What do i do with pos.tmp files?

Hi nctw123,

Please do the following:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by Clicking Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

NEXT:

• Download combofix.exe by sUBs to your computer's Desktop.
  
• Alternate Download
  
• (If you already have a previous version, delete it and download a new version).
• Double click combofix.exe & follow the prompts.
  Note: Combofix will automatically disconnect your Internet connection when it runs, do not reconnect it.

When it finishes, it ought to

• Produce a log for you. ( C:\ComboFix\ComboFix.txt)
• Restore your Internet connection.

IMPORTANT:

• Do not use your computer while Combofix is running.
• Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

Please post that log for us.

LASTLY:
Run HijackThis and Open the Misc Tools section.
Open the Uninstall Manager and Click Save list
Save it to your desktop and then please post the list.

I'd like to see those three logs:
1 - MBA-M Log
2 - ComboFix Log
3 - Uninstall List

I will try to check back in a timely manner, but I am not sure what sort of free time I will have over the weekend.

Best Luck :)
PP

MBA-M log:
Malwarebytes' Anti-Malware 1.07
Database version: 467

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 181654
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 4
Registry Keys Infected: 22
Registry Values Infected: 20
Registry Data Items Infected: 3
Folders Infected: 14
Files Infected: 210

Memory Processes Infected:
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Unloaded process successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Unloaded process successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\amddqsom.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\bdlyfppb.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\lfhbmpac.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\vtutu.dll (Trojan.Vundo) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20e95601-8278-4eea-b84f-242df7ae2e66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{20e95601-8278-4eea-b84f-242df7ae2e66} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a95b2816-1d7e-4561-a202-68c0de02353a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{11a69ae4-fbed-4832-a2bf-45af82825583} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{43132710-a996-478a-863b-7d0765b643d5} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(9) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(19) (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(18) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(17) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(16) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(15) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(14) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(13) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(12) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(11) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(10) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(8) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(7) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(6) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(5) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(4) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(3) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(2) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart(1) (Rogue.Storageprotector) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Salestart (Rogue.Storageprotector) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Vundo) -> Data: c:\windows\system32\vtutu.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtutu -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtutu -> Delete on reboot.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\bak (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007\Logs (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
c:\program files\common files\storageprotector\strpmon .exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\amddqsom.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\mosqddma.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdlyfppb.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\bppfyldb.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ibljpbjv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vjbpjlbi.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lfhbmpac.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\capmbhfl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nsmcexef.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fexecmsn.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqhiopcc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ccpoihqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtutu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtutu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ututv.ini (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\ututv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xafwfbcr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rcbfwfax.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ylbkaleq.dllbox (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\afjyqmuk.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\cacooyjy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\caqlyuvv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dlwixoql.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dswtmhmj.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\dyekuyln.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\efcgxlvu.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\exjegpqb.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gcaaqyqf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gfnsaqmf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gitobxmn.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\glcjwfdv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\gxwbvyhb.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\hknbrhhh.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\hqhmhmdi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\jqkbaytg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\kaxqtjro.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\kjymxiuq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lfnhfjob.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lnbofxck.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\lpllfrfy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mihungvi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mlaitrtq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\mofugclq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\nephiqpn.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ngproxvf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\oxjhwwnr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\peuagbsx.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qrjatydi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\qvlnnfkd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\roamakdt.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\sdoxevme.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\sheqipoi.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\snancrds.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\tevobesr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP109.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP11B.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP2E61.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP461A.tmp (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP4620.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP4629.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP6307.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP7746.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP7926.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP792F.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP794A.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8787.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8793.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP8799.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMP87A5.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPAC.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPBB.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPC9.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPDE.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPF0.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TMPF2.tmp (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ujjivnwv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ukssxmod.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\urclqecd.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\vhgtvwel.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\vntmrykt.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\wjiumwsc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xaisfvxg.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xdyitjoc.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xihvkrno.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xqedqkpr.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xunsrkcf.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\xysjgjdy.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ymqysuwq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ywssmfiq.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\ywuecxwm.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\bak\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1194711701.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1195315464.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\matrix.dll.1196195676.old (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP12\A0006463.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0007002.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0007019.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0008017.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009017.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0009054.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0010053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0010055.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011053.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011056.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011090.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011092.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0011094.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012116.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012118.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0012120.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013090.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013092.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013094.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013124.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013129.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013161.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013166.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP14\A0013185.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0019412.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0020413.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0020436.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0021436.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022438.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022459.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0022463.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0023463.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0024460.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0024464.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0025490.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0025494.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP20\A0026494.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0028755.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0028760.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0029758.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP21\A0029760.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP22\A0029859.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0029894.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0029898.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP23\A0031900.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0033226.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0033230.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034221.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034230.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034266.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP24\A0034275.exe (Rogue.SystemErrorFixer) -> Quarantined and deleted successfully.
C:\WINDOWS\17PHolmes1285.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\WINDOWS\offun.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\rau001978.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\retadpu572.exe (Trojan.Agant) -> Quarantined and deleted successfully.
C:\WINDOWS\TISKY009.exe (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\tk58.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\TTC-4444.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\windows (Trojan.Zapchast) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\err.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\WinAntiSpyware 2007\bak\WAS7Mon.exe (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icthis.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ictmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ictun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\icun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmdl.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfmntr.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\isfun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Video Add-on\uninst.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\em (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\oid (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Storageprotector\Data\user (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon .exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Storageprotector\strpmon.exe (Rogue.Storageprotector) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007\Logs\update.log (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiSpyware 2007 Free\description.txt (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
C:\WINDOWS\images.zip (Worm.NetSky) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1285.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\wr.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\tcb.pmw (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\9129837.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest.YOUR-D0F670B45A\Local Settings\Temp\mshtml2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nelson\Start Menu\Programs\Startup\Think-Adz.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nelson\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully.

Combofix log:

