WINDOWS\system32\ghysiulb.exe
C:\WINDOWS\system32\gjrguhrq.ini
C:\WINDOWS\system32\gllextnk.ini
C:\WINDOWS\system32\gmdrjmub.ini
C:\WINDOWS\system32\gopomohu.ini
C:\WINDOWS\system32\gpmmojoo.exe
C:\WINDOWS\system32\gsevjcwd.ini
C:\WINDOWS\system32\gsgddoaa.exe
C:\WINDOWS\system32\gsjludew.dll
C:\WINDOWS\system32\gtdnxoeu.ini
C:\WINDOWS\system32\gumleuax.ini
C:\WINDOWS\system32\gunjqqff.ini
C:\WINDOWS\system32\hbfhfpcr.ini
C:\WINDOWS\system32\hblkqgdb.ini
C:\WINDOWS\system32\hcyhjfqh.ini
C:\WINDOWS\system32\hegnivhe.exe
C:\WINDOWS\system32\hejsswca.ini
C:\WINDOWS\system32\hginvvsd.ini
C:\WINDOWS\system32\hheonf.dll
C:\WINDOWS\system32\hhtryufd.ini
C:\WINDOWS\system32\hihkygfo.ini
C:\WINDOWS\system32\hiusnlue.ini
C:\WINDOWS\system32\hjltfrip.exe
C:\WINDOWS\system32\hjxkhmef.dll
C:\WINDOWS\system32\hkdleqds.ini
C:\WINDOWS\system32\hlwwqfhr.ini
C:\WINDOWS\system32\hpuvrofn.ini
C:\WINDOWS\system32\hqbpkpht.ini
C:\WINDOWS\system32\hsklucdr.ini
C:\WINDOWS\system32\hswofptb.exe
C:\WINDOWS\system32\hvnqjfti.dll
C:\WINDOWS\system32\hwocpecn.ini
C:\WINDOWS\system32\iavacghd.ini
C:\WINDOWS\system32\iceekyfb.ini
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\iDlo01\iDlo011065.exe
C:\WINDOWS\system32\iefcwiev.ini
C:\WINDOWS\system32\ierdujdn.ini
C:\WINDOWS\system32\ihuexwfx.ini
C:\WINDOWS\system32\ijndrduy.dll
C:\WINDOWS\system32\ijrcerjb.exe
C:\WINDOWS\system32\ijtkgkhx.ini
C:\WINDOWS\system32\ilodnmkj.ini
C:\WINDOWS\system32\imqgcxem.exe
C:\WINDOWS\system32\inkpusjb.ini
C:\WINDOWS\system32\iqrjvjvc.ini
C:\WINDOWS\system32\itqubapy.ini
C:\WINDOWS\system32\itsnypau.ini
C:\WINDOWS\system32\iuvcbxpu.ini
C:\WINDOWS\system32\ixeflnwh.ini
C:\WINDOWS\system32\ixowsnlh.ini
C:\WINDOWS\system32\jagqqabo.ini
C:\WINDOWS\system32\jbmwopfb.ini
C:\WINDOWS\system32\jcasdqmn.ini
C:\WINDOWS\system32\jhtnxxqi.ini
C:\WINDOWS\system32\jhxmyvdm.ini
C:\WINDOWS\system32\jirmgspt.ini
C:\WINDOWS\system32\jjskbhfa.ini
C:\WINDOWS\system32\jnvuhpwi.dll
C:\WINDOWS\system32\joueofpr.ini
C:\WINDOWS\system32\jvrjuhtm.ini
C:\WINDOWS\system32\jxcfrpah.exe
C:\WINDOWS\system32\jxkopsab.ini
C:\WINDOWS\system32\jyhhrwvn.exe
C:\WINDOWS\system32\kdmdcesx.ini
C:\WINDOWS\system32\kecchtop.ini
C:\WINDOWS\system32\kfypxtvn.ini
C:\WINDOWS\system32\kgbdqfqg.exe
C:\WINDOWS\system32\kgpfyecm.dll
C:\WINDOWS\system32\khcanpab.ini
C:\WINDOWS\system32\khhrrrgi.exe
C:\WINDOWS\system32\khuuqh.dll
C:\WINDOWS\system32\kkjdjpjv.ini
C:\WINDOWS\system32\kkkdvifa.ini
C:\WINDOWS\system32\kktdbwol.ini
C:\WINDOWS\system32\knxovspb.exe
C:\WINDOWS\system32\kqsyikkr.exe
C:\WINDOWS\system32\krcjykod.ini
C:\WINDOWS\system32\kwfmtmos.ini
C:\WINDOWS\system32\kyasgoah.ini
C:\WINDOWS\system32\ladlkrph.ini
C:\WINDOWS\system32\lbbvpepn.exe
C:\WINDOWS\system32\lefklech.ini
C:\WINDOWS\system32\lfldknyb.ini
C:\WINDOWS\system32\lgbpthej.ini
C:\WINDOWS\system32\lhtcujlv.ini
C:\WINDOWS\system32\lifnnoro.ini
C:\WINDOWS\system32\liuopqkc.ini
C:\WINDOWS\system32\ljacclbn.ini
C:\WINDOWS\system32\llphpiej.dll
C:\WINDOWS\system32\llsurnlc.ini
C:\WINDOWS\system32\lltujrsq.ini
C:\WINDOWS\system32\lnvrjvsp.ini
C:\WINDOWS\system32\lqexmkpm.exe
