malware removal unknown porcesses in process list under windows task m

Do you have any antivirus programs installed? I don't think I see one installed there.

Uninstall the Java version you have there and install the latest one at:

http://www.java.com/...load/manual.jsp

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. Also if you have any programs that may prevent system changes (like Spybot's TeaTimer program, Ad-aware's Ad-Watch, and others), make sure you disable them before doing any of the fixes (or accept the changes for the fix we give you when asked by the programs).

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.
** You may change the above options back after your log is clean. If we ask you to fix something that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode (if you don't know how, go to http://www.bleepingc...showtutorial=61 ). Make sure to close any internet browsers that may still be open.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe, "C:\windows\system32\M5VBVM60.EXE StartUp"
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp

Download KillBox at http://www.greyknigh...spy/KillBox.exe Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\windows\system32\dllChache\Empty.jpg
C:\windows\system32\dllChache\Blank.doc
C:\windows\system32\dllChache\Zero.txt
C:\windows\system32\dllChache\Hole.zip
C:\windows\system32\dllChache\Unoccupied.reg
C:\WINDOWS\system32\divxsm.exe
C:\windows\system32\M5VBVM60.EXE
C:\AUT0EXEC.BAT
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com

Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.

1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.

Try to run Panda again. Make sure you close your antivirus program before doing this if it gives you problems.

Post a new HijackThis log when ready.

Heres the hijack log and the combo fix log
i still cant load up the panda scan website even with IE browser it auto closes the window and on the firefox browser i get a promt to close the window and it closes automatically when i try to start the scan



ComboFix 07-11-01.1** - Administrator 2007-11-04 18:17:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.873 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\J5SQ7RAE\www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\J5SQ7RAE\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\#SharedObjects\J5SQ7RAE\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Administrator\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol

.
((((((((((((((((((((((((( Files Created from 2007-10-05 to 2007-11-05 )))))))))))))))))))))))))))))))
.

2007-11-04 18:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-03 11:39 34,304 --------- C:\WINDOWS\system32.exe
2007-10-31 05:56 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-10-31 05:50 34,304 --------- C:\WINDOWS\system32\rund1132.exe
2007-10-30 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-30 22:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-30 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-28 01:15 <DIR> d-------- C:\Program Files\FireFly Studios
2007-10-22 07:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2007-10-22 07:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-22 07:32 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-10-22 07:32 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-10-22 07:28 <DIR> d-------- C:\Program Files\Atari
2007-10-22 00:00 616 --a------ C:\WINDOWS\eReg.dat
2007-10-21 23:46 <DIR> d-------- C:\Program Files\EA Games
2007-10-21 11:25 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-10-17 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 23:23 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 21:28 <DIR> dr-hs---- C:\WINDOWS\system32\dllchache
2007-10-17 21:28 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2007-10-17 21:28 1,386,496 -r-hs---- C:\msvbvm60.dll
2007-10-17 21:28 34,304 --------- C:\WINDOWS\system32\dllchache.exe
2007-10-17 06:14 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-05 02:06 --------- d-----w C:\Program Files\hijack
2007-11-05 01:53 --------- d-----w C:\Program Files\Java
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-11-02 20:23 --------- d-----w C:\Program Files\Incomplete
2007-11-02 19:40 --------- d-----w C:\Program Files\LimeWire
2007-11-02 19:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-10-31 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:26 --------- d-----w C:\Program Files\Virtual Villagers 2
2007-10-22 22:54 --------- d-----w C:\Program Files\Cheat Engine
2007-10-22 08:12 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-14 23:40 --------- d-----w C:\Program Files\Zune
2007-10-10 19:09 --------- d-----w C:\Program Files\DivX
2007-10-08 22:39 --------- d-----w C:\Program Files\Azureus
2007-09-28 16:08 156,992 ----a-w C:\windows\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-09-28 16:07 129,784 ----a-w C:\windows\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\windows\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\windows\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\windows\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\windows\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\windows\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-09-25 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-25 06:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-24 04:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2007-09-12 05:54 --------- d-----w C:\Program Files\Diablo
2007-09-12 05:51 --------- d-----w C:\Program Files\BoBaFeTT Diablo Trainer
2007-09-12 05:11 86,528 ----a-w C:\windows\bnetunin.exe
2007-09-12 05:11 61,440 ----a-w C:\windows\diabunin.exe
2007-09-12 05:04 21,840 ----atw C:\windows\system32\SIntfNT.dll
2007-09-12 05:04 17,212 ----atw C:\windows\system32\SIntf32.dll
2007-09-12 05:04 12,067 ----atw C:\windows\system32\SIntf16.dll
2007-09-06 15:18 --------- d-----w C:\Program Files\Helbreath
2007-09-06 07:58 --------- d-----w C:\Program Files\Winamp
2007-08-02 05:10 5,632 --sha-w C:\Program Files\Thumbs.db
2006-09-19 21:21 0 ----a-w C:\Documents and Settings\Administrator\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\WoW-1.10.1.5230-to-0.10.2.5257-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\PTCpatch.exe
2006-03-24 00:14 24,192 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2006-03-24 00:14 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2006-03-18 00:56 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-29 01:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
2004-02-23 19:42:40 1,386,496 --sh--r C:\windows\system32\msvbvm60.dll
2004-02-23 19:42:40 1,386,496 -csh--r C:\windows\system32\dllcache\msvbvm60.dll
2004-02-23 19:42:40 1,386,496 --sh--r C:\windows\system32\dllchache\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-06-19 19:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-03 14:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 09:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 09:53]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 09:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"Blank AntiViri"="C:\AUT0EXEC.BAT StartUp" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 14:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-31 05:50]
"Secure64"="C:\windows\system32\dllcache\Regedit32.com StartUp" []
"Secure32"="C:\windows\system32\dllcache\Shell32.com StartUp" []
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 14:24]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 14:06:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-10-31 05:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R0 stwlfbus;stwlfbus;C:\windows\system32\DRIVERS\stwlfbus.sys
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe"
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\windows\system32\DRIVERS\AN983.sys
R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
R3 st3wolf;st3wolf;C:\windows\system32\DRIVERS\st3wolf.sys
S1 lusbaudio;Logitech USB Microphone;C:\windows\system32\drivers\OVSound2.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\windows\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\windows\system32\Drivers\BW2NDIS5.sys
S3 epozfi;epozfi;\??\C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
S3 mKernel;mKernel;\??\C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
S3 QCAbsee;Logitech QuickCam Web (0801);C:\windows\system32\DRIVERS\OVCA.sys
S3 zenos1;zenos1;\??\C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]
\Shell\AutoRun\command - S:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{061a5693-d6bb-11da-a043-000d87843cee}]
\Shell\AutoRun\command - S:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08892b54-69db-11da-aa0d-000d87843cee}]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08892b55-69db-11da-aa0d-000d87843cee}]
\Shell\AutoRun\command - L:\suppress_explorer.exe

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 18:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-04 18:23:49
C:\ComboFix2.txt ... 2006-12-03 13:42
C:\ComboFix3.txt ... 2006-09-23 22:52
.
--- E O F ---



Logfile of HijackThis v1.99.1
Scan saved at 6:26:53 PM, on 11/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\windows\System32\NOTEPAD.EXE
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\hijack\show.exe

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Edited by archiep, 04 November 2007 - 08:33 PM.

Check and fix these in HijackThis again:

O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp

Delete these:

dllchache - careful on the spelling here as there is a legit folder called dllcache
dllchache.exe

Run KillBox and check the box that says End Explorer Shell While Killing File. Next click on Delete on Reboot. Select