ComboFix 08-03-07.4 - Compaq_Owner 2008-03-08 0:26:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.117 [GMT -5:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\int_rem.bat
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\License_Manager
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\baaadd.ini
C:\WINDOWS\BM7b351950.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\j?vaw.exe
C:\WINDOWS\ddaaab.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\ssembl~1
C:\WINDOWS\stem~1
C:\WINDOWS\stem~1\??stem\
C:\WINDOWS\stem~1\rundll32.exe
C:\WINDOWS\system32\alqywqkh.dll
C:\WINDOWS\system32\amddqsom.dll
C:\WINDOWS\system32\avfliqwm.dll
C:\WINDOWS\system32\baayyhkj.dll
C:\WINDOWS\system32\bdlyfppb.dll
C:\WINDOWS\system32\bppfyldb.ini
C:\WINDOWS\system32\cfqrmtbo.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dvifotjb.dll
C:\WINDOWS\system32\erdgvdxe.dll
C:\WINDOWS\system32\evndcvcm.dll
C:\WINDOWS\system32\faypimal.dll
C:\WINDOWS\system32\glyraphp.dll
C:\WINDOWS\system32\grpwxodq.dll
C:\WINDOWS\system32\hpxgbwth.dll
C:\WINDOWS\system32\ivjcswrs.dll
C:\WINDOWS\system32\iwwfkjdv.dll
C:\WINDOWS\system32\jipjcufq.dll
C:\WINDOWS\system32\lfhbmpac.dll
C:\WINDOWS\system32\ljxpnata.dll
C:\WINDOWS\system32\lniyeysd.dll
C:\WINDOWS\system32\luflcnyc.dll
C:\WINDOWS\system32\lulfraxh.dll
C:\WINDOWS\system32\maogjxyx.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrtkaeaw.dll
C:\WINDOWS\system32\nvktngwg.dll
C:\WINDOWS\system32\nyossclw.dll
C:\WINDOWS\system32\otwgsawm.dll
C:\WINDOWS\system32\pihkcnjr.dll
C:\WINDOWS\system32\pyyobvbc.dll
C:\WINDOWS\system32\qqxqefbe.dll
C:\WINDOWS\system32\quligxew.dll
C:\WINDOWS\system32\reqjqxoe.dll
C:\WINDOWS\system32\rgeaayhf.dll
C:\WINDOWS\system32\rytpmmwj.dll
C:\WINDOWS\system32\system.exe
C:\WINDOWS\system32\thylfnwu.dll
C:\WINDOWS\system32\tqsupyhj.dll
C:\WINDOWS\system32\ufrftlgk.dll
C:\WINDOWS\system32\uogjvymh.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\uwvsluhw.dll
C:\WINDOWS\system32\vtutu.dll
C:\WINDOWS\system32\widgskub.dll
C:\WINDOWS\system32\wpyrdevm.dll
C:\WINDOWS\system32\xdpjllhy.dll
C:\WINDOWS\system32\xdqrprov.dll
C:\WINDOWS\system32\xwuhxxny.dll
C:\WINDOWS\system32\ylumvmjs.dll
C:\WINDOWS\system32\yudjrchd.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-07 19:35 . 2008-03-07 19:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-03-07 19:28 . 2008-03-07 19:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 19:28 . 2008-03-07 19:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-05 21:07 . 2008-03-05 21:07 326,656 --a------ C:\WINDOWS\system32\RCX4B.tmp
2008-03-04 23:15 . 2008-03-04 23:15 326,656 --a------ C:\WINDOWS\system32\RCX44.tmp
2008-03-04 15:33 . 2008-03-05 07:12 1,494 ---hs---- C:\WINDOWS\system32\emcbsbik.ini
2008-03-03 23:38 . 2008-03-08 00:21 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-03 23:38 . 2008-03-03 23:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-03 23:36 . 2008-03-03 23:36 326,656 --a------ C:\WINDOWS\system32\RCX41.tmp
2008-03-03 15:31 . 2008-03-04 15:32 1,314 ---hs---- C:\WINDOWS\system32\wqvpfgxw.ini
2008-03-02 08:44 . 2008-03-03 15:25 1,194 ---hs---- C:\WINDOWS\system32\csiuloni.ini
2008-02-29 18:36 . 2008-02-29 18:36 326,656 --a------ C:\WINDOWS\system32\RCX3E.tmp
2008-02-29 15:32 . 2008-03-02 08:41 1,074 ---hs---- C:\WINDOWS\system32\pprkuifl.ini
2008-02-28 15:28 . 2008-02-29 15:29 774 ---hs---- C:\WINDOWS\system32\xorohqel.ini
2008-02-26 21:14 . 2008-02-28 15:28 654 ---hs---- C:\WINDOWS\system32\sroikmrx.ini
2008-02-25 19:10 . 2008-02-26 21:11 534 ---hs---- C:\WINDOWS\system32\xchqoame.ini
2008-02-25 18:07 . 2008-02-25 18:08 294 ---hs---- C:\WINDOWS\system32\tcecreer.ini
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Program Files\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2008-02-24 13:28 . 2008-02-24 13:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-24 13:28 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-24 13:28 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-24 13:28 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-24 13:28 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-24 13:28 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-24 13:23 . 2008-02-24 13:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-24 11:32 . 2008-02-24 11:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-23 16:36 . 2008-02-24 16:37 1,154,241 ---hs---- C:\WINDOWS\system32\ikrvtjmh.ini
2008-02-23 15:30 . 2008-02-23 15:31 1,153,692 ---hs---- C:\WINDOWS\system32\rbkugrmv.ini
2008-02-22 15:30 . 2008-02-22 22:47 1,154,857 ---hs---- C:\WINDOWS\system32\jgyqprlr.ini
2008-02-21 15:34 . 2008-02-22 15:26 1,154,361 ---hs---- C:\WINDOWS\system32\qurpshjd.ini
2008-02-20 15:29 . 2008-02-21 15:29 1,207,013 ---hs---- C:\WINDOWS\system32\ntcpimka.ini
2008-02-18 21:05 . 2008-02-20 15:28 1,250,261 ---hs---- C:\WINDOWS\system32\pqpcnvbh.ini
2008-02-18 11:06 . 2008-02-18 21:05 1,238,973 ---hs---- C:\WINDOWS\system32\rxfdbuje.ini
2008-02-17 22:30 . 2008-02-17 22:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-02-17 22:20 . 2008-02-18 11:05 1,248,947 ---hs---- C:\WINDOWS\system32\enldmlcr.ini
2008-02-16 22:21 . 2008-02-17 02:06 1,248,767 ---hs---- C:\WINDOWS\system32\tdwjuhba.ini
2008-02-16 22:07 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-16 22:07 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-16 22:07 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax
2008-02-16 21:55 . 2008-02-16 21:56 <DIR> d-------- C:\Program Files\AVI MPEG Video Converter
2008-02-15 22:19 . 2008-02-16 22:19 1,248,647 ---hs---- C:\WINDOWS\system32\bmttocru.ini
2008-02-15 21:19 . 2008-02-15 21:20 1,248,467 ---hs---- C:\WINDOWS\system32\yrhtflmr.ini
2008-02-14 21:19 . 2008-02-15 12:22 1,242,300 ---hs---- C:\WINDOWS\system32\nhrmnthc.ini
2008-02-12 21:22 . 2008-02-13 16:09 1,235,221 ---hs---- C:\WINDOWS\system32\kfjnncvu.ini
2008-02-11 23:56 . 2008-02-12 20:36 1,222,540 ---hs---- C:\WINDOWS\system32\vexnjjpj.ini
2008-02-11 01:08 . 2008-02-11 01:08 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-11 01:08 . 2008-02-11 01:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 00:58 . 2008-02-11 00:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:51 . 2008-02-10 20:07 9,296 --a------ C:\22.exe
2008-02-09 21:16 . 2008-02-10 17:49 1,220,770 ---hs---- C:\WINDOWS\system32\tthlccou.ini
2008-02-09 14:34 . 2008-02-09 14:34 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-08 22:13 . 2008-02-09 02:14 137,248 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-08 22:13 . 2008-02-09 02:14 4,128 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-08 22:13 . 2008-02-09 02:14 2,684 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-08 22:13 . 2008-02-09 02:14 1,460 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-08 22:12 . 2008-02-08 22:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-08 22:12 . 2008-02-10 17:46 364,544 --a------ C:\WINDOWS\mrofinu1285.exe.tmp
2008-02-08 21:40 . 2007-10-10 18:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-08 21:40 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-08 21:40 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-08 21:40 . 2007-10-10 18:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-08 21:40 . 2007-10-10 18:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-08 21:40 . 2007-10-10 18:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-08 21:40 . 2007-10-10 18:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-08 21:40 . 2007-10-10 18:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-08 21:40 . 2007-10-10 05:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-08 19:29 . 2008-03-05 21:08 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-02-08 16:21 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-08 15:36 . 2008-02-08 15:36 <DIR> d-------- C:\Program Files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-08 05:36 --------- d-----w C:\Program Files\QuickTime
2008-03-08 05:36 --------- d-----w C:\Program Files\iTunes
2008-03-04 02:59 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-02-27 21:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-02-27 20:41 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-24 17:49 --------- d-----w C:\Program Files\Sonic
2008-02-24 15:08 --------- d-----w C:\Program Files\iPod
2008-02-17 03:07 --------- d-----w C:\Program Files\XviD
2008-02-13 01:23 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-02-09 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 03:34 --------- d-----w C:\Program Files\Common Files\Command Software
2008-02-09 00:26 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 21:20 --------- d-----w C:\Program Files\Java
2008-02-08 20:23 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-02-08 02:43 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 02:23 --------- d-----w C:\Program Files\Google
2008-02-08 02:00 --------- d-----w C:\Program Files\WildTangent
2008-01-26 21:21 --------- d-----w C:\Program Files\World of Warcraft
2008-01-26 01:30 --------- d-----w C:\Program Files\7-Zip
2008-01-14 05:36 5,197 ----a-w C:\is9.exe
2008-01-02 19:44 3,029,431 ----a-w C:\steam.exe
2007-10-02 18:51 2,674,688 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\Steam.dll
2007-03-29 14:57 6,656 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
2006-10-01 21:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