C:\WINDOWS\system32\lskinnit.ini
C:\WINDOWS\system32\lsxgrebb.ini
C:\WINDOWS\system32\ltalofwx.ini
C:\WINDOWS\system32\lvdmukis.ini
C:\WINDOWS\system32\lvlfpvcs.ini
C:\WINDOWS\system32\lwauahii.ini
C:\WINDOWS\system32\lwspguiq.ini
C:\WINDOWS\system32\lybirrqs.dll
C:\WINDOWS\system32\lyohuqds.ini
C:\WINDOWS\system32\mahqvroo.dll
C:\WINDOWS\system32\mantec~1
C:\WINDOWS\system32\mchrwyye.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mctnhbnb.ini
C:\WINDOWS\system32\mdpjxpcj.ini
C:\WINDOWS\system32\mgbclacl.ini
C:\WINDOWS\system32\mhilpqcp.ini
C:\WINDOWS\system32\mhllsgln.ini
C:\WINDOWS\system32\mimqvqcv.ini
C:\WINDOWS\system32\mkhgbacx.exe
C:\WINDOWS\system32\mkokjyqw.ini
C:\WINDOWS\system32\mmxchy.dll
C:\WINDOWS\system32\mpglsgyb.ini
C:\WINDOWS\system32\msidykhq.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msoongon.ini
C:\WINDOWS\system32\muedcxjn.dll
C:\WINDOWS\system32\murhystj.exe
C:\WINDOWS\system32\mwfypvil.ini
C:\WINDOWS\system32\mxucncfc.dll
C:\WINDOWS\system32\nacglaoi.ini
C:\WINDOWS\system32\nbklxskn.ini
C:\WINDOWS\system32\ncsegago.ini
C:\WINDOWS\system32\ndutvbhv.dll
C:\WINDOWS\system32\ngdxfaxb.ini
C:\WINDOWS\system32\niqpkfxf.ini
C:\WINDOWS\system32\nlmlis.dll
C:\WINDOWS\system32\nlybcgic.ini
C:\WINDOWS\system32\nqksyniu.ini
C:\WINDOWS\system32\ntsjyhbg.ini
C:\WINDOWS\system32\nwpqgmfb.exe
C:\WINDOWS\system32\nwuiluwt.exe
C:\WINDOWS\system32\nwwijqei.ini
C:\WINDOWS\system32\nxqjnkrq.exe
C:\WINDOWS\system32\obhttryh.ini
C:\WINDOWS\system32\obkphhit.ini
C:\WINDOWS\system32\ocvhqcos.ini
C:\WINDOWS\system32\ocwatkbp.exe
C:\WINDOWS\system32\oejhrgpf.dll
C:\WINDOWS\system32\oenonigt.ini
C:\WINDOWS\system32\ogjbshas.ini
C:\WINDOWS\system32\oiemdrke.dll
C:\WINDOWS\system32\ojchetcx.ini
C:\WINDOWS\system32\ojekievj.ini
C:\WINDOWS\system32\ojsfatvy.ini
C:\WINDOWS\system32\oniyokfl.ini
C:\WINDOWS\system32\ootrdkos.ini
C:\WINDOWS\system32\oqtwa.ini
C:\WINDOWS\system32\oqtwa.ini2
C:\WINDOWS\system32\ormshwqw.ini
C:\WINDOWS\system32\orteabtg.ini
C:\WINDOWS\system32\othrnynv.ini
C:\WINDOWS\system32\ouhujgpt.exe
C:\WINDOWS\system32\owaylkoo.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pafrmftl.ini
C:\WINDOWS\system32\pagfofei.ini
C:\WINDOWS\system32\pgpndxpt.ini
C:\WINDOWS\system32\piihloxt.ini
C:\WINDOWS\system32\plqpeuyg.exe
C:\WINDOWS\system32\pobymvej.dll
C:\WINDOWS\system32\polpyklg.exe
C:\WINDOWS\system32\pouyqmxn.dll
C:\WINDOWS\system32\ppujbpva.ini
C:\WINDOWS\system32\pqapaxfr.ini
C:\WINDOWS\system32\pqiqfrdm.dll
C:\WINDOWS\system32\projavsw.ini
C:\WINDOWS\system32\psebcumv.ini
C:\WINDOWS\system32\ptudtphh.exe
C:\WINDOWS\system32\puebmtgm.dll
C:\WINDOWS\system32\pvqkwsjy.exe
C:\WINDOWS\system32\pwyqdmon.ini
C:\WINDOWS\system32\pyqqqnjd.ini
C:\WINDOWS\system32\qayvocwd.ini
C:\WINDOWS\system32\qcflvyis.ini
C:\WINDOWS\system32\qdsldkln.ini
C:\WINDOWS\system32\qduoriob.exe
C:\WINDOWS\system32\qhcobgec.dll
C:\WINDOWS\system32\qhfdysoa.dll
C:\WINDOWS\system32\qilkvufx.ini
C:\WINDOWS\system32\qkneyhki.ini
C:\WINDOWS\system32\qlhmgujo.ini
C:\WINDOWS\system32\qnmwqhgo.ini
C:\WINDOWS\system32\qnsydcnw.ini
