Have A virus!

[GOA-E]

Hey, My Friend Is certain he has a virus, When He's playing games, eg, Team Fortress 2, It will minimize on a regular Interval and IE will open up with an ad sometimes. And He doesn't use an Anti Virus. Here is his hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:45:25 PM, on 9/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
D:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
D:\Program Files\Hronos.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NetMeter\NetMeter.exe
D:\FRAPS\FRAPS.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Razer\Copperhead\razertra.exe
D:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\iTunes Global Hotkeys\iTunesHotKey.exe
D:\Program Files\iTunes\iTunes.exe
C:\Program Files\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\P80a4017.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Copperhead] D:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [pasokilala] Rundll32.exe "C:\WINDOWS\system32\kofirawa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Creative Console Launcher.lnk = C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7278 bytes

 

[Droogie]

I'm not too great at deciphering these logs, but definitely try this. It's removed any virus I've ever had on my PC

http://www.malwarebytes.org/mbam.php

 

[johnb35]

After running Malwarebytes please do a another scan with hijackthis and post the fresh log.

 

[johnb35]

Almost positive you will need to use combofix to remove that infection. Download it here.

Use the instructions on that page to download it and run it. After its done please post the log that it displays back here along with a fresh hijackthis log.

 

[GOA-E]

We did malwarebytes as it said in the sticky http://www.computerforum.com/131398-important-please-read-before-posting.html.

And Johnb35, What is the Infected file/files?

 

[johnb35]

Please post the malwarebytes log. and a fresh hijackthis log after you ran malwarebytes.


Here are your infected files....

O2 - BHO: solution Class - {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - C:\WINDOWS\system32\P80a4017.dll
O4 - HKUS\S-1-5-19\..\Run: [pasokilala] Rundll32.exe "C:\WINDOWS\system32\kofirawa.dll",s (User 'LOCAL SERVICE')

The 04 will most likely need combofix to delete.

Not totally sure about this entry but unless you know the program, then its an infection.

O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe

 

[GOA-E]

He ran combo fix, Here is his combo fix log and a new HJT this log:

Combofix:

ComboFix 09-01-10.02 - JQ 2009-01-11 15:58:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2089 [GMT 11:00]
Running from: c:\documents and settings\JQ\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\documents and settings\All Users\Application Data\j623256X.exe
c:\windows\system32\isivufab.ini
c:\windows\system32\mulirowo.dll
c:\windows\system32\N23x7341.exe
c:\windows\system32\N23x7341.exe.a_a
c:\windows\system32\P80a4017.dll
c:\windows\system32\pinapuwe.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At104.job
c:\windows\Tasks\At105.job
c:\windows\Tasks\At107.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At113.job
c:\windows\Tasks\At114.job

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-10 01:10 . 2009-01-10 01:10 <DIR> d-------- c:\program files\Ali Keshavarz
2009-01-09 16:44 . 2009-01-09 16:44 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 10:25 . 2009-01-09 10:25 38 --a------ c:\windows\avisplitter.INI
2009-01-08 18:11 . 2009-01-09 04:14 31,232 --a------ c:\windows\system32\P80a4017.dl_
2009-01-06 12:26 . 2009-01-06 12:26 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\MSBuild
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 21:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-06 12:25 . 2008-07-06 23:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-06 12:25 . 2008-07-06 23:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-06 12:24 . 2009-01-06 18:53 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-06 12:16 . 2009-01-06 12:16 <DIR> dr-h----- C:\AHCache
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\JQ\Application Data\Malwarebytes
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 10:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 10:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 14:50 . 2008-12-22 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-22 01:06 . 2008-12-22 01:05 32,256 --a------ c:\windows\system32\HYKXogKw.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 04:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-11 04:53 --------- d-----w c:\documents and settings\JQ\Application Data\uTorrent
2009-01-11 03:45 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-01-09 01:19 --------- d-----w c:\documents and settings\JQ\Application Data\mIRC
2008-12-07 09:40 --------- d-----w c:\documents and settings\JQ\Application Data\Ventrilo
2008-12-01 23:58 --------- d-----w c:\documents and settings\JQ\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\program files\iPod
2008-12-01 23:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 23:33 --------- d-----w c:\program files\QuickTime
2008-12-01 23:33 --------- d-----w c:\program files\Bonjour
2008-12-01 23:32 --------- d-----w c:\program files\Apple Software Update
2008-12-01 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-28 07:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-26 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-26 01:05 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-26 00:49 --------- d-----w c:\program files\Windows Live
2008-11-25 14:31 --------- d-----w c:\documents and settings\JQ\Application Data\Media Player Classic
2008-11-25 14:23 --------- d-----w c:\program files\RivaTuner v2.09
2008-11-25 14:08 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-25 14:08 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 11:40 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-11-25 11:25 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-25 11:25 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-25 11:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 11:17 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-25 11:16 --------- d-----w c:\program files\Notebook Hardware Control
2008-11-25 11:14 --------- d-----w c:\program files\Creative
2008-11-25 10:45 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 10:33 --------- d-----w c:\program files\ATK Hotkey
2008-11-25 10:33 --------- d-----w c:\program files\ASUS
2008-11-25 10:22 --------- d-----w c:\program files\Synaptics
2008-11-25 10:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 10:18 --------- d-----w c:\program files\Toshiba
2008-11-25 10:18 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\JQ\Application Data\Intel
2008-11-25 10:17 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-25 10:17 21,361 ----a-w c:\windows\AegisP.sys
2008-11-25 10:17 --------- d-----w c:\program files\Intel
2008-11-25 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-25 10:16 --------- d-----w c:\program files\Wireless Console 2
2008-11-25 10:15 --------- d-----w c:\program files\Realtek
2008-11-25 10:15 --------- d-----w c:\documents and settings\JQ\Application Data\InstallShield
2008-11-25 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-25 09:49 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 09:04 --------- d-----w c:\program files\microsoft frontpage
2008-10-26 23:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-26 23:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-26 23:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-26 23:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"Fraps"="d:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-26 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-26 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2006-10-24 986624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-10-16 229376]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Copperhead"="d:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Hronos"="d:\program files\Hronos.exe" [2007-08-04 380928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-26 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JQ\Start Menu\Programs\Startup\
Auto Shutdown.lnk - c:\program files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe [1/10/2009 1:10:52 AM 237568]
Creative Console Launcher.lnk - c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe [11/25/2008 10:12:09 PM 217088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/2/2007 7:41:52 PM 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\source 2007 dedicated server\\srcds.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Seperate\\ZZ\\dls\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\aishiteru00\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy dedicated server\\srcds.exe"=
"c:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"d:\\Program Files\\Hronos.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerhid.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"d:\\Program Files\\NetMeter\\NetMeter.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\Notebook Hardware Control\\nhc.exe"=
"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Console Launcher\\ConsoLCu.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razertra.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerofa.exe"=
"d:\\Fraps\\fraps.exe"=
"c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"=