<pre>
----a-w            27,136 2007-02-08 22:40:48  C:\hp\bin\cloaker .exe
----a-w           307,200 2008-02-19 02:04:39  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            50,528 2007-02-05 20:26:05  C:\Program Files\AIM6\aim6 .exe
----a-w           344,064 2007-02-08 22:40:28  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w           180,269 2008-03-02 13:41:29  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            52,848 2008-02-08 22:00:43  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           218,240 2008-02-08 22:00:53  C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt .exe
----a-w           847,872 2008-02-24 17:39:04  C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3 .exe
----a-w           249,856 2007-02-07 05:31:45  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                                 .exe
----a-w           577,536 2007-02-07 05:29:36  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                                .exe
----a-w           577,536 2007-02-07 03:45:18  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                               .exe
----a-w           577,536 2007-02-06 20:24:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                              .exe
----a-w           577,536 2007-02-05 20:25:02  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                             .exe
----a-w           577,536 2007-02-05 02:15:54  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                            .exe
----a-w           577,536 2007-02-04 20:30:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                           .exe
----a-w           577,536 2007-02-04 03:42:20  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                          .exe
----a-w           577,536 2007-02-03 23:49:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                         .exe
----a-w           577,536 2008-02-03 14:10:03  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                        .exe
----a-w           577,536 2008-02-03 06:22:07  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                       .exe
----a-w           577,536 2008-02-03 01:18:38  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                      .exe
----a-w           577,536 2008-02-02 16:42:30  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                     .exe
----a-w           577,536 2008-02-01 20:46:12  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                    .exe
----a-w           577,536 2008-02-01 20:24:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                   .exe
----a-w           577,536 2008-01-31 20:24:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                  .exe
----a-w           577,536 2008-01-31 02:06:28  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                 .exe
----a-w           577,536 2008-01-30 20:28:12  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                                .exe
----a-w           577,536 2008-01-29 21:16:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                               .exe
----a-w           577,536 2008-01-29 20:26:38  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                              .exe
----a-w           577,536 2008-01-28 20:25:39  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                             .exe
----a-w           577,536 2008-01-27 17:24:07  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                            .exe
----a-w           577,536 2008-01-26 20:59:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                           .exe
----a-w           577,536 2008-01-26 15:35:53  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                          .exe
----a-w           577,536 2008-01-25 16:21:11  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                         .exe
----a-w           577,536 2008-01-25 01:47:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                        .exe
----a-w           577,536 2008-01-25 01:34:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                       .exe
----a-w           577,536 2008-01-25 01:26:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                      .exe
----a-w           577,536 2007-01-24 14:23:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                     .exe
----a-w           577,536 2007-01-23 16:42:43  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                    .exe
----a-w           577,536 2007-01-23 16:25:36  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                   .exe
----a-w           577,536 2007-01-23 00:48:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                  .exe
----a-w           577,536 2007-01-22 20:34:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                 .exe
----a-w           577,536 2007-01-22 20:23:53  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                                .exe
----a-w           577,536 2007-01-22 01:08:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                               .exe
----a-w           577,536 2007-01-21 23:08:16  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                              .exe
----a-w           577,536 2008-01-21 15:26:49  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                             .exe
----a-w           577,536 2008-01-20 18:39:47  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                            .exe
----a-w           577,536 2008-01-20 08:37:27  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                           .exe
----a-w           577,536 2008-01-20 02:15:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                          .exe
----a-w           577,536 2008-01-19 14:34:43  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                         .exe
----a-w           577,536 2008-01-18 20:30:46  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                        .exe
----a-w           577,536 2008-01-18 01:11:49  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                       .exe
----a-w           577,536 2008-01-17 02:42:23  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                      .exe
----a-w           577,536 2008-01-17 02:14:22  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                     .exe
----a-w           577,536 2008-01-16 20:26:23  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                    .exe
----a-w           577,536 2008-01-15 20:29:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                   .exe
----a-w           577,536 2008-01-15 02:14:22  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                  .exe
----a-w           577,536 2008-01-14 20:25:40  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                 .exe
----a-w           577,536 2008-01-13 15:59:26  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                                .exe
----a-w           577,536 2008-01-13 15:33:34  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                               .exe
----a-w           577,536 2008-01-13 02:20:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                              .exe
----a-w           577,536 2008-01-12 15:56:11  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                             .exe
----a-w           577,536 2008-01-11 20:25:48  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                            .exe
----a-w           577,536 2008-01-11 04:22:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                           .exe
----a-w           577,536 2008-01-10 21:30:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                          .exe
----a-w           577,536 2008-01-09 20:27:04  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                         .exe
----a-w           577,536 2008-01-08 20:27:47  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                        .exe
----a-w           577,536 2008-01-07 22:51:06  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                       .exe
----a-w           577,536 2008-01-07 20:30:46  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                      .exe
----a-w           577,536 2008-01-07 01:24:02  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                     .exe
----a-w           577,536 2008-01-06 19:15:59  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                    .exe
----a-w           577,536 2008-01-06 08:46:24  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                   .exe
----a-w           577,536 2008-01-05 18:28:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                  .exe
----a-w           577,536 2008-01-05 18:19:42  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                 .exe
----a-w           577,536 2008-01-04 17:49:14  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp                .exe
----a-w           577,536 2008-01-04 02:12:51  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp               .exe