C:\WINDOWS\system32\qonoxwcx.exe
C:\WINDOWS\system32\qprkxihe.ini
C:\WINDOWS\system32\qpsyjjbv.ini
C:\WINDOWS\system32\qqtrddbc.ini
C:\WINDOWS\system32\qriatfwf.exe
C:\WINDOWS\system32\qrilqyyf.ini
C:\WINDOWS\system32\qtwjpjih.ini
C:\WINDOWS\system32\quiisnya.ini
C:\WINDOWS\system32\qvhqcdmg.ini
C:\WINDOWS\system32\qwclldaw.ini
C:\WINDOWS\system32\qyrbrjyi.ini
C:\WINDOWS\system32\rbrqjhio.ini
C:\WINDOWS\system32\rbspmyai.ini
C:\WINDOWS\system32\rchgncbt.ini
C:\WINDOWS\system32\reavgtkk.ini
C:\WINDOWS\system32\retvaifk.ini
C:\WINDOWS\system32\rfxapaqp.dll
C:\WINDOWS\system32\rfypktww.ini
C:\WINDOWS\system32\rhidhcko.exe
C:\WINDOWS\system32\rhyoimey.exe
C:\WINDOWS\system32\riawiedn.ini
C:\WINDOWS\system32\riefbhyq.ini
C:\WINDOWS\system32\rjjbuyea.ini
C:\WINDOWS\system32\rkkojgsd.ini
C:\WINDOWS\system32\rmdhadvi.dll
C:\WINDOWS\system32\rndosqcg.ini
C:\WINDOWS\system32\rnkqcpfr.ini
C:\WINDOWS\system32\rovfchxn.ini
C:\WINDOWS\system32\rqtddkbh.ini
C:\WINDOWS\system32\rrdtmmcl.ini
C:\WINDOWS\system32\rssvrfud.ini
C:\WINDOWS\system32\rxjpewhr.ini
C:\WINDOWS\system32\ryigjpif.ini
C:\WINDOWS\system32\rylhrvww.ini
C:\WINDOWS\system32\saqjxtts.ini
C:\WINDOWS\system32\sbajwaeg.exe
C:\WINDOWS\system32\scauilud.ini
C:\WINDOWS\system32\seigqdnu.ini
C:\WINDOWS\system32\shahvyrm.ini
C:\WINDOWS\system32\shlwijwc.ini
C:\WINDOWS\system32\shxtnkrb.ini
C:\WINDOWS\system32\sikumdvl.dll
C:\WINDOWS\system32\sjndcmau.ini
C:\WINDOWS\system32\slelyjxf.ini
C:\WINDOWS\system32\sljlobik.ini
C:\WINDOWS\system32\sltoptnp.ini
C:\WINDOWS\system32\sndxfrjn.ini
C:\WINDOWS\system32\sojwfymt.ini
C:\WINDOWS\system32\sossqtyq.ini
C:\WINDOWS\system32\sqowivec.ini
C:\WINDOWS\system32\srhwigbm.ini
C:\WINDOWS\system32\stujqmfu.ini
C:\WINDOWS\system32\sucxbhsj.ini
C:\WINDOWS\system32\swyuexql.ini
C:\WINDOWS\system32\sxpmhmyf.exe
C:\WINDOWS\system32\sxqeyn.dll
C:\WINDOWS\system32\tafueany.ini
C:\WINDOWS\system32\taspcehj.dll
C:\WINDOWS\system32\tboaeaww.ini
C:\WINDOWS\system32\tefwyhrv.dll
C:\WINDOWS\system32\texcyfpp.ini
C:\WINDOWS\system32\tgjjovsq.ini
C:\WINDOWS\system32\tgkxkjtl.ini
C:\WINDOWS\system32\thdaeeli.ini
C:\WINDOWS\system32\tifxlhci.ini
C:\WINDOWS\system32\tjctinth.ini
C:\WINDOWS\system32\tkiydftd.ini
C:\WINDOWS\system32\tluhopof.ini
C:\WINDOWS\system32\tlvkckeo.ini
C:\WINDOWS\system32\tmbxqhqp.ini
C:\WINDOWS\system32\tmeouldm.ini
C:\WINDOWS\system32\tmhjoaqd.ini
C:\WINDOWS\system32\ttdggivw.ini
C:\WINDOWS\system32\twlmwagm.ini
C:\WINDOWS\system32\tynnvfiy.ini
C:\WINDOWS\system32\ubqtjbqa.exe
C:\WINDOWS\system32\ubyejrfb.exe
C:\WINDOWS\system32\ueqsbghs.exe
C:\WINDOWS\system32\uesucsho.exe
C:\WINDOWS\system32\uhamrqxf.ini
C:\WINDOWS\system32\uifjjdro.ini
C:\WINDOWS\system32\uijkiz.dll
C:\WINDOWS\system32\ujwybnld.ini
C:\WINDOWS\system32\uketrcwq.ini
C:\WINDOWS\system32\uksbxnfq.ini
C:\WINDOWS\system32\umofdrwc.ini
C:\WINDOWS\system32\uohyceay.ini
C:\WINDOWS\system32\uoqexnls.ini
C:\WINDOWS\system32\uqfrrcdn.ini
C:\WINDOWS\system32\uqgvjtrt.ini
C:\WINDOWS\system32\uttwgqcp.ini
C:\WINDOWS\system32\uudxmwvk.ini
C:\WINDOWS\system32\uvlgncsl.ini
C:\WINDOWS\system32\uxmapioj.ini