R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [11/25/2008 10:13:01 PM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [11/25/2008 10:13:02 PM 1656960]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/29/2008 11:36:16 PM 11596]
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\At10.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At100.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At102.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At103.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At106.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At109.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At11.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At111.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At112.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At115.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At116.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At117.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At118.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At119.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At12.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-07 c:\windows\Tasks\At120.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At121.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At122.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At123.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At124.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At125.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At126.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At127.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At128.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At129.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At13.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At130.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At131.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At132.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At133.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At134.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At135.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At136.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At137.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At138.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At139.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At14.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At140.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At141.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At142.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At143.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At144.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At145.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At146.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At147.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At148.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At149.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At15.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At150.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At151.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At152.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At153.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At154.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At155.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At156.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At157.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At158.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At159.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At16.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-11 c:\windows\Tasks\At160.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At161.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At162.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At163.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At164.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At165.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At166.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At167.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At168.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At169.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At17.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At170.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At171.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At172.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At173.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At174.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At175.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At176.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At177.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At178.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At179.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At18.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-09 c:\windows\Tasks\At180.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At181.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At182.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At183.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At184.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At185.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At186.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At187.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At188.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At189.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At19.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-07 c:\windows\Tasks\At190.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At191.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At192.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At193.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At194.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At195.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At196.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At197.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At198.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At199.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At2.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At20.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At200.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At201.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At202.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At203.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At204.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At205.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At206.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At207.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At208.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At209.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At21.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-09 c:\windows\Tasks\At210.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At211.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At212.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At213.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At214.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At215.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At216.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At217.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At218.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At219.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At22.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At220.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At221.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At222.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At223.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At224.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At225.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At226.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At227.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At228.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At229.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At23.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At230.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At231.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At232.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At233.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At234.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At235.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At236.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At237.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At238.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At239.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At24.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-08 c:\windows\Tasks\At240.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At241.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At242.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At243.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At244.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At245.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At246.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At247.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At248.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At249.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At25.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At250.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At251.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At252.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At253.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At254.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At255.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At256.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At257.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At258.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At259.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At26.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At260.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At261.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At262.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At263.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At264.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At265.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At266.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At267.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At268.job
- c:\windows\system32\N23x7341.exe []

 

[GOA-E]

To big to post whole thing so in sections:

2009-01-10 c:\windows\Tasks\At269.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At27.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At270.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At271.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At272.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At273.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At274.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At275.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At276.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At277.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At278.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At279.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At28.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At280.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At281.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At282.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At283.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At284.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At285.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At286.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At287.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At288.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At289.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At29.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At290.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At291.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At292.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At293.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At294.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At295.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At296.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At297.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At298.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At299.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At3.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At30.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At300.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At301.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At302.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At303.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At304.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At305.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At306.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At307.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At308.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At309.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At31.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At310.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At311.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At312.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At313.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At314.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At315.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At316.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At317.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At318.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At319.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At32.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At320.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At321.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At322.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At323.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At324.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At325.job



- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At326.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At327.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At328.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At329.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At33.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At330.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At331.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At332.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At333.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At334.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At335.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At336.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At337.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At338.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At339.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At34.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At340.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At341.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At342.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At343.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At344.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At345.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At346.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At347.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At348.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At349.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At35.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At350.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At351.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At352.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At353.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At354.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At355.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At356.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At357.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At358.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At359.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At36.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At360.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At361.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At362.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At363.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At364.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At365.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At366.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At367.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At368.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At369.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At37.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At370.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At371.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At372.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At373.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At374.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At375.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At376.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At377.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At378.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At379.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At38.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At380.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At381.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At382.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At383.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At384.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At385.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At386.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At387.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At388.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At389.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At39.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At390.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At391.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At392.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At393.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At394.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At395.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At396.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At397.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At398.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At399.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At4.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-11 c:\windows\Tasks\At40.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At400.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At401.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At402.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At403.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At404.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At405.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At406.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At407.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At408.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At409.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At41.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At410.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At411.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At412.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At413.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At414.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At415.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At416.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At417.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At418.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At419.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At42.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At420.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At421.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At422.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At423.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At424.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At425.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At426.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At427.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At428.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At429.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At43.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At430.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At431.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At432.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At433.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At434.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At435.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At436.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At437.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At438.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At439.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At44.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At440.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At441.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At442.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At443.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At444.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At445.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At446.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At447.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At448.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At449.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At45.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At450.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At451.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At452.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At453.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At454.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At455.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At456.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At457.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At458.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At459.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At46.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At460.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At461.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At462.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At463.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At464.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At465.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At466.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At467.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At468.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At469.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At47.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At470.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At471.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At472.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At473.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At474.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At475.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At476.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At477.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At478.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At479.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At48.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At480.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At49.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At5.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At50.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At51.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At52.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At53.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At54.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At55.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At56.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At57.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At58.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At59.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At6.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-09 c:\windows\Tasks\At60.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At61.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At62.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At63.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At64.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At65.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At66.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At67.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At68.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At69.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At7.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-07 c:\windows\Tasks\At70.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At71.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At72.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At73.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At74.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At75.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At76.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At77.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At78.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At79.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At8.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-10 c:\windows\Tasks\At80.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At81.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At82.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At83.job
- c:\windows\system32\N23x7341.exe []

2009-01-09 c:\windows\Tasks\At84.job
- c:\windows\system32\N23x7341.exe []


2009-01-09 c:\windows\Tasks\At85.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At86.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At87.job
- c:\windows\system32\N23x7341.exe []

2009-01-11 c:\windows\Tasks\At88.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At89.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At9.job
- c:\windows\system32\HYKXogKw.exe [2008-12-22 01:05]

2009-01-09 c:\windows\Tasks\At90.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At91.job
- c:\windows\system32\N23x7341.exe []

2009-01-08 c:\windows\Tasks\At92.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At93.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At94.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At95.job
- c:\windows\system32\N23x7341.exe []

2009-01-07 c:\windows\Tasks\At96.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At97.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At98.job
- c:\windows\system32\N23x7341.exe []

2009-01-10 c:\windows\Tasks\At99.job
- c:\windows\system32\N23x7341.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\JQ\Application Data\Mozilla\Firefox\Profiles\pjedk1f1.default\
FF - prefs.js: browser.startup.homepage - hxxps://sso.portal.unimelb.edu.au/UnimelbSSO/login.jsp?site2pstoretoken=v1.2~AD64F60A~537231D0B104C8661296CC1C12FDD6EF5D7B12644615036B135799B6337DDC9D7CA68C6A8C0363156D3D841E10C65F7CAFC6D3FC3F02998643B94EE65C8589F4564D40D15B76656B1874583784266713AE85B315F0E1413A93EBD642E80E3DCD1FE43A40204AD2490FAF9A95FDEABC4BC89864FD71EFA6001A9542036CD46F1098A18E75470230D5D14427ED4643773F6DE46AC6D1BEBE333AE31B7B446203898276C3FA2E2F48C387BAE00FD447C701474AF3D58F4EDC516262110AC4C3B1B4066A8A623317A4A65D7E0CA49B87643A26AD7044E6CE4B6C2D15AD10829CBA0633A0C7A70788F2BA&p_error_code=&p_submit_url=https%3A%2F%2Fsso.portal.unimelb.edu.au%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fapp.portal.unimelb.edu.au%2Fportal%2Fpls%2Fportal%2FPORTAL.home&ssousername=
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 16:00:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-01-11 16:01:13
ComboFix-quarantined-files.txt 2009-01-11 05:01:11