----a-w           577,536 2008-02-11 04:42:03  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp              .exe
----a-w           577,536 2008-02-10 22:46:34  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp             .exe
----a-w           577,536 2008-02-10 14:27:29  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp            .exe
----a-w           577,536 2008-02-10 03:16:52  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp           .exe
----a-w           577,536 2008-02-10 02:08:58  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp          .exe
----a-w           577,536 2008-02-09 21:39:08  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp         .exe
----a-w           577,536 2008-02-09 20:06:08  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp        .exe
----a-w           577,536 2008-02-09 19:39:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp       .exe
----a-w           577,536 2008-02-09 18:48:05  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp      .exe
----a-w           577,536 2008-02-09 16:31:54  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp     .exe
----a-w           577,536 2008-02-09 16:05:52  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp    .exe
----a-w           577,536 2008-02-09 03:05:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp   .exe
----a-w           577,536 2008-02-09 01:06:45  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
----a-w           577,536 2008-02-09 00:26:57  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w            49,152 2008-02-10 22:47:49  C:\Program Files\HP\HP Software Update\HPwuSchd2 .exe
----a-w           267,048 2008-03-08 05:20:36  C:\Program Files\iTunes\iTunesHelper .exe
----a-w            36,975 2007-02-08 22:40:25  C:\Program Files\Java\jre1.5.0_05\bin\jusched .exe
----a-w           132,496 2008-02-10 22:47:56  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w         1,694,208 2008-02-10 22:48:58  C:\Program Files\Messenger\msmsgs .exe
----a-w            53,248 2008-02-08 20:25:45  C:\Program Files\PC-Doctor 5 for Windows\RunProfiler .exe
----a-w           286,720 2007-01-24 14:24:49  C:\Program Files\QuickTime\qttask                                                            .exe
----a-w           640,512 2007-01-24 14:24:01  C:\Program Files\QuickTime\qttask                                                           .exe
----a-w           640,512 2007-01-23 16:42:45  C:\Program Files\QuickTime\qttask                                                          .exe
----a-w           640,512 2007-01-23 16:25:38  C:\Program Files\QuickTime\qttask                                                         .exe
----a-w           640,512 2007-01-23 00:48:09  C:\Program Files\QuickTime\qttask                                                        .exe
----a-w           640,512 2007-01-22 20:34:54  C:\Program Files\QuickTime\qttask                                                       .exe
----a-w           640,512 2007-01-22 20:23:56  C:\Program Files\QuickTime\qttask                                                      .exe
----a-w           640,512 2007-01-22 01:08:59  C:\Program Files\QuickTime\qttask                                                     .exe
----a-w           640,512 2007-01-21 23:08:19  C:\Program Files\QuickTime\qttask                                                    .exe
----a-w           640,512 2008-01-21 15:26:52  C:\Program Files\QuickTime\qttask                                                   .exe
----a-w           640,512 2008-01-20 18:39:51  C:\Program Files\QuickTime\qttask                                                  .exe
----a-w           640,512 2008-01-20 08:37:29  C:\Program Files\QuickTime\qttask                                                 .exe
----a-w           640,512 2008-01-20 02:15:07  C:\Program Files\QuickTime\qttask                                                .exe
----a-w           640,512 2008-01-19 14:34:50  C:\Program Files\QuickTime\qttask                                               .exe
----a-w           640,512 2008-01-18 20:30:53  C:\Program Files\QuickTime\qttask                                              .exe
----a-w           640,512 2008-01-18 01:11:52  C:\Program Files\QuickTime\qttask                                             .exe
----a-w           640,512 2008-01-18 01:04:12  C:\Program Files\QuickTime\qttask                                            .exe
----a-w           640,512 2008-01-17 20:28:30  C:\Program Files\QuickTime\qttask                                           .exe
----a-w           640,512 2008-01-17 02:42:25  C:\Program Files\QuickTime\qttask                                          .exe
----a-w           640,512 2008-01-17 02:14:30  C:\Program Files\QuickTime\qttask                                         .exe
----a-w           640,512 2008-01-16 20:26:27  C:\Program Files\QuickTime\qttask                                        .exe
----a-w           640,512 2008-01-15 20:29:20  C:\Program Files\QuickTime\qttask                                       .exe
----a-w           640,512 2008-01-15 02:14:25  C:\Program Files\QuickTime\qttask                                      .exe
----a-w           640,512 2008-01-14 20:25:43  C:\Program Files\QuickTime\qttask                                     .exe
----a-w           640,512 2008-01-14 05:33:48  C:\Program Files\QuickTime\qttask                                    .exe
----a-w           640,512 2008-01-13 15:59:28  C:\Program Files\QuickTime\qttask                                   .exe
----a-w           640,512 2008-01-13 15:33:37  C:\Program Files\QuickTime\qttask                                  .exe
----a-w           640,512 2008-01-13 02:20:50  C:\Program Files\QuickTime\qttask                                 .exe
----a-w           640,512 2008-01-12 15:56:13  C:\Program Files\QuickTime\qttask                                .exe
----a-w           385,024 2006-02-07 05:31:59  C:\Program Files\QuickTime\qttask                               .exe
----a-w           738,816 2007-02-07 05:29:44  C:\Program Files\QuickTime\qttask                              .exe
----a-w           738,816 2007-02-07 03:45:36  C:\Program Files\QuickTime\qttask                             .exe
----a-w           738,816 2007-02-06 20:24:12  C:\Program Files\QuickTime\qttask                            .exe
----a-w           738,816 2007-02-06 13:06:03  C:\Program Files\QuickTime\qttask                           .exe
----a-w           738,816 2007-02-05 20:25:09  C:\Program Files\QuickTime\qttask                          .exe
----a-w           738,816 2007-02-05 02:16:00  C:\Program Files\QuickTime\qttask                         .exe
----a-w           738,816 2007-02-04 20:30:11  C:\Program Files\QuickTime\qttask                        .exe
----a-w           738,816 2007-02-04 03:42:26  C:\Program Files\QuickTime\qttask                       .exe
----a-w           738,816 2007-02-03 23:49:39  C:\Program Files\QuickTime\qttask                      .exe
----a-w           738,816 2008-02-03 18:28:10  C:\Program Files\QuickTime\qttask                     .exe
----a-w           738,816 2008-02-03 14:10:07  C:\Program Files\QuickTime\qttask                    .exe
----a-w           738,816 2008-02-03 06:22:14  C:\Program Files\QuickTime\qttask                   .exe
----a-w           385,024 2008-03-06 02:07:49  C:\Program Files\QuickTime\QTTask                .exe
----a-w           738,816 2008-03-06 02:07:16  C:\Program Files\QuickTime\QTTask               .exe
----a-w           738,816 2008-03-05 12:10:13  C:\Program Files\QuickTime\QTTask              .exe
----a-w           738,816 2008-03-05 04:15:14  C:\Program Files\QuickTime\QTTask             .exe
----a-w           738,816 2008-03-04 04:36:04  C:\Program Files\QuickTime\QTTask            .exe
----a-w           738,816 2008-03-01 10:59:57  C:\Program Files\QuickTime\QTTask           .exe
----a-w           738,816 2008-02-29 23:36:09  C:\Program Files\QuickTime\QTTask          .exe
----a-w           738,816 2008-02-29 05:11:36  C:\Program Files\QuickTime\QTTask         .exe
----a-w           738,816 2008-02-26 20:59:17  C:\Program Files\QuickTime\QTTask        .exe
----a-w           738,816 2008-02-25 03:43:22  C:\Program Files\QuickTime\QTTask       .exe
----a-w           738,816 2008-02-24 21:43:05  C:\Program Files\QuickTime\QTTask      .exe
----a-w           738,816 2008-02-24 18:31:30  C:\Program Files\QuickTime\QTTask     .exe
----a-w           738,816 2008-02-24 17:59:38  C:\Program Files\QuickTime\QTTask    .exe
----a-w           738,816 2008-02-24 17:37:57  C:\Program Files\QuickTime\QTTask   .exe
----a-w           738,816 2008-02-24 16:50:46  C:\Program Files\QuickTime\QTTask  .exe
----a-w           738,816 2008-02-24 15:14:32  C:\Program Files\QuickTime\QTTask .exe
----a-w         5,367,664 2008-03-08 05:20:42  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
----a-w           189,952 2007-02-07 05:31:46  C:\WINDOWS\wkssvr .exe
----a-w           237,568 2008-02-10 22:47:39  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w            52,736 2007-02-08 22:40:24  C:\WINDOWS\system\hpsysdrv .exe
----a-w            15,360 2008-03-06 02:08:38  C:\WINDOWS\system32\ctfmon .exe
</pre>