C:\WINDOWS\system32\uxtolcrk.exe
C:\WINDOWS\system32\uyhspqmr.ini
C:\WINDOWS\system32\uyvhjtpc.ini
C:\WINDOWS\system32\vahpcxbq.ini
C:\WINDOWS\system32\vajayfiv.dll
C:\WINDOWS\system32\vfsqoxlg.dll
C:\WINDOWS\system32\vgukqnng.ini
C:\WINDOWS\system32\viqlwyqa.ini
C:\WINDOWS\system32\vjfxnkoa.dll
C:\WINDOWS\system32\vlacbdkp.ini
C:\WINDOWS\system32\vnileeor.ini
C:\WINDOWS\system32\vojvteyl.ini
C:\WINDOWS\system32\vpfgjmwl.ini
C:\WINDOWS\system32\vsdfamyi.ini
C:\WINDOWS\system32\vullqnjx.ini
C:\WINDOWS\system32\vvtolsmd.ini
C:\WINDOWS\system32\wdxspyfd.dll
C:\WINDOWS\system32\weduljsg.ini
C:\WINDOWS\system32\wfqfomam.ini
C:\WINDOWS\system32\wfugbdyv.ini
C:\WINDOWS\system32\wggalmsu.ini
C:\WINDOWS\system32\wgwrbgwl.ini
C:\WINDOWS\system32\wjcqodch.ini
C:\WINDOWS\system32\wkeoxctm.ini
C:\WINDOWS\system32\wknrgwpi.dll
C:\WINDOWS\system32\wkofeyih.ini
C:\WINDOWS\system32\wkoqenla.dll
C:\WINDOWS\system32\wliseyyn.ini
C:\WINDOWS\system32\wloenwkh.ini
C:\WINDOWS\system32\wlotdj.dll
C:\WINDOWS\system32\wmkrgssa.ini
C:\WINDOWS\system32\wmyqnngy.ini
C:\WINDOWS\system32\wndnsjbt.ini
C:\WINDOWS\system32\wnlxyfdo.exe
C:\WINDOWS\system32\wnsxs~1
C:\WINDOWS\system32\wqumkotu.ini
C:\WINDOWS\system32\xcktljrc.ini
C:\WINDOWS\system32\xctehcjo.dll
C:\WINDOWS\system32\xeivroot.ini
C:\WINDOWS\system32\xfubssyo.ini
C:\WINDOWS\system32\xgqsmhra.ini
C:\WINDOWS\system32\xicewsft.dll
C:\WINDOWS\system32\xirfwirv.ini
C:\WINDOWS\system32\xltriywv.ini
C:\WINDOWS\system32\xntirara.ini
C:\WINDOWS\system32\xoirkspu.ini
C:\WINDOWS\system32\xpbnufjr.ini
C:\WINDOWS\system32\xqhxkvkb.ini
C:\WINDOWS\system32\xsakesxu.exe
C:\WINDOWS\system32\xsiovnto.ini
C:\WINDOWS\system32\xvcqmdpg.ini
C:\WINDOWS\system32\xwubjtqy.ini
C:\WINDOWS\system32\xxekwftd.ini
C:\WINDOWS\system32\xxqyuesw.exe
C:\WINDOWS\system32\xxrmgdof.exe
C:\WINDOWS\system32\xycrkxgy.ini
C:\WINDOWS\system32\xypiigsk.dll
C:\WINDOWS\system32\xytsnysn.ini
C:\WINDOWS\system32\xyugogty.ini
C:\WINDOWS\system32\xyukwccg.exe
C:\WINDOWS\system32\ydoajhco.ini
C:\WINDOWS\system32\ygdrstnh.ini
C:\WINDOWS\system32\yglormdu.ini
C:\WINDOWS\system32\ykcexehq.ini
C:\WINDOWS\system32\yqjntitk.dll
C:\WINDOWS\system32\yrmtfplo.ini
C:\WINDOWS\system32\yrmwdyal.ini
C:\WINDOWS\system32\yrulpdqw.ini
C:\WINDOWS\system32\ytimqdgd.ini
C:\WINDOWS\system32\yuylqvgu.ini
C:\WINDOWS\system32\yyjhtayn.ini
C:\WINDOWS\system32\yymywfhu.ini
C:\WINDOWS\tk58.exe
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_DOMAINSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-30 )))))))))))))))))))))))))))))))
.
2008-06-30 09:31 . 2008-06-30 09:31 37,952 --a------ C:\WINDOWS\system32\aopyptro.exe
2008-06-30 09:31 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c002056A.dat
2008-06-30 09:28 . 2008-06-30 09:28 37,952 --a------ C:\WINDOWS\system32\cnftayyd.exe
2008-06-30 09:28 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c00F61E4.dat
2008-06-30 09:22 . 2008-06-30 09:22 37,952 --a------ C:\WINDOWS\system32\ojrgajtl.exe
2008-06-30 09:22 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c00E0128.dat
2008-06-29 09:24 . 2008-06-29 09:24 37,952 --a------ C:\WINDOWS\system32\wjhurwtp.exe