Pre-Run: 1,428,164,608 bytes free
Post-Run: 1,919,516,672 bytes free

1178

 

[GOA-E]

and the new HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:47 PM, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
D:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Notebook Hardware Control\nhc.exe
D:\Program Files\Hronos.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\program files\steam\steam.exe
D:\Program Files\NetMeter\NetMeter.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Razer\Copperhead\razertra.exe
D:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\iTunes Global Hotkeys\iTunesHotKey.exe
D:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE"
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Copperhead] D:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [CTAPR2] "C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" /r
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [NotebookHardwareControl] "C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet
O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [D:\Program Files\NetMeter\NetMeter.exe] D:\Program Files\NetMeter\NetMeter.exe
O4 - HKCU\..\Run: [Fraps] D:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Auto Shutdown.lnk = C:\Program Files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe
O4 - Startup: Creative Console Launcher.lnk = C:\Program Files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 7043 bytes

 

[johnb35]

Did you install a program called "hronos"?

O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe

I'm concerned about this file. Let me know.

 

[GOA-E]

He ran combo fix, It fixed the problem for 2-3 day's and now it's back.

O4 - HKLM\..\Run: [Hronos] D:\Program Files\Hronos.exe is a program of his thats safe.

 

[johnb35]

If you are infected again after running combofix then you need to run it again. Sounds like you are visiting a site continuously that is infecting you.

 

[ceewi1]

It's those Scheduled Task entries that are responsible, they need to be removed
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it.
• Copy the contents of the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :files
  c:\windows\Tasks\*.job
  c:\windows\system32\HYKXogKw.exe

• Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. These results are also located at C:\_OTMoveIt\MovedFiles\Date_Time.log, where Date_Time is the date and time you ran OTMoveIt.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Once done, run ComboFix again and post both its log and the OTMoveIt3 log.

 

[GOA-E]

Thank you everyone for your continued help, Problem has seemed to stop, Here are the logs:

========== FILES ==========
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At118.job moved successfully.
c:\windows\Tasks\At119.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At120.job moved successfully.
c:\windows\Tasks\At121.job moved successfully.
c:\windows\Tasks\At122.job moved successfully.
c:\windows\Tasks\At123.job moved successfully.
c:\windows\Tasks\At124.job moved successfully.
c:\windows\Tasks\At125.job moved successfully.
c:\windows\Tasks\At126.job moved successfully.
c:\windows\Tasks\At127.job moved successfully.
c:\windows\Tasks\At128.job moved successfully.
c:\windows\Tasks\At129.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At130.job moved successfully.
c:\windows\Tasks\At131.job moved successfully.
c:\windows\Tasks\At132.job moved successfully.
c:\windows\Tasks\At133.job moved successfully.
c:\windows\Tasks\At134.job moved successfully.
c:\windows\Tasks\At135.job moved successfully.
c:\windows\Tasks\At136.job moved successfully.
c:\windows\Tasks\At137.job moved successfully.
c:\windows\Tasks\At138.job moved successfully.
c:\windows\Tasks\At139.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At140.job moved successfully.
c:\windows\Tasks\At141.job moved successfully.
c:\windows\Tasks\At142.job moved successfully.
c:\windows\Tasks\At143.job moved successfully.
c:\windows\Tasks\At144.job moved successfully.
c:\windows\Tasks\At145.job moved successfully.
c:\windows\Tasks\At146.job moved successfully.
c:\windows\Tasks\At147.job moved successfully.
c:\windows\Tasks\At148.job moved successfully.
c:\windows\Tasks\At149.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At150.job moved successfully.
c:\windows\Tasks\At151.job moved successfully.
c:\windows\Tasks\At152.job moved successfully.
c:\windows\Tasks\At153.job moved successfully.
c:\windows\Tasks\At154.job moved successfully.
c:\windows\Tasks\At155.job moved successfully.
c:\windows\Tasks\At156.job moved successfully.
c:\windows\Tasks\At157.job moved successfully.
c:\windows\Tasks\At158.job moved successfully.
c:\windows\Tasks\At159.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At160.job moved successfully.
c:\windows\Tasks\At161.job moved successfully.
c:\windows\Tasks\At162.job moved successfully.
c:\windows\Tasks\At163.job moved successfully.
c:\windows\Tasks\At164.job moved successfully.
c:\windows\Tasks\At165.job moved successfully.
c:\windows\Tasks\At166.job moved successfully.
c:\windows\Tasks\At167.job moved successfully.
c:\windows\Tasks\At168.job moved successfully.
c:\windows\Tasks\At169.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At170.job moved successfully.
c:\windows\Tasks\At171.job moved successfully.
c:\windows\Tasks\At172.job moved successfully.
c:\windows\Tasks\At173.job moved successfully.
c:\windows\Tasks\At174.job moved successfully.
c:\windows\Tasks\At175.job moved successfully.
c:\windows\Tasks\At176.job moved successfully.
c:\windows\Tasks\At177.job moved successfully.
c:\windows\Tasks\At178.job moved successfully.
c:\windows\Tasks\At179.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At180.job moved successfully.
c:\windows\Tasks\At181.job moved successfully.
c:\windows\Tasks\At182.job moved successfully.
c:\windows\Tasks\At183.job moved successfully.
c:\windows\Tasks\At184.job moved successfully.
c:\windows\Tasks\At185.job moved successfully.
c:\windows\Tasks\At186.job moved successfully.
c:\windows\Tasks\At187.job moved successfully.
c:\windows\Tasks\At188.job moved successfully.
c:\windows\Tasks\At189.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At190.job moved successfully.
c:\windows\Tasks\At191.job moved successfully.
c:\windows\Tasks\At192.job moved successfully.
c:\windows\Tasks\At193.job moved successfully.
c:\windows\Tasks\At194.job moved successfully.
c:\windows\Tasks\At195.job moved successfully.
c:\windows\Tasks\At196.job moved successfully.
c:\windows\Tasks\At197.job moved successfully.
c:\windows\Tasks\At198.job moved successfully.
c:\windows\Tasks\At199.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At200.job moved successfully.
c:\windows\Tasks\At201.job moved successfully.
c:\windows\Tasks\At202.job moved successfully.
c:\windows\Tasks\At203.job moved successfully.
c:\windows\Tasks\At204.job moved successfully.
c:\windows\Tasks\At205.job moved successfully.
c:\windows\Tasks\At206.job moved successfully.
c:\windows\Tasks\At207.job moved successfully.
c:\windows\Tasks\At208.job moved successfully.
c:\windows\Tasks\At209.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At210.job moved successfully.
c:\windows\Tasks\At211.job moved successfully.
c:\windows\Tasks\At212.job moved successfully.
c:\windows\Tasks\At213.job moved successfully.
c:\windows\Tasks\At214.job moved successfully.
c:\windows\Tasks\At215.job moved successfully.
c:\windows\Tasks\At216.job moved successfully.
c:\windows\Tasks\At217.job moved successfully.
c:\windows\Tasks\At218.job moved successfully.
c:\windows\Tasks\At219.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At220.job moved successfully.
c:\windows\Tasks\At221.job moved successfully.
c:\windows\Tasks\At222.job moved successfully.
c:\windows\Tasks\At223.job moved successfully.
c:\windows\Tasks\At224.job moved successfully.
c:\windows\Tasks\At225.job moved successfully.
c:\windows\Tasks\At226.job moved successfully.
c:\windows\Tasks\At227.job moved successfully.
c:\windows\Tasks\At228.job moved successfully.
c:\windows\Tasks\At229.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At230.job moved successfully.
c:\windows\Tasks\At231.job moved successfully.
c:\windows\Tasks\At232.job moved successfully.
c:\windows\Tasks\At233.job moved successfully.
c:\windows\Tasks\At234.job moved successfully.
c:\windows\Tasks\At235.job moved successfully.
c:\windows\Tasks\At236.job moved successfully.
c:\windows\Tasks\At237.job moved successfully.
c:\windows\Tasks\At238.job moved successfully.
c:\windows\Tasks\At239.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At240.job moved successfully.
c:\windows\Tasks\At241.job moved successfully.
c:\windows\Tasks\At242.job moved successfully.
c:\windows\Tasks\At243.job moved successfully.
c:\windows\Tasks\At244.job moved successfully.
c:\windows\Tasks\At245.job moved successfully.
c:\windows\Tasks\At246.job moved successfully.
c:\windows\Tasks\At247.job moved successfully.
c:\windows\Tasks\At248.job moved successfully.
c:\windows\Tasks\At249.job moved successfully.
c:\windows\Tasks\At25.job moved successfully.
c:\windows\Tasks\At250.job moved successfully.
c:\windows\Tasks\At251.job moved successfully.
c:\windows\Tasks\At252.job moved successfully.
c:\windows\Tasks\At253.job moved successfully.
c:\windows\Tasks\At254.job moved successfully.
c:\windows\Tasks\At255.job moved successfully.
c:\windows\Tasks\At256.job moved successfully.
c:\windows\Tasks\At257.job moved successfully.
c:\windows\Tasks\At258.job moved successfully.
c:\windows\Tasks\At259.job moved successfully.
c:\windows\Tasks\At26.job moved successfully.
c:\windows\Tasks\At260.job moved successfully.
c:\windows\Tasks\At261.job moved successfully.
c:\windows\Tasks\At262.job moved successfully.
c:\windows\Tasks\At263.job moved successfully.
c:\windows\Tasks\At264.job moved successfully.
c:\windows\Tasks\At265.job moved successfully.
c:\windows\Tasks\At266.job moved successfully.
c:\windows\Tasks\At267.job moved successfully.
c:\windows\Tasks\At268.job moved successfully.
c:\windows\Tasks\At269.job moved successfully.
c:\windows\Tasks\At27.job moved successfully.
c:\windows\Tasks\At270.job moved successfully.
c:\windows\Tasks\At271.job moved successfully.
c:\windows\Tasks\At272.job moved successfully.
c:\windows\Tasks\At273.job moved successfully.
c:\windows\Tasks\At274.job moved successfully.
c:\windows\Tasks\At275.job moved successfully.
c:\windows\Tasks\At276.job moved successfully.
c:\windows\Tasks\At277.job moved successfully.
c:\windows\Tasks\At278.job moved successfully.
c:\windows\Tasks\At279.job moved successfully.
c:\windows\Tasks\At28.job moved successfully.
c:\windows\Tasks\At280.job moved successfully.
c:\windows\Tasks\At281.job moved successfully.
c:\windows\Tasks\At282.job moved successfully.
c:\windows\Tasks\At283.job moved successfully.
c:\windows\Tasks\At284.job moved successfully.
c:\windows\Tasks\At285.job moved successfully.
c:\windows\Tasks\At286.job moved successfully.
c:\windows\Tasks\At287.job moved successfully.
c:\windows\Tasks\At288.job moved successfully.
c:\windows\Tasks\At289.job moved successfully.
c:\windows\Tasks\At29.job moved successfully.
c:\windows\Tasks\At290.job moved successfully.
c:\windows\Tasks\At291.job moved successfully.
c:\windows\Tasks\At292.job moved successfully.
c:\windows\Tasks\At293.job moved successfully.
c:\windows\Tasks\At294.job moved successfully.
c:\windows\Tasks\At295.job moved successfully.
c:\windows\Tasks\At296.job moved successfully.
c:\windows\Tasks\At297.job moved successfully.
c:\windows\Tasks\At298.job moved successfully.
c:\windows\Tasks\At299.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At30.job moved successfully.
c:\windows\Tasks\At300.job moved successfully.
c:\windows\Tasks\At301.job moved successfully.
c:\windows\Tasks\At302.job moved successfully.
c:\windows\Tasks\At303.job moved successfully.
c:\windows\Tasks\At304.job moved successfully.
c:\windows\Tasks\At305.job moved successfully.
c:\windows\Tasks\At306.job moved successfully.
c:\windows\Tasks\At307.job moved successfully.
c:\windows\Tasks\At308.job moved successfully.
c:\windows\Tasks\At309.job moved successfully.
c:\windows\Tasks\At31.job moved successfully.
c:\windows\Tasks\At310.job moved successfully.
c:\windows\Tasks\At311.job moved successfully.
c:\windows\Tasks\At312.job moved successfully.
c:\windows\Tasks\At313.job moved successfully.
c:\windows\Tasks\At314.job moved successfully.
c:\windows\Tasks\At315.job moved successfully.
c:\windows\Tasks\At316.job moved successfully.
c:\windows\Tasks\At317.job moved successfully.
c:\windows\Tasks\At318.job moved successfully.
c:\windows\Tasks\At319.job moved successfully.
c:\windows\Tasks\At32.job moved successfully.
c:\windows\Tasks\At320.job moved successfully.
c:\windows\Tasks\At321.job moved successfully.
c:\windows\Tasks\At322.job moved successfully.
c:\windows\Tasks\At323.job moved successfully.
c:\windows\Tasks\At324.job moved successfully.
c:\windows\Tasks\At325.job moved successfully.
c:\windows\Tasks\At326.job moved successfully.
c:\windows\Tasks\At327.job moved successfully.