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 67,112 2006-08-01 21:35:36 C:\Program Files\AIM\bak\aim.exe
----a-w 24,080 2007-08-23 04:01:23 C:\Program Files\AIM\aim.exe

----a-w 50,736 2007-04-27 21:17:26 C:\Program Files\AIM6\bak\aim6.exe

----a-w 57,344 2002-05-22 15:57:16 C:\Program Files\AIM95\bak\aim.exe

----a-w 344,064 2006-04-05 02:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
----a-w 344,064 2005-08-14 12:05:00 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

----a-w 185,896 2007-03-26 03:46:16 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe

----a-w 249,856 2005-11-10 00:29:16 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe
----a-w 577,536 2008-02-08 01:29:57 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

----a-w 49,152 2005-02-17 14:11:42 C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe
----a-w 377,856 2008-02-10 22:46:36 C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

----a-w 1,592 2007-11-16 21:26:11 C:\Program Files\Steam\bak\ClientRegistry.blob
----a-w 335,992 2007-10-03 21:47:28 C:\Program Files\Steam\ClientRegistry.blob

----a-w 1,258,744 2007-09-01 03:07:11 C:\Program Files\Steam\bak\Steam.exe
----a-w 28,176 2007-10-03 22:02:27 C:\Program Files\Steam\Steam.exe

----a-w 29,228 2007-11-12 04:01:56 C:\Program Files\Steam\bak\Steamexe__237340__2007_11_12T4_1_52C5859.mdmp

----a-w 29,228 2007-11-16 21:26:11 C:\Program Files\Steam\bak\Steamexe__237340__2007_11_16T21_26_8C8296.mdmp

----a-w 29,228 2007-11-03 15:14:32 C:\Program Files\Steam\bak\Steamexe__237340__2007_11_3T15_14_30C8828.mdmp

----a-w 2,560,000 2007-09-13 01:33:30 C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe
----a-w 3,252,224 2007-10-03 15:46:40 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

----a-w 237,568 2005-07-23 06:14:00 C:\WINDOWS\SMINST\bak\RECGUARD.EXE
----a-w 573,952 2008-02-11 04:42:02 C:\WINDOWS\SMINST\RECGUARD.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-03-05 21:07 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-22 10:39:49 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ylbkaleq]
ylbkaleq.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 00:49:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
.
**************************************************************************
.
Completion time: 2008-03-08 0:54:51 - machine was rebooted [Compaq_Owner]
ComboFix-quarantined-files.txt 2008-03-08 05:54:28
.
2008-02-09 02:46:54 --- E O F ---

HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:56 AM, on 3/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - Winlogon Notify: ylbkaleq - ylbkaleq.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 4964 bytes

Hi nctw123,

This computer was and still is ridiculously infested with malware. Even some of your malware was infected by other malware! LOL!

In cases such as this, I generally recommend a reformat and reinstall of Windows.

However, if you'd like to continue with the cleaning process, please follow the instructions below.

--- I'd still like to see that uninstall list

--- DownloadFindAWF.exe by noahdfear and save it to yourDesktop.
• Double-click on FindAWF.exe to start the program.
• If a "Security Alert" shows, allow the program to run.
• Select option #1 - Scan for bak folders by typing 1 and press 'Enter'.
• When FindAWF finishes, a log will open in notepad called AWF.txt which will automatically be saved to the Desktop.

• Please submit AWF.txt for me.

Hang in there for further steps - I'm not sure how much free time I'll have over the weekend.

PP :)

sorry it took me so long to get back, my internet was out for a while so i couldn't get back here

here's the log:
Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 03/16/2008
The current time is: 16:40:19.53