2008-06-29 09:24 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c001E998.dat
2008-06-29 09:22 . 2008-06-29 09:22 37,952 --a------ C:\WINDOWS\system32\ncafrdcf.exe
2008-06-29 09:22 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c0079000.dat
2008-06-28 13:21 . 2008-06-28 13:21 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-28 13:09 . 2008-06-28 13:09 332,288 --a------ C:\WINDOWS\system32\RCX3F.tmp
2008-06-28 13:04 . 2005-09-13 22:22 <DIR> d-------- C:\Documents and Settings\sdasd.D5S3ZG81\Application Data\Jasc Software Inc
2008-06-28 13:04 . 2005-09-13 22:29 <DIR> d-------- C:\Documents and Settings\sdasd.D5S3ZG81\Application Data\Gtek
2008-06-28 13:03 . 2008-06-28 13:04 <DIR> d-------- C:\Documents and Settings\sdasd.D5S3ZG81
2008-06-28 09:31 . 2008-06-28 09:31 37,952 --a------ C:\WINDOWS\system32\tpraymam.exe
2008-06-28 09:31 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c008D7EC.dat
2008-06-28 09:28 . 2008-06-28 09:28 37,952 --a------ C:\WINDOWS\system32\yqsglerx.exe
2008-06-28 09:28 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c0016A56.dat
2008-06-27 19:43 . 2008-06-27 19:43 <DIR> d---s---- C:\Documents and Settings\mike.D5S3ZG81\UserData
2008-06-27 09:25 . 2008-06-27 09:25 37,952 --a------ C:\WINDOWS\system32\fobmhjpp.exe
2008-06-27 09:25 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c00D454C.dat
2008-06-25 09:30 . 2008-06-25 09:30 93,248 --------- C:\WINDOWS\system32\xffvjyuf.dll_old
2008-06-25 09:27 . 2008-06-25 09:27 37,952 --a------ C:\WINDOWS\system32\ssgyrrxq.exe
2008-06-25 09:27 . 2008-06-25 09:27 37,952 --a------ C:\WINDOWS\system32\rvcwciec.exe
2008-06-25 09:27 . 1980-08-16 20:00 24,640 --a------ C:\WINDOWS\system32\__c00754B8.dat
2008-06-25 09:27 . 2008-06-29 13:04 24,640 --a------ C:\WINDOWS\system32\__c005F12E.dat
2008-06-24 23:06 . 2008-06-24 23:06 332,288 --a------ C:\WINDOWS\system32\RCX37.tmp
2008-06-24 23:03 . 2008-06-24 23:03 332,288 --a------ C:\WINDOWS\system32\RCX36.tmp
2008-06-24 09:27 . 2008-06-24 09:27 102,464 --------- C:\WINDOWS\system32\lhnaufit.dll_old
2008-06-23 08:28 . 2008-06-23 08:28 102,464 --------- C:\WINDOWS\system32\cbsggvme.dll_old
2008-06-23 08:25 . 2008-06-23 08:25 332,288 --a------ C:\WINDOWS\system32\RCX7.tmp
2008-06-14 17:53 . 2008-06-14 17:53 332,288 --a------ C:\WINDOWS\system32\RCX82.tmp
2008-06-14 14:49 . 2008-06-14 14:49 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-06-14 11:39 . 2008-06-14 17:46 106,496 --a------ C:\WINDOWS\system32\itzmagum.ctu
2008-06-14 11:33 . 2008-06-14 11:33 332,288 --a------ C:\WINDOWS\system32\RCX3E.tmp
2008-06-14 00:46 . 2008-06-14 00:46 <DIR> d-------- C:\Program Files\Real
2008-06-14 00:46 . 2008-06-14 00:46 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-06-13 21:13 . 2008-06-13 21:13 332,288 --a------ C:\WINDOWS\system32\RCX35.tmp
2008-06-13 20:26 . 2008-06-13 20:26 332,288 --a------ C:\WINDOWS\system32\RCX3D.tmp
2008-06-13 09:18 . 2008-06-14 17:46 106,496 --a------ C:\WINDOWS\system32\nntfqzuh.aez
2008-06-11 09:15 . 2008-06-14 17:46 106,496 --a------ C:\WINDOWS\system32\bwwakupd.tsu