c:\windows\Tasks\At328.job moved successfully.
c:\windows\Tasks\At329.job moved successfully.
c:\windows\Tasks\At33.job moved successfully.
c:\windows\Tasks\At330.job moved successfully.
c:\windows\Tasks\At331.job moved successfully.
c:\windows\Tasks\At332.job moved successfully.
c:\windows\Tasks\At333.job moved successfully.
c:\windows\Tasks\At334.job moved successfully.
c:\windows\Tasks\At335.job moved successfully.
c:\windows\Tasks\At336.job moved successfully.
c:\windows\Tasks\At337.job moved successfully.
c:\windows\Tasks\At338.job moved successfully.
c:\windows\Tasks\At339.job moved successfully.
c:\windows\Tasks\At34.job moved successfully.
c:\windows\Tasks\At340.job moved successfully.
c:\windows\Tasks\At341.job moved successfully.
c:\windows\Tasks\At342.job moved successfully.
c:\windows\Tasks\At343.job moved successfully.
c:\windows\Tasks\At344.job moved successfully.
c:\windows\Tasks\At345.job moved successfully.
c:\windows\Tasks\At346.job moved successfully.
c:\windows\Tasks\At347.job moved successfully.
c:\windows\Tasks\At348.job moved successfully.
c:\windows\Tasks\At349.job moved successfully.
c:\windows\Tasks\At35.job moved successfully.
c:\windows\Tasks\At350.job moved successfully.
c:\windows\Tasks\At351.job moved successfully.
c:\windows\Tasks\At352.job moved successfully.
c:\windows\Tasks\At353.job moved successfully.
c:\windows\Tasks\At354.job moved successfully.
c:\windows\Tasks\At355.job moved successfully.
c:\windows\Tasks\At356.job moved successfully.
c:\windows\Tasks\At357.job moved successfully.
c:\windows\Tasks\At358.job moved successfully.
c:\windows\Tasks\At359.job moved successfully.
c:\windows\Tasks\At36.job moved successfully.
c:\windows\Tasks\At360.job moved successfully.
c:\windows\Tasks\At361.job moved successfully.
c:\windows\Tasks\At362.job moved successfully.
c:\windows\Tasks\At363.job moved successfully.
c:\windows\Tasks\At364.job moved successfully.
c:\windows\Tasks\At365.job moved successfully.
c:\windows\Tasks\At366.job moved successfully.
c:\windows\Tasks\At367.job moved successfully.
c:\windows\Tasks\At368.job moved successfully.
c:\windows\Tasks\At369.job moved successfully.
c:\windows\Tasks\At37.job moved successfully.
c:\windows\Tasks\At370.job moved successfully.
c:\windows\Tasks\At371.job moved successfully.
c:\windows\Tasks\At372.job moved successfully.
c:\windows\Tasks\At373.job moved successfully.
c:\windows\Tasks\At374.job moved successfully.
c:\windows\Tasks\At375.job moved successfully.
c:\windows\Tasks\At376.job moved successfully.
c:\windows\Tasks\At377.job moved successfully.
c:\windows\Tasks\At378.job moved successfully.
c:\windows\Tasks\At379.job moved successfully.
c:\windows\Tasks\At38.job moved successfully.
c:\windows\Tasks\At380.job moved successfully.
c:\windows\Tasks\At381.job moved successfully.
c:\windows\Tasks\At382.job moved successfully.
c:\windows\Tasks\At383.job moved successfully.
c:\windows\Tasks\At384.job moved successfully.
c:\windows\Tasks\At385.job moved successfully.
c:\windows\Tasks\At386.job moved successfully.
c:\windows\Tasks\At387.job moved successfully.
c:\windows\Tasks\At388.job moved successfully.
c:\windows\Tasks\At389.job moved successfully.
c:\windows\Tasks\At39.job moved successfully.
c:\windows\Tasks\At390.job moved successfully.
c:\windows\Tasks\At391.job moved successfully.
c:\windows\Tasks\At392.job moved successfully.
c:\windows\Tasks\At393.job moved successfully.
c:\windows\Tasks\At394.job moved successfully.
c:\windows\Tasks\At395.job moved successfully.
c:\windows\Tasks\At396.job moved successfully.
c:\windows\Tasks\At397.job moved successfully.
c:\windows\Tasks\At398.job moved successfully.
c:\windows\Tasks\At399.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At40.job moved successfully.
c:\windows\Tasks\At400.job moved successfully.
c:\windows\Tasks\At401.job moved successfully.
c:\windows\Tasks\At402.job moved successfully.
c:\windows\Tasks\At403.job moved successfully.
c:\windows\Tasks\At404.job moved successfully.
c:\windows\Tasks\At405.job moved successfully.
c:\windows\Tasks\At406.job moved successfully.
c:\windows\Tasks\At407.job moved successfully.
c:\windows\Tasks\At408.job moved successfully.
c:\windows\Tasks\At409.job moved successfully.
c:\windows\Tasks\At41.job moved successfully.
c:\windows\Tasks\At410.job moved successfully.
c:\windows\Tasks\At411.job moved successfully.
c:\windows\Tasks\At412.job moved successfully.
c:\windows\Tasks\At413.job moved successfully.
c:\windows\Tasks\At414.job moved successfully.
c:\windows\Tasks\At415.job moved successfully.
c:\windows\Tasks\At416.job moved successfully.
c:\windows\Tasks\At417.job moved successfully.
c:\windows\Tasks\At418.job moved successfully.
c:\windows\Tasks\At419.job moved successfully.
c:\windows\Tasks\At42.job moved successfully.
c:\windows\Tasks\At420.job moved successfully.
c:\windows\Tasks\At421.job moved successfully.
c:\windows\Tasks\At422.job moved successfully.
c:\windows\Tasks\At423.job moved successfully.
c:\windows\Tasks\At424.job moved successfully.
c:\windows\Tasks\At425.job moved successfully.
c:\windows\Tasks\At426.job moved successfully.
c:\windows\Tasks\At427.job moved successfully.
c:\windows\Tasks\At428.job moved successfully.
c:\windows\Tasks\At429.job moved successfully.
c:\windows\Tasks\At43.job moved successfully.
c:\windows\Tasks\At430.job moved successfully.
c:\windows\Tasks\At431.job moved successfully.
c:\windows\Tasks\At432.job moved successfully.
c:\windows\Tasks\At433.job moved successfully.
c:\windows\Tasks\At434.job moved successfully.
c:\windows\Tasks\At435.job moved successfully.
c:\windows\Tasks\At436.job moved successfully.
c:\windows\Tasks\At437.job moved successfully.
c:\windows\Tasks\At438.job moved successfully.
c:\windows\Tasks\At439.job moved successfully.
c:\windows\Tasks\At44.job moved successfully.
c:\windows\Tasks\At440.job moved successfully.
c:\windows\Tasks\At441.job moved successfully.
c:\windows\Tasks\At442.job moved successfully.
c:\windows\Tasks\At443.job moved successfully.
c:\windows\Tasks\At444.job moved successfully.
c:\windows\Tasks\At445.job moved successfully.
c:\windows\Tasks\At446.job moved successfully.
c:\windows\Tasks\At447.job moved successfully.
c:\windows\Tasks\At448.job moved successfully.
c:\windows\Tasks\At449.job moved successfully.
c:\windows\Tasks\At45.job moved successfully.
c:\windows\Tasks\At450.job moved successfully.
c:\windows\Tasks\At451.job moved successfully.
c:\windows\Tasks\At452.job moved successfully.
c:\windows\Tasks\At453.job moved successfully.
c:\windows\Tasks\At454.job moved successfully.
c:\windows\Tasks\At455.job moved successfully.
c:\windows\Tasks\At456.job moved successfully.
c:\windows\Tasks\At457.job moved successfully.
c:\windows\Tasks\At458.job moved successfully.
c:\windows\Tasks\At459.job moved successfully.
c:\windows\Tasks\At46.job moved successfully.
c:\windows\Tasks\At460.job moved successfully.
c:\windows\Tasks\At461.job moved successfully.
c:\windows\Tasks\At462.job moved successfully.
c:\windows\Tasks\At463.job moved successfully.
c:\windows\Tasks\At464.job moved successfully.
c:\windows\Tasks\At465.job moved successfully.
c:\windows\Tasks\At466.job moved successfully.
c:\windows\Tasks\At467.job moved successfully.
c:\windows\Tasks\At468.job moved successfully.
c:\windows\Tasks\At469.job moved successfully.
c:\windows\Tasks\At47.job moved successfully.
c:\windows\Tasks\At470.job moved successfully.
c:\windows\Tasks\At471.job moved successfully.
c:\windows\Tasks\At472.job moved successfully.
c:\windows\Tasks\At473.job moved successfully.
c:\windows\Tasks\At474.job moved successfully.
c:\windows\Tasks\At475.job moved successfully.
c:\windows\Tasks\At476.job moved successfully.
c:\windows\Tasks\At477.job moved successfully.
c:\windows\Tasks\At478.job moved successfully.
c:\windows\Tasks\At479.job moved successfully.
c:\windows\Tasks\At48.job moved successfully.
c:\windows\Tasks\At480.job moved successfully.
c:\windows\Tasks\At49.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At50.job moved successfully.
c:\windows\Tasks\At51.job moved successfully.
c:\windows\Tasks\At52.job moved successfully.
c:\windows\Tasks\At53.job moved successfully.
c:\windows\Tasks\At54.job moved successfully.
c:\windows\Tasks\At55.job moved successfully.
c:\windows\Tasks\At56.job moved successfully.
c:\windows\Tasks\At57.job moved successfully.
c:\windows\Tasks\At58.job moved successfully.
c:\windows\Tasks\At59.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At60.job moved successfully.
c:\windows\Tasks\At61.job moved successfully.
c:\windows\Tasks\At62.job moved successfully.
c:\windows\Tasks\At63.job moved successfully.
c:\windows\Tasks\At64.job moved successfully.
c:\windows\Tasks\At65.job moved successfully.
c:\windows\Tasks\At66.job moved successfully.
c:\windows\Tasks\At67.job moved successfully.
c:\windows\Tasks\At68.job moved successfully.
c:\windows\Tasks\At69.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At70.job moved successfully.
c:\windows\Tasks\At71.job moved successfully.
c:\windows\Tasks\At72.job moved successfully.
c:\windows\Tasks\At73.job moved successfully.
c:\windows\Tasks\At74.job moved successfully.
c:\windows\Tasks\At75.job moved successfully.
c:\windows\Tasks\At76.job moved successfully.
c:\windows\Tasks\At77.job moved successfully.
c:\windows\Tasks\At78.job moved successfully.
c:\windows\Tasks\At79.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At80.job moved successfully.
c:\windows\Tasks\At81.job moved successfully.
c:\windows\Tasks\At82.job moved successfully.
c:\windows\Tasks\At83.job moved successfully.
c:\windows\Tasks\At84.job moved successfully.
c:\windows\Tasks\At85.job moved successfully.
c:\windows\Tasks\At86.job moved successfully.
c:\windows\Tasks\At87.job moved successfully.
c:\windows\Tasks\At88.job moved successfully.
c:\windows\Tasks\At89.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
c:\windows\Tasks\At90.job moved successfully.
c:\windows\Tasks\At91.job moved successfully.
c:\windows\Tasks\At92.job moved successfully.
c:\windows\Tasks\At93.job moved successfully.
c:\windows\Tasks\At94.job moved successfully.
c:\windows\Tasks\At95.job moved successfully.
c:\windows\Tasks\At96.job moved successfully.
c:\windows\Tasks\At97.job moved successfully.
c:\windows\Tasks\At98.job moved successfully.
c:\windows\Tasks\At99.job moved successfully.
c:\windows\system32\HYKXogKw.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162