bak folders found
~~~~~~~~~~~

Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\AIM\BAK

08/01/2006 05:35 PM 67,112 aim.exe
1 File(s) 67,112 bytes

Directory of C:\PROGRA~1\AIM6\BAK

04/27/2007 05:17 PM 50,736 aim6.exe
1 File(s) 50,736 bytes

Directory of C:\PROGRA~1\AIM95\BAK

05/22/2002 11:57 AM 57,344 aim.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\STEAM\BAK

11/16/2007 05:26 PM 1,592 ClientRegistry.blob
08/31/2007 11:07 PM 1,258,744 Steam.exe
11/12/2007 12:01 AM 29,228 Steamexe__237340__2007_11_12T4_1_52C5859.mdmp
11/16/2007 05:26 PM 29,228 Steamexe__237340__2007_11_16T21_26_8C8296.mdmp
11/03/2007 11:14 AM 29,228 Steamexe__237340__2007_11_3T15_14_30C8828.mdmp
5 File(s) 1,348,020 bytes

Directory of C:\WINDOWS\SMINST\BAK

07/23/2005 02:14 AM 237,568 RECGUARD.EXE
1 File(s) 237,568 bytes

Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

04/04/2006 10:05 PM 344,064 atiptaxx.exe
1 File(s) 344,064 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPBOOT~1\BAK

11/09/2005 08:29 PM 249,856 HPBootOp.exe
1 File(s) 249,856 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

02/17/2005 10:11 AM 49,152 HPwuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\VEOHNE~1\VEOH\BAK

09/12/2007 09:33 PM 2,560,000 VeohClient.exe
1 File(s) 2,560,000 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

03/25/2007 11:46 PM 185,896 realsched.exe
1 File(s) 185,896 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

24080 Aug 23 2007 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
57344 May 22 2002 "C:\Program Files\AIM95\bak\aim.exe"
50528 Jan 3 2008 "C:\Program Files\AIM6\aim6.exe"
50736 Apr 27 2007 "C:\Program Files\AIM6\bak\aim6.exe"
50768 Aug 28 2006 "C:\Program Files\Common Files\AOL\1161455191\ee\aim6.exe"
24080 Aug 23 2007 "C:\Program Files\AIM\aim.exe"
67112 Aug 1 2006 "C:\Program Files\AIM\bak\aim.exe"
57344 May 22 2002 "C:\Program Files\AIM95\bak\aim.exe"
225 Mar 11 2008 "C:\Program Files\Steam\ClientRegistry.blob"
1592 Nov 16 2007 "C:\Program Files\Steam\bak\ClientRegistry.blob"
3029431 Jan 2 2008 "C:\steam.exe"
1258744 Aug 31 2007 "C:\Program Files\Steam\bak\Steam.exe"
1249280 Sep 23 2006 "C:\Program Files\Valve\Steam\Steam.exe"
29228 Nov 3 2007 "C:\Program Files\Steam\bak\Steamexe__237340__2007_11_3T15_14_30C8828.mdmp"
29228 Nov 12 2007 "C:\Program Files\Steam\bak\Steamexe__237340__2007_11_12T4_1_52C5859.mdmp"
29228 Nov 16 2007 "C:\Program Files\Steam\bak\Steamexe__237340__2007_11_16T21_26_8C8296.mdmp"
573952 Feb 11 2008 "C:\WINDOWS\SMINST\RECGUARD.EXE"
237568 Jul 23 2005 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
344064 Aug 14 2005 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
344064 Apr 4 2006 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
249856 Nov 9 2005 "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\bak\HPBootOp.exe"
37286 Apr 1 2007 "C:\Program Files\HP\HP Software Update\HPwuSchd2.exe1175891165"
49152 Feb 17 2005 "C:\Program Files\HP\HP Software Update\bak\HPwuSchd2.exe"
3252224 Oct 3 2007 "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"
2560000 Sep 12 2007 "C:\Program Files\Veoh Networks\Veoh\bak\VeohClient.exe"
180269 Feb 22 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe1187841370"
185896 Mar 25 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"

end of report

sorry it took me so long to get back, my internet was out for a while so i couldn't get back here

No worries! However, I am not going to be around much for a while due to "real life" issues, so I'll probably not be able to reply in a timely manner.

Anyhoo, let's go ahead and do the following:

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe to start ComboFix

-- Let Combofix run as before and post me that log

NEXT:
Please run http://www.eset.com/onlinescan/

-- You will need to temporarily disable your current Anti-virus program.
-- Make sure that the option Remove found threats is Unchecked, and the option Scan unwanted applications is checked.
-- Remember to Re-enable your Resident Anti-virus program after the scan has finished.
-- A logfile ought to be found at C:\\Program Files\\EsetOnlineScanner\\log.txt.
Please post that for me.

THEN:
Go and Update your Java here ---> http://www.java.com/en
Be sure to uninstall ALL older versions via Add/Remove Programs!

LASTLY:
Give me a Fresh HijackThis Log from after all of the above has been completed.

I'll want to see:
1) New ComboFix Log
2) ESET Online Scan Log
3) Fresh HijackThis Log

Will check back as time permits - may not be for a few days. Hopefully one of the other volunteers will jump in, but they already have a lot on their plates. If need be, you could try my friend Judy at iamnotageek.com.

Cheers :)
PP

Sorry again about how long it took :\, and all the help is greatly appreciated that you've already given :D

here's the combofix log:
ComboFix 08-03-14.4 - Compaq_Owner 2008-03-16 20:14:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\22.exe
C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
C:\is9.exe
C:\WINDOWS\mrofinu1285.exe.tmp
C:\WINDOWS\system32\bmttocru.ini
C:\WINDOWS\system32\csiuloni.ini
C:\WINDOWS\system32\emcbsbik.ini
C:\WINDOWS\system32\enldmlcr.ini
C:\WINDOWS\system32\ikrvtjmh.ini
C:\WINDOWS\system32\jgyqprlr.ini
C:\WINDOWS\system32\kfjnncvu.ini
C:\WINDOWS\system32\nhrmnthc.ini
C:\WINDOWS\system32\ntcpimka.ini
C:\WINDOWS\system32\pprkuifl.ini
C:\WINDOWS\system32\pqpcnvbh.ini
C:\WINDOWS\system32\qurpshjd.ini
C:\WINDOWS\system32\rbkugrmv.ini
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\rxfdbuje.ini
C:\WINDOWS\system32\sroikmrx.ini
C:\WINDOWS\system32\tcecreer.ini
C:\WINDOWS\system32\tdwjuhba.ini
C:\WINDOWS\system32\tthlccou.ini
C:\WINDOWS\system32\vexnjjpj.ini
C:\WINDOWS\system32\wqvpfgxw.ini
C:\WINDOWS\system32\xchqoame.ini
C:\WINDOWS\system32\xorohqel.ini
C:\WINDOWS\system32\yrhtflmr.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\22.exe
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
C:\Documents and Settings\Compaq_Owner\err.log
C:\is9.exe
C:\Program Files\WildTangent
C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\def.dat
C:\Program Files\WildTangent\Apps\hpuninstall.exe
C:\Program Files\WildTangent\Apps\icon.ico
C:\Program Files\WildTangent\Apps\lic.exe
C:\Program Files\WildTangent\Apps\onplay.exe
C:\Program Files\WildTangent\Apps\sm_contests.ico
C:\Program Files\WildTangent\Apps\sm_wildboards.ico
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
C:\WINDOWS\mrofinu1285.exe.tmp
C:\WINDOWS\system32\bmttocru.ini
C:\WINDOWS\system32\csiuloni.ini
C:\WINDOWS\system32\emcbsbik.ini
C:\WINDOWS\system32\enldmlcr.ini
C:\WINDOWS\system32\ikrvtjmh.ini
C:\WINDOWS\system32\jgyqprlr.ini
C:\WINDOWS\system32\kfjnncvu.ini
C:\WINDOWS\system32\nhrmnthc.ini
C:\WINDOWS\system32\ntcpimka.ini
C:\WINDOWS\system32\pprkuifl.ini
C:\WINDOWS\system32\pqpcnvbh.ini
C:\WINDOWS\system32\qurpshjd.ini
C:\WINDOWS\system32\rbkugrmv.ini
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\rxfdbuje.ini
C:\WINDOWS\system32\sroikmrx.ini
C:\WINDOWS\system32\tcecreer.ini
C:\WINDOWS\system32\tdwjuhba.ini
C:\WINDOWS\system32\tthlccou.ini
C:\WINDOWS\system32\vexnjjpj.ini
C:\WINDOWS\system32\wqvpfgxw.ini
C:\WINDOWS\system32\xchqoame.ini
C:\WINDOWS\system32\xorohqel.ini
C:\WINDOWS\system32\yrhtflmr.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-12 15:30 . 2008-03-12 15:30 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-07 20:35 . 2008-03-07 20:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-03-07 20:28 . 2008-03-07 20:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 20:28 . 2008-03-07 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-04 00:38 . 2008-03-16 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 00:38 . 2008-03-08 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Program Files\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-24 14:28 . 2008-01-04 21:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-24 14:28 . 2008-01-04 21:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-24 14:28 . 2008-01-04 21:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-24 14:28 . 2008-01-04 21:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-24 14:28 . 2008-01-04 21:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-24 14:23 . 2008-02-24 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-24 12:32 . 2008-02-24 12:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-17 23:30 . 2008-02-17 23:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 00:20 --------- d-----w C:\Program Files\Steam
2008-03-17 00:20 --------- d-----w C:\Program Files\AIM6
2008-03-17 00:20 --------- d-----w C:\Program Files\AIM
2008-03-17 00:13 --------- d-----w C:\Program Files\QuickTime
2008-03-17 00:13 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-03-17 00:13 --------- d-----w C:\Program Files\iTunes
2008-03-17 00:13 --------- d-----w C:\Program Files\AIM95