2008-06-11 09:12 . 2008-06-14 17:46 106,496 --a------ C:\WINDOWS\system32\blhtfwsg.fjp
2008-06-09 09:09 . 2008-06-14 17:46 102,400 --a------ C:\WINDOWS\system32\sjtnmpox.dyn
2008-06-08 09:09 . 2008-06-14 17:46 102,400 --a------ C:\WINDOWS\system32\pcvqmuib.bli
2008-06-07 09:17 . 2008-06-14 17:46 106,496 --a------ C:\WINDOWS\system32\cvcxwmti.xph
2008-06-05 15:25 . 2008-06-05 15:25 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-05 15:25 . 2008-06-05 15:25 <DIR> d-------- C:\Documents and Settings\Jianbing\Application Data\SystemRequirementsLab
2008-06-05 09:07 . 2008-06-14 17:46 102,400 --a------ C:\WINDOWS\system32\hxeiymfe.mlj
2008-06-02 15:18 . 2008-06-02 15:18 332,288 --a------ C:\WINDOWS\system32\RCX3C.tmp
2008-06-02 15:14 . 2008-06-02 15:14 332,288 --a------ C:\WINDOWS\system32\RCX3B.tmp
2008-05-31 09:08 . 2008-06-14 17:46 106,496 --------- C:\WINDOWS\system32\hsoltkdm.blg
2008-05-30 09:30 . 2008-05-30 09:30 332,288 --a------ C:\WINDOWS\system32\RCX34.tmp
2008-05-30 08:27 . 2008-05-30 08:27 332,288 --a------ C:\WINDOWS\system32\RCXCD.tmp
2008-05-30 08:16 . 2008-05-30 08:16 101,952 --a------ C:\WINDOWS\system32\mcoyjstj.ooj
2008-05-30 00:18 . 2008-06-28 13:03 <DIR> d-------- C:\Documents and Settings\TEMP
2008-05-27 20:33 . 2008-05-27 20:33 332,288 --a------ C:\WINDOWS\system32\RCX3A.tmp
2008-05-27 16:05 . 2008-06-14 14:51 <DIR> d-------- C:\VundoFix Backups
2008-05-27 09:11 . 2008-05-27 09:11 332,288 --a------ C:\WINDOWS\system32\RCX32.tmp
2008-05-27 08:49 . 2008-05-27 08:47 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-27 08:49 . 2008-05-27 08:49 2,542 --a------ C:\WINDOWS\unins000.dat
2008-05-27 08:10 . 2008-05-27 08:10 332,288 --a------ C:\WINDOWS\system32\RCX1CE.tmp
2008-05-26 19:01 . 2008-05-26 19:01 <DIR> d-------- C:\Documents and Settings\mike.D5S3ZG81\Logs
2008-05-25 13:20 . 2008-05-26 01:06 1,556,480 --a------ C:\WINDOWS\system32\uketrcwq.tmp
2008-05-23 23:28 . 2008-05-23 23:28 <DIR> d-------- C:\Documents and Settings\Jianbing\Application Data\DAEMON Tools
2008-05-23 21:57 . 2008-05-23 21:57 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-05-23 21:57 . 2008-05-23 22:10 35,214 --a------ C:\WINDOWS\DIIUnin.dat
2008-05-23 21:57 . 2008-05-23 21:57 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-05-23 21:52 . 2008-06-06 21:09 <DIR> d-------- C:\Program Files\Diablo II
2008-05-23 21:51 . 2008-05-23 21:51 <DIR> d-------- C:\Documents and Settings\mike.D5S3ZG81\Application Data\vlc
2008-05-23 21:51 . 2008-05-23 21:51 <DIR> d-------- C:\Documents and Settings\mike.D5S3ZG81\Application Data\DAEMON Tools
2008-05-23 13:27 . 2008-05-23 21:55 <DIR> d-------- C:\Documents and Settings\mike.D5S3ZG81\Application Data\Azureus
2008-05-22 23:56 . 2008-05-23 13:21 <DIR> d-------- C:\Documents and Settings\Jianbing\Application Data\Azureus
2008-05-22 23:49 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-17 18:40 . 2008-05-17 18:40 332,288 --a------ C:\WINDOWS\system32\RCX31.tmp
2008-05-16 22:35 . 2008-05-16 22:35 332,288 --a------ C:\WINDOWS\system32\RCX30.tmp
2008-05-10 10:45 . 2008-05-10 10:45 332,288 --a------ C:\WINDOWS\system32\RCX2F.tmp