combofix:

 

[GOA-E]

ComboFix 09-01-13.04 - JQ 2009-01-16 10:25:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2393 [GMT 11:00]
Running from: c:\documents and settings\JQ\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\N23x7341.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-16 10:23 . 2009-01-16 10:23 <DIR> d-------- C:\_OTMoveIt
2009-01-13 17:07 . 2009-01-13 17:07 <DIR> d-------- c:\program files\Java
2009-01-13 17:07 . 2009-01-13 20:57 <DIR> d-------- c:\documents and settings\JQ\Application Data\LimeWire
2009-01-13 17:07 . 2007-12-14 01:59 69,632 --a------ c:\windows\system32\javacpl.cpl
2009-01-13 17:06 . 2009-01-13 17:07 <DIR> d-------- c:\program files\LimeWire
2009-01-13 17:06 . 2009-01-13 17:06 <DIR> d-------- c:\program files\Common Files\Java
2009-01-10 01:10 . 2009-01-10 01:10 <DIR> d-------- c:\program files\Ali Keshavarz
2009-01-09 16:44 . 2009-01-09 16:44 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 10:25 . 2009-01-13 13:17 38 --a------ c:\windows\avisplitter.INI
2009-01-06 12:26 . 2009-01-06 12:26 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\MSBuild
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 21:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-06 12:25 . 2008-07-06 23:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-06 12:25 . 2008-07-06 23:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-06 12:24 . 2009-01-06 18:53 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-06 12:16 . 2009-01-06 12:16 <DIR> dr-h----- C:\AHCache
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\JQ\Application Data\Malwarebytes
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 10:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 10:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 14:50 . 2008-12-22 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 23:25 --------- d-----w c:\documents and settings\JQ\Application Data\uTorrent
2009-01-15 23:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 23:05 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-01-15 03:20 --------- d-----w c:\documents and settings\JQ\Application Data\mIRC
2008-12-07 09:40 --------- d-----w c:\documents and settings\JQ\Application Data\Ventrilo
2008-12-01 23:58 --------- d-----w c:\documents and settings\JQ\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\program files\iPod
2008-12-01 23:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 23:33 --------- d-----w c:\program files\QuickTime
2008-12-01 23:33 --------- d-----w c:\program files\Bonjour
2008-12-01 23:32 --------- d-----w c:\program files\Apple Software Update
2008-12-01 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-28 07:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-26 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-26 01:05 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-26 00:49 --------- d-----w c:\program files\Windows Live
2008-11-25 14:31 --------- d-----w c:\documents and settings\JQ\Application Data\Media Player Classic
2008-11-25 14:23 --------- d-----w c:\program files\RivaTuner v2.09
2008-11-25 14:08 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-25 14:08 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 11:40 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-11-25 11:25 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-25 11:25 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-25 11:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 11:17 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-25 11:16 --------- d-----w c:\program files\Notebook Hardware Control
2008-11-25 11:14 --------- d-----w c:\program files\Creative
2008-11-25 10:45 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 10:33 --------- d-----w c:\program files\ATK Hotkey
2008-11-25 10:33 --------- d-----w c:\program files\ASUS
2008-11-25 10:22 --------- d-----w c:\program files\Synaptics
2008-11-25 10:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 10:18 --------- d-----w c:\program files\Toshiba
2008-11-25 10:18 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\JQ\Application Data\Intel
2008-11-25 10:17 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-25 10:17 21,361 ----a-w c:\windows\AegisP.sys
2008-11-25 10:17 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-25 10:17 --------- d-----w c:\program files\Intel
2008-11-25 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-25 10:16 --------- d-----w c:\program files\Wireless Console 2
2008-11-25 10:15 --------- d-----w c:\program files\Realtek
2008-11-25 10:15 --------- d-----w c:\documents and settings\JQ\Application Data\InstallShield
2008-11-25 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-25 09:49 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 09:04 --------- d-----w c:\program files\microsoft frontpage
2008-10-26 23:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-26 23:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-26 23:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-26 23:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_16.00.39.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-30 21:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 21:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2007-12-13 13:57:22 135,168 ----a-w c:\windows\system32\java.exe
+ 2007-12-13 13:57:24 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2007-12-13 14:59:16 139,264 ----a-w c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"Fraps"="d:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-26 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-26 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2006-10-24 986624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-10-16 229376]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Copperhead"="d:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Hronos"="d:\program files\Hronos.exe" [2007-08-04 380928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-26 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JQ\Start Menu\Programs\Startup\
Auto Shutdown.lnk - c:\program files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe [1/10/2009 1:10:52 AM 237568]
Creative Console Launcher.lnk - c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe [11/25/2008 10:12:09 PM 217088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/2/2007 7:41:52 PM 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\source 2007 dedicated server\\srcds.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Seperate\\ZZ\\dls\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\aishiteru00\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy dedicated server\\srcds.exe"=
"c:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"d:\\Program Files\\Hronos.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerhid.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"d:\\Program Files\\NetMeter\\NetMeter.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\Notebook Hardware Control\\nhc.exe"=
"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Console Launcher\\ConsoLCu.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razertra.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerofa.exe"=
"d:\\Fraps\\fraps.exe"=
"c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"=