2008-03-17 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 16:55 --------- d-----w C:\Program Files\Viewpoint
2008-03-08 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-08 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-04 02:59 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-02-27 21:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-02-27 20:41 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-24 17:49 --------- d-----w C:\Program Files\Sonic
2008-02-24 15:08 --------- d-----w C:\Program Files\iPod
2008-02-17 03:07 --------- d-----w C:\Program Files\XviD
2008-02-17 02:56 --------- d-----w C:\Program Files\AVI MPEG Video Converter
2008-02-13 01:23 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-02-11 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 05:58 --------- d-----w C:\Program Files\Trend Micro
2008-02-09 07:14 4,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-09 07:14 2,684 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 07:14 137,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 07:14 1,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-09 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 03:34 --------- d-----w C:\Program Files\Common Files\Command Software
2008-02-09 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-09 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 21:20 --------- d-----w C:\Program Files\Java
2008-02-08 20:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-08 02:43 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 02:23 --------- d-----w C:\Program Files\Google
2008-01-26 21:21 --------- d-----w C:\Program Files\World of Warcraft
2008-01-26 01:30 --------- d-----w C:\Program Files\7-Zip
2008-01-02 19:44 3,029,431 ----a-w C:\steam.exe
2007-12-20 21:51 242,136 ----a-w C:\WINDOWS\is.exe
2007-12-19 21:05 559,062 ----a-w C:\WINDOWS\zasss.exe
2007-12-19 21:02 559,062 ----a-w C:\WINDOWS\zass.exe
2007-12-19 21:01 559,062 ----a-w C:\WINDOWS\zas2.exe
2007-12-19 20:55 559,062 ----a-w C:\WINDOWS\zas.exe
2007-10-02 18:51 2,674,688 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\Steam.dll
2006-10-01 21:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

<pre>
----a-w         5,367,664 2008-03-08 05:20:42  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-05 22:08 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 23:46 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-08 01:20 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-22 11:39:49 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\bboywu123@hotmail.com\\counter-strike\\hl.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 20:20:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-16 20:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 00:24:21
ComboFix2.txt 2008-03-08 05:54:52
.
2008-03-12 19:30:21 --- E O F ---

Eset log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2950 (20080316)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=cf051677e5a9c243b3b549feb35066a2
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-03-17 08:13:53
# local_time=2008-03-17 04:13:53 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=465340
# found=64
# scan_time=70744
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\TuneUp Utilities 2007 + keygen\Keygen.exe probably a variant of Win32/IRCBot trojan F19E36FD1CC19C74FC792C137A2A87E1
C:\Documents and Settings\Compaq_Owner\My Documents\Downloads\TuneUp Utilities 2007 + keygen\Keygen.exe »RAR »Loader.exe probably a variant of Win32/IRCBot trojan 00000000000000000000000000000000
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe1175891165 Win32/TrojanDownloader.Agent.AWF trojan CC2A9E0EECC74F83CFD7ACE6B259020C
C:\Program Files\QuickTime\QTTask.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-03-08_ 04917.14.zip Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\catchme2008-03-08_ 04917.14.zip »ZIP »SpySweeperUI.exe Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\22.exe.vir Win32/TrojanDownloader.Small.IAW trojan 66061F51C9DB08A88A239CE666EB4AE1
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\iTunes\iTunesHelper.exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\Program Files\QuickTime\QTTask .exe.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\ddaaab.dll.vir a variant of Win32/Adware.Virtumonde application 62C9D67737E375E9A3C43958C334CF17
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1285.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\CROSOF~1.NET\j?vaw.exe.vir a variant of Win32/Adware.PurityScan application C46319BA626C4E85C048B619C651C125
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe.vir Win32/Adware.WinFixer application 75B7AE455149FB627E19FF5AC66136FF
C:\QooBox\Quarantine\C\WINDOWS\STEM~1\rundll32.exe.vir Win32/TrojanDownloader.PurityScan.CX trojan 6218EE8593007B35E6691411ED887CD8
C:\QooBox\Quarantine\C\WINDOWS\system32\alqywqkh.dll.vir Win32/Adware.Virtumonde application 2F392259415632B60D72A723BE97FE29
C:\QooBox\Quarantine\C\WINDOWS\system32\avfliqwm.dll.vir Win32/Adware.Virtumonde application CAC24EA43B647FCA46EFD9B0E32C9CA2
C:\QooBox\Quarantine\C\WINDOWS\system32\baayyhkj.dll.vir Win32/Adware.Virtumonde application 23F2783C3F86F198437DD0DCDB0C880B
C:\QooBox\Quarantine\C\WINDOWS\system32\cfqrmtbo.dll.vir Win32/Adware.Virtumonde application 395A2365D7BD1EE9ED1419673FD02ECC
C:\QooBox\Quarantine\C\WINDOWS\system32\ctfmon.exe.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\dvifotjb.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\erdgvdxe.dll.vir Win32/Adware.Virtumonde application 8DCA75B7905A5362A3C155913BDBF25D
C:\QooBox\Quarantine\C\WINDOWS\system32\evndcvcm.dll.vir Win32/BHO.NCC trojan B72E5E2C03D1C5F3D2AB14CD71387DE3
C:\QooBox\Quarantine\C\WINDOWS\system32\faypimal.dll.vir Win32/BHO.NCC trojan 50B02319E0E97C8F5E67C0BC9950541A
C:\QooBox\Quarantine\C\WINDOWS\system32\glyraphp.dll.vir Win32/BHO.NCC trojan BA2AAFD6CD5F14DB1B4F612C6C74CA9E
C:\QooBox\Quarantine\C\WINDOWS\system32\grpwxodq.dll.vir Win32/BHO.NCC trojan 233BF53133289255837C857A6E49542B
C:\QooBox\Quarantine\C\WINDOWS\system32\hpxgbwth.dll.vir Win32/BHO.NCC trojan 50B02319E0E97C8F5E67C0BC9950541A
C:\QooBox\Quarantine\C\WINDOWS\system32\ivjcswrs.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\iwwfkjdv.dll.vir Win32/Adware.Virtumonde application 23F2783C3F86F198437DD0DCDB0C880B
C:\QooBox\Quarantine\C\WINDOWS\system32\jipjcufq.dll.vir Win32/Adware.Virtumonde application 158644BAE826A56445C708A8A4AF7061
C:\QooBox\Quarantine\C\WINDOWS\system32\luflcnyc.dll.vir Win32/BHO.NCC trojan 233BF53133289255837C857A6E49542B
C:\QooBox\Quarantine\C\WINDOWS\system32\maogjxyx.dll.vir Win32/Adware.Virtumonde application 90DE8B558E1A49FDAA10813E2A576238
C:\QooBox\Quarantine\C\WINDOWS\system32\mrtkaeaw.dll.vir Win32/Adware.Virtumonde application 23F2783C3F86F198437DD0DCDB0C880B
C:\QooBox\Quarantine\C\WINDOWS\system32\nvktngwg.dll.vir Win32/Adware.Virtumonde application BD64C0C5EC7FC9B74069F34AEA36C73B
C:\QooBox\Quarantine\C\WINDOWS\system32\nyossclw.dll.vir Win32/Adware.Virtumonde application 395A2365D7BD1EE9ED1419673FD02ECC
C:\QooBox\Quarantine\C\WINDOWS\system32\otwgsawm.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\pihkcnjr.dll.vir Win32/Adware.Virtumonde application E9046DD8F0B41A1EAA8F01C670DC2DC8
C:\QooBox\Quarantine\C\WINDOWS\system32\pyyobvbc.dll.vir Win32/Adware.Virtumonde application 4FE20657273CB08A6F122DD8FC70FDB6
C:\QooBox\Quarantine\C\WINDOWS\system32\qqxqefbe.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX3E.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX41.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX44.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX4B.tmp.vir Win32/TrojanDropper.Agent.DGO virus 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\rgeaayhf.dll.vir Win32/BHO.NCC trojan C07C0EC91D1135F832B5096730F732CA
C:\QooBox\Quarantine\C\WINDOWS\system32\rytpmmwj.dll.vir Win32/Adware.Virtumonde application F49336BA2A1B7B888ECEA6CBABD27DBB
C:\QooBox\Quarantine\C\WINDOWS\system32\system.exe.vir a variant of Win32/Rbot trojan 76B26527E2F56F4A59E59493D0E3EF84
C:\QooBox\Quarantine\C\WINDOWS\system32\thylfnwu.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\ufrftlgk.dll.vir Win32/Adware.Virtumonde application F49336BA2A1B7B888ECEA6CBABD27DBB
C:\QooBox\Quarantine\C\WINDOWS\system32\uogjvymh.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\uwvsluhw.dll.vir Win32/BHO.NCC trojan ED2A95C061EB39E67956DFF9DCD69C53
C:\QooBox\Quarantine\C\WINDOWS\system32\widgskub.dll.vir Win32/BHO.NCC trojan D8935EEE0D775EEA5F9D79C589665B71
C:\QooBox\Quarantine\C\WINDOWS\system32\wpyrdevm.dll.vir Win32/Adware.SecToolbar application 0A1AE5EA30870419BDA034591D06E135
C:\QooBox\Quarantine\C\WINDOWS\system32\xdpjllhy.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\xdqrprov.dll.vir Win32/Adware.AdMedia application 80C11B78524CC2563049CE02FD4A796A