2008-05-10 10:34 . 2008-05-10 10:34 332,288 --a------ C:\WINDOWS\system32\RCX2E.tmp
2008-05-08 20:29 . 2008-05-08 20:29 332,288 --a------ C:\WINDOWS\system32\RCX6.tmp
2008-05-08 20:28 . 2008-05-08 20:28 332,288 --a------ C:\WINDOWS\system32\RCX2D.tmp
2008-05-08 18:57 . 2008-05-08 19:07 487,424 --a------ C:\Documents and Settings\Jianbing\GoToAssist_phone__268_en.exe
2008-05-08 18:37 . 2008-05-08 18:37 332,288 --a------ C:\WINDOWS\system32\RCX2C.tmp
2008-05-07 09:06 . 2008-05-07 09:06 332,288 --a------ C:\WINDOWS\system32\RCX2B.tmp
2008-05-07 08:57 . 2008-05-07 08:57 332,288 --a------ C:\WINDOWS\system32\RCX2A.tmp
2008-05-07 08:37 . 2008-05-07 08:37 332,288 --a------ C:\WINDOWS\system32\RCX47.tmp
2008-05-06 14:40 . 2008-05-06 14:40 332,288 --a------ C:\WINDOWS\system32\RCX29.tmp
2008-05-06 14:35 . 2008-05-06 14:35 332,288 --a------ C:\WINDOWS\system32\RCX42.tmp
2008-05-05 21:49 . 2008-05-05 21:49 332,288 --a------ C:\WINDOWS\system32\RCX28.tmp
2008-05-05 19:16 . 2008-05-05 19:16 332,288 --a------ C:\WINDOWS\system32\RCX39.tmp
2008-05-01 17:12 . 2008-05-01 17:12 332,288 --a------ C:\WINDOWS\system32\RCX48.tmp
2008-05-01 16:56 . 2008-05-01 16:56 <DIR> d-------- C:\Documents and Settings\mike.D5S3ZG81\Application Data\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 16:19 --------- d-----w C:\Program Files\AIM6
2008-06-30 16:17 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-06-30 16:17 --------- d-----w C:\Program Files\DAEMON Tools
2008-06-28 17:25 --------- d-----w C:\Program Files\Viewpoint
2008-06-28 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-23 12:27 --------- d-----w C:\Program Files\Opera
2008-06-14 04:46 --------- d-----w C:\Program Files\Common Files\Real
2008-06-08 01:38 --------- d-----w C:\Program Files\World of Warcraft
2008-05-27 13:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-23 03:51 --------- d-----w C:\Program Files\Azureus
2008-05-23 03:49 --------- d-----w C:\Program Files\Java
2008-05-07 23:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 23:35 --------- d-----w C:\Program Files\Ascentive
2008-05-01 02:20 --------- d-----w C:\Documents and Settings\Jianbing\Application Data\WinAnonymous
2008-04-29 15:03 --------- d-----w C:\Documents and Settings\mike.D5S3ZG81\Application Data\WinAnonymous
2008-04-29 02:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinAnonymous
2008-04-29 02:37 --------- d-----r C:\Documents and Settings\All Users\Application Data\SalesMon
2007-08-10 19:54 439,296 ----a-w C:\Documents and Settings\Mike\GoToAssist_phone__317_en.exe
2005-08-02 21:46 187,904 --sha-r C:\WINDOWS\TWlrZQ\asappsrv.dll
2005-08-02 21:58 293,888 --sha-r C:\WINDOWS\TWlrZQ\command.exe
2005-07-29 21:24 472 --sha-r C:\WINDOWS\TWlrZQ\nq5Otk.vbs
.
Code:
<pre>
----a-w 50,528 2008-06-25 03:06:14 C:\Program Files\AIM6\aim6 .exe
----a-w 2,321,600 2008-01-02 22:31:02 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater .exe
----a-w 185,632 2008-06-14 05:14:59 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 486,856 2008-03-19 02:52:18 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 486,856 2008-05-24 01:51:21 C:\Program Files\DAEMON Tools\daemon .exe