R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [11/25/2008 10:13:01 PM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [11/25/2008 10:13:02 PM 1656960]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/29/2008 11:36:16 PM 11596]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\JQ\Application Data\Mozilla\Firefox\Profiles\pjedk1f1.default\
FF - prefs.js: browser.startup.homepage - hxxps://sso.portal.unimelb.edu.au/UnimelbSSO/login.jsp?site2pstoretoken=v1.2~AD64F60A~537231D0B104C8661296CC1C12FDD6EF5D7B12644615036B135799B6337DDC9D7CA68C6A8C0363156D3D841E10C65F7CAFC6D3FC3F02998643B94EE65C8589F4564D40D15B76656B1874583784266713AE85B315F0E1413A93EBD642E80E3DCD1FE43A40204AD2490FAF9A95FDEABC4BC89864FD71EFA6001A9542036CD46F1098A18E75470230D5D14427ED4643773F6DE46AC6D1BEBE333AE31B7B446203898276C3FA2E2F48C387BAE00FD447C701474AF3D58F4EDC516262110AC4C3B1B4066A8A623317A4A65D7E0CA49B87643A26AD7044E6CE4B6C2D15AD10829CBA0633A0C7A70788F2BA&p_error_code=&p_submit_url=https%3A%2F%2Fsso.portal.unimelb.edu.au%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fapp.portal.unimelb.edu.au%2Fportal%2Fpls%2Fportal%2FPORTAL.home&ssousername=
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 10:26:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-01-16 10:26:41
ComboFix-quarantined-files.txt 2009-01-15 23:26:39
ComboFix2.txt 2009-01-15 05:19:09
ComboFix3.txt 2009-01-15 00:53:13
ComboFix4.txt 2009-01-13 01:30:15
ComboFix5.txt 2009-01-15 23:25:05

Pre-Run: 1,578,614,784 bytes free
Post-Run: 1,590,796,288 bytes free

236

 

[GOA-E]

ComboFix 09-01-13.04 - JQ 2009-01-16 10:25:15.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2393 [GMT 11:00]
Running from: c:\documents and settings\JQ\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\system32\N23x7341.exe

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-16 10:23 . 2009-01-16 10:23 <DIR> d-------- C:\_OTMoveIt
2009-01-13 17:07 . 2009-01-13 17:07 <DIR> d-------- c:\program files\Java
2009-01-13 17:07 . 2009-01-13 20:57 <DIR> d-------- c:\documents and settings\JQ\Application Data\LimeWire
2009-01-13 17:07 . 2007-12-14 01:59 69,632 --a------ c:\windows\system32\javacpl.cpl
2009-01-13 17:06 . 2009-01-13 17:07 <DIR> d-------- c:\program files\LimeWire
2009-01-13 17:06 . 2009-01-13 17:06 <DIR> d-------- c:\program files\Common Files\Java
2009-01-10 01:10 . 2009-01-10 01:10 <DIR> d-------- c:\program files\Ali Keshavarz
2009-01-09 16:44 . 2009-01-09 16:44 <DIR> d-------- c:\program files\Trend Micro
2009-01-09 10:25 . 2009-01-13 13:17 38 --a------ c:\windows\avisplitter.INI
2009-01-06 12:26 . 2009-01-06 12:26 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-06 12:25 . 2009-01-06 12:25 <DIR> d-------- c:\program files\MSBuild
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 23:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-06 12:25 . 2008-07-06 21:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-06 12:25 . 2008-07-06 23:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-06 12:25 . 2008-07-06 23:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-06 12:25 . 2008-07-06 23:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-06 12:24 . 2009-01-06 18:53 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-06 12:16 . 2009-01-06 12:16 <DIR> dr-h----- C:\AHCache
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\JQ\Application Data\Malwarebytes
2009-01-05 10:41 . 2009-01-05 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-05 10:41 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-05 10:41 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-22 14:50 . 2008-12-22 15:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-15 23:25 --------- d-----w c:\documents and settings\JQ\Application Data\uTorrent
2009-01-15 23:24 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-15 23:05 22,528 ----a-w c:\windows\system32\drivers\nhcDriver.sys
2009-01-15 03:20 --------- d-----w c:\documents and settings\JQ\Application Data\mIRC
2008-12-07 09:40 --------- d-----w c:\documents and settings\JQ\Application Data\Ventrilo
2008-12-01 23:58 --------- d-----w c:\documents and settings\JQ\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\program files\iPod
2008-12-01 23:34 --------- d-----w c:\program files\Common Files\Apple
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-01 23:34 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-01 23:33 --------- d-----w c:\program files\QuickTime
2008-12-01 23:33 --------- d-----w c:\program files\Bonjour
2008-12-01 23:32 --------- d-----w c:\program files\Apple Software Update
2008-12-01 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-11-28 07:29 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-26 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-11-26 01:05 --------- d-----w c:\program files\Messenger Plus! Live
2008-11-26 00:49 --------- d-----w c:\program files\Windows Live
2008-11-25 14:31 --------- d-----w c:\documents and settings\JQ\Application Data\Media Player Classic
2008-11-25 14:23 --------- d-----w c:\program files\RivaTuner v2.09
2008-11-25 14:08 202,040 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-25 14:08 137,688 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-25 11:40 --------- d-----w c:\documents and settings\All Users\Application Data\Creative
2008-11-25 11:25 409,600 ----a-w c:\windows\system32\wrap_oal.dll
2008-11-25 11:25 114,688 ----a-w c:\windows\system32\OpenAL32.dll
2008-11-25 11:24 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-25 11:17 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-11-25 11:16 --------- d-----w c:\program files\Notebook Hardware Control
2008-11-25 11:14 --------- d-----w c:\program files\Creative
2008-11-25 10:45 --------- d-----w c:\program files\Common Files\Adobe
2008-11-25 10:33 --------- d-----w c:\program files\ATK Hotkey
2008-11-25 10:33 --------- d-----w c:\program files\ASUS
2008-11-25 10:22 --------- d-----w c:\program files\Synaptics
2008-11-25 10:22 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-25 10:18 --------- d-----w c:\program files\Toshiba
2008-11-25 10:18 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel
2008-11-25 10:18 --------- d-----w c:\documents and settings\JQ\Application Data\Intel
2008-11-25 10:17 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-25 10:17 21,361 ----a-w c:\windows\AegisP.sys
2008-11-25 10:17 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel
2008-11-25 10:17 --------- d-----w c:\program files\Intel
2008-11-25 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Intel
2008-11-25 10:16 --------- d-----w c:\program files\Wireless Console 2
2008-11-25 10:15 --------- d-----w c:\program files\Realtek
2008-11-25 10:15 --------- d-----w c:\documents and settings\JQ\Application Data\InstallShield
2008-11-25 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-11-25 09:49 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 09:04 --------- d-----w c:\program files\microsoft frontpage
2008-10-26 23:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-26 23:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-26 23:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-26 23:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-16 03:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 03:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 03:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 03:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 03:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 03:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 03:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 03:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_16.00.39.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-30 21:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 21:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2007-12-13 13:57:22 135,168 ----a-w c:\windows\system32\java.exe
+ 2007-12-13 13:57:24 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2007-12-13 14:59:16 139,264 ----a-w c:\windows\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Steam"="d:\program files\steam\steam.exe" [2008-10-08 1410296]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"d:\program files\NetMeter\NetMeter.exe"="d:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
"Fraps"="d:\fraps\FRAPS.EXE" [2008-01-14 3182248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-07-28 110592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-26 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-26 86016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2006-10-24 986624]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-10-16 229376]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"Copperhead"="d:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"CTAPR2"="c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\CTAPR2.exe" [2007-02-15 57344]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"Hronos"="d:\program files\Hronos.exe" [2007-08-04 380928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-04-26 c:\windows\system32\nwiz.exe]
"SPIRun"="SPIRun.dll" [2006-11-29 c:\windows\system32\SPIRun.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JQ\Start Menu\Programs\Startup\
Auto Shutdown.lnk - c:\program files\Ali Keshavarz\Auto Shutdown\AutoShutdown.exe [1/10/2009 1:10:52 AM 237568]
Creative Console Launcher.lnk - c:\program files\Creative\Sound Blaster X-Fi\Console Launcher\ConsoLCu.exe [11/25/2008 10:12:09 PM 217088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [8/2/2007 7:41:52 PM 2760704]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\team fortress 2\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\source 2007 dedicated server\\srcds.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Seperate\\ZZ\\dls\\Condition Zero\\hl.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\aishiteru00\\counter-strike source\\hl2.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"d:\\Program Files\\Steam\\steam.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy\\hl2.exe"=
"d:\\Program Files\\Steam\\SteamApps\\iguessnoonehasthisname\\synergy dedicated server\\srcds.exe"=
"c:\\Program Files\\ASUS\\Power4 Gear\\BatteryLife.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"d:\\Program Files\\iTunes\\iTunesHelper.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtMng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtHSP.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\S24EvMon.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\EvtEng.exe"=
"c:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\TosBtSrv.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\Dot1XCfg.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"d:\\Program Files\\Hronos.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerhid.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"d:\\Program Files\\NetMeter\\NetMeter.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\Program Files\\Notebook Hardware Control\\nhc.exe"=
"c:\\Program Files\\Creative\\Sound Blaster X-Fi\\Console Launcher\\ConsoLCu.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razertra.exe"=
"d:\\Program Files\\Razer\\Copperhead\\razerofa.exe"=
"d:\\Fraps\\fraps.exe"=
"c:\\Program Files\\ASUS\\ATK Media\\DMedia.exe"=

R3 t3;SB Xtreme Audio Notebook;c:\windows\system32\drivers\t3.sys [11/25/2008 10:13:01 PM 735744]
R3 t3filt;t3filt;c:\windows\system32\drivers\t3filt.sys [11/25/2008 10:13:02 PM 1656960]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [6/29/2008 11:36:16 PM 11596]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\JQ\Application Data\Mozilla\Firefox\Profiles\pjedk1f1.default\
FF - prefs.js: browser.startup.homepage - hxxps://sso.portal.unimelb.edu.au/UnimelbSSO/login.jsp?site2pstoretoken=v1.2~AD64F60A~537231D0B104C8661296CC1C12FDD6EF5D7B12644615036B135799B6337DDC9D7CA68C6A8C0363156D3D841E10C65F7CAFC6D3FC3F02998643B94EE65C8589F4564D40D15B76656B1874583784266713AE85B315F0E1413A93EBD642E80E3DCD1FE43A40204AD2490FAF9A95FDEABC4BC89864FD71EFA6001A9542036CD46F1098A18E75470230D5D14427ED4643773F6DE46AC6D1BEBE333AE31B7B446203898276C3FA2E2F48C387BAE00FD447C701474AF3D58F4EDC516262110AC4C3B1B4066A8A623317A4A65D7E0CA49B87643A26AD7044E6CE4B6C2D15AD10829CBA0633A0C7A70788F2BA&p_error_code=&p_submit_url=https%3A%2F%2Fsso.portal.unimelb.edu.au%2Fsso%2Fauth&p_cancel_url=https%3A%2F%2Fapp.portal.unimelb.edu.au%2Fportal%2Fpls%2Fportal%2FPORTAL.home&ssousername=
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-16 10:26:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SPIRun = Rundll32 SPIRun.dll,RunDLLEntry?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2009-01-16 10:26:41
ComboFix-quarantined-files.txt 2009-01-15 23:26:39
ComboFix2.txt 2009-01-15 05:19:09
ComboFix3.txt 2009-01-15 00:53:13
ComboFix4.txt 2009-01-13 01:30:15
ComboFix5.txt 2009-01-15 23:25:05

Pre-Run: 1,578,614,784 bytes free
Post-Run: 1,590,796,288 bytes free

236

 

[ceewi1]

Glad to hear it. The fact that your friend is not running Antivirus software makes it extremely likely that he will be reinfected. AVG makes an excellent free antivirus client, as do AntiVir or avast!. I strongly suggest you download and install one of these programs. Allow it to do a full scan and remove whatever it finds. Once done, please post a new HijackThis log.