C:\QooBox\Quarantine\C\WINDOWS\system32\xwuhxxny.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\ylumvmjs.dll.vir Win32/Adware.AdMedia application CF0A0D83ED7D9248B0066839E767BDE3
C:\QooBox\Quarantine\C\WINDOWS\system32\yudjrchd.dll.vir Win32/BHO.NCC trojan 233BF53133289255837C857A6E49542B
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc57.8\VirusProtect 3.8.exe Win32/Adware.VirusProtectPro application 9FEE3C104C96AB567E84B9F56D3731A5
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\crap.1191449408.old probably a variant of Win32/TrojanDropper.Agent trojan 6FAB1437EE102254F4009FD0726424B9
C:\RECYCLER\S-1-5-21-3874938436-2547159655-1528358104-1009\Dc67\bin\crap.1192575766.old probably a variant of Win32/TrojanClicker.Agent trojan C1EE9137236415676CB5992DC0DB82ED
C:\WINDOWS\wkssvr.exe probably a variant of Win32/IRCBot trojan 39D05436D9F485897F8EEE46CCBF0F6C
C:\WINDOWS\Downloaded Program Files\amm06.ocx probably a variant of Win32/Adware.Agent application 9A2BDD7E97C9F1272208B385C40AB180
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D08M0404NetInstaller.exe Win32/Adware.WinFixer application 75B7AE455149FB627E19FF5AC66136FF

HJT log:

ComboFix 08-03-14.4 - Compaq_Owner 2008-03-16 20:14:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -4:00]
Running from: C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\22.exe
C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
C:\is9.exe
C:\WINDOWS\mrofinu1285.exe.tmp
C:\WINDOWS\system32\bmttocru.ini
C:\WINDOWS\system32\csiuloni.ini
C:\WINDOWS\system32\emcbsbik.ini
C:\WINDOWS\system32\enldmlcr.ini
C:\WINDOWS\system32\ikrvtjmh.ini
C:\WINDOWS\system32\jgyqprlr.ini
C:\WINDOWS\system32\kfjnncvu.ini
C:\WINDOWS\system32\nhrmnthc.ini
C:\WINDOWS\system32\ntcpimka.ini
C:\WINDOWS\system32\pprkuifl.ini
C:\WINDOWS\system32\pqpcnvbh.ini
C:\WINDOWS\system32\qurpshjd.ini
C:\WINDOWS\system32\rbkugrmv.ini
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\rxfdbuje.ini
C:\WINDOWS\system32\sroikmrx.ini
C:\WINDOWS\system32\tcecreer.ini
C:\WINDOWS\system32\tdwjuhba.ini
C:\WINDOWS\system32\tthlccou.ini
C:\WINDOWS\system32\vexnjjpj.ini
C:\WINDOWS\system32\wqvpfgxw.ini
C:\WINDOWS\system32\xchqoame.ini
C:\WINDOWS\system32\xorohqel.ini
C:\WINDOWS\system32\yrhtflmr.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\22.exe
C:\Documents and Settings\All Users\Application Data\SalesMon
C:\Documents and Settings\Compaq_Owner\Application Data\sx.exe
C:\Documents and Settings\Compaq_Owner\err.log
C:\is9.exe
C:\Program Files\WildTangent
C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\def.dat
C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\def.dat
C:\Program Files\WildTangent\Apps\hpuninstall.exe
C:\Program Files\WildTangent\Apps\icon.ico
C:\Program Files\WildTangent\Apps\lic.exe
C:\Program Files\WildTangent\Apps\onplay.exe
C:\Program Files\WildTangent\Apps\sm_contests.ico
C:\Program Files\WildTangent\Apps\sm_wildboards.ico
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe
C:\WINDOWS\mrofinu1285.exe.tmp
C:\WINDOWS\system32\bmttocru.ini
C:\WINDOWS\system32\csiuloni.ini
C:\WINDOWS\system32\emcbsbik.ini
C:\WINDOWS\system32\enldmlcr.ini
C:\WINDOWS\system32\ikrvtjmh.ini
C:\WINDOWS\system32\jgyqprlr.ini
C:\WINDOWS\system32\kfjnncvu.ini
C:\WINDOWS\system32\nhrmnthc.ini
C:\WINDOWS\system32\ntcpimka.ini
C:\WINDOWS\system32\pprkuifl.ini
C:\WINDOWS\system32\pqpcnvbh.ini
C:\WINDOWS\system32\qurpshjd.ini
C:\WINDOWS\system32\rbkugrmv.ini
C:\WINDOWS\system32\RCX3E.tmp
C:\WINDOWS\system32\RCX41.tmp
C:\WINDOWS\system32\RCX44.tmp
C:\WINDOWS\system32\RCX4B.tmp
C:\WINDOWS\system32\rxfdbuje.ini
C:\WINDOWS\system32\sroikmrx.ini
C:\WINDOWS\system32\tcecreer.ini
C:\WINDOWS\system32\tdwjuhba.ini
C:\WINDOWS\system32\tthlccou.ini
C:\WINDOWS\system32\vexnjjpj.ini
C:\WINDOWS\system32\wqvpfgxw.ini
C:\WINDOWS\system32\xchqoame.ini
C:\WINDOWS\system32\xorohqel.ini
C:\WINDOWS\system32\yrhtflmr.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

2008-03-12 15:30 . 2008-03-12 15:30 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-07 20:35 . 2008-03-07 20:35 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Malwarebytes
2008-03-07 20:28 . 2008-03-07 20:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-07 20:28 . 2008-03-07 20:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-04 00:38 . 2008-03-16 20:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 00:38 . 2008-03-08 10:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Program Files\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\Compaq_Owner\Application Data\Webroot
2008-02-24 14:28 . 2008-02-24 14:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-02-24 14:28 . 2008-01-04 21:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-02-24 14:28 . 2008-01-04 21:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-02-24 14:28 . 2008-01-04 21:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-02-24 14:28 . 2008-01-04 21:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-02-24 14:28 . 2008-01-04 21:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-02-24 14:23 . 2008-02-24 14:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-02-24 12:32 . 2008-02-24 12:32 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-17 23:30 . 2008-02-17 23:30 <DIR> d-------- C:\WINDOWS\.jagex_cache_32

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 00:20 --------- d-----w C:\Program Files\Steam
2008-03-17 00:20 --------- d-----w C:\Program Files\AIM6
2008-03-17 00:20 --------- d-----w C:\Program Files\AIM
2008-03-17 00:13 --------- d-----w C:\Program Files\QuickTime
2008-03-17 00:13 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
2008-03-17 00:13 --------- d-----w C:\Program Files\iTunes
2008-03-17 00:13 --------- d-----w C:\Program Files\AIM95
2008-03-17 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 16:55 --------- d-----w C:\Program Files\Viewpoint
2008-03-08 16:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-08 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-03-04 02:59 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\uTorrent
2008-02-27 21:08 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\AdobeUM
2008-02-27 20:41 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-02-24 17:49 --------- d-----w C:\Program Files\Sonic
2008-02-24 15:08 --------- d-----w C:\Program Files\iPod
2008-02-17 03:07 --------- d-----w C:\Program Files\XviD
2008-02-17 02:56 --------- d-----w C:\Program Files\AVI MPEG Video Converter
2008-02-13 01:23 --------- d-----w C:\Documents and Settings\Compaq_Owner\Application Data\Apple Computer
2008-02-11 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-11 05:58 --------- d-----w C:\Program Files\Trend Micro
2008-02-09 07:14 4,128 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-09 07:14 2,684 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-02-09 07:14 137,248 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-09 07:14 1,460 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-02-09 03:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 03:34 --------- d-----w C:\Program Files\Common Files\Command Software
2008-02-09 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-09 00:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-08 21:20 --------- d-----w C:\Program Files\Java
2008-02-08 20:36 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-08 02:43 --------- d-----w C:\Program Files\Apple Software Update
2008-02-08 02:23 --------- d-----w C:\Program Files\Google
2008-01-26 21:21 --------- d-----w C:\Program Files\World of Warcraft
2008-01-26 01:30 --------- d-----w C:\Program Files\7-Zip
2008-01-02 19:44 3,029,431 ----a-w C:\steam.exe
2007-12-20 21:51 242,136 ----a-w C:\WINDOWS\is.exe
2007-12-19 21:05 559,062 ----a-w C:\WINDOWS\zasss.exe
2007-12-19 21:02 559,062 ----a-w C:\WINDOWS\zass.exe
2007-12-19 21:01 559,062 ----a-w C:\WINDOWS\zas2.exe
2007-12-19 20:55 559,062 ----a-w C:\WINDOWS\zas.exe
2007-10-02 18:51 2,674,688 ----a-w C:\Documents and Settings\Compaq_Owner\Application Data\Steam.dll
2006-10-01 21:38 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

<pre>
----a-w         5,367,664 2008-03-08 05:20:42  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-03-05 22:08 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17 50736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrProfiler"="" []
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-25 23:46 185896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-08 01:20 267048]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-02-22 11:39:49 36903]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Steam\\steamapps\\bboywu123@hotmail.com\\counter-strike\\hl.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 20:20:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-16 20:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 00:24:21
ComboFix2.txt 2008-03-08 05:54:52
.
2008-03-12 19:30:21 --- E O F ---