----a-w 395,776 2008-01-02 22:30:53 C:\Program Files\Dell Support\DSAgnt .exe
----a-w 144,784 2008-06-28 17:08:28 C:\Program Files\Java\jre1.6.0_06\bin\jusched .exe
----a-w 2,095,640 2008-05-05 23:11:36 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore .exe
----a-w 2,051,096 2008-05-05 23:11:36 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon .exe
----a-w 1,694,208 2008-01-02 22:30:55 C:\Program Files\Messenger\msmsgs .exe
----a-w 2,097,488 2008-06-28 17:08:31 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 1,266,936 2008-01-02 22:31:01 C:\Program Files\Steam\Steam .exe
----a-w 1,885,464 2008-01-02 22:31:01 C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37fcefe6-265d-401a-adf3-abf63f872e15}]
2008-02-25 20:29 171520 --a------ C:\WINDOWS\system32\vcrnuqi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA13D72F-2DAC-4D99-B08D-C5EA1C920E89}]
2005-12-01 19:39 113152 --a------ C:\WINDOWS\IECodecPlg.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2008-01-02 18:30 801280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [ ]
"Verizon Custom Uninstall Tracking"="C:\DOCUME~1\kk\LOCALS~1\Temp\InstallHelper.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-09-13 22:20:16 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 12:59:36 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c005F12E]
C:\WINDOWS\system32\__c005F12E.dat 2008-06-29 13:04 24640 C:\WINDOWS\system32\__c005F12E.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00754B8]
C:\WINDOWS\system32\__c00754B8.dat 1980-08-16 20:00 24640 C:\WINDOWS\system32\__c00754B8.dat
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\PlayLinc\\PlayLincV.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steamapps\\spartan33x\\counter-strike\\hl.exe"=
"C:\\Program Files\\AIM6\\aim6 .exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:ds
"6999:TCP"= 6999:TCP:[;''k
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
.
Contents of the 'Scheduled Tasks' folder
"2008-06-28 11:17:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-30 12:25:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c005F12E.dat
-> C:\WINDOWS\system32\__c00754B8.dat
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehRecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2008-06-30 12:27:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-30 16:27:20
Pre-Run: 82,755,444,736 bytes free
Post-Run: 87,655,677,952 bytes free
737 --- E O F --- 2008-02-14 03:20:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell4me.com/myway
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {37fcefe6-265d-401a-adf3-abf63f872e15} - C:\WINDOWS\system32\vcrnuqi.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] C:\DOCUME~1\kk\LOCALS~1\Temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O20 - Winlogon Notify: __c005F12E - C:\WINDOWS\system32\__c005F12E.dat
O20 - Winlogon Notify: __c00754B8 - C:\WINDOWS\system32\__c00754B8.dat
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4543 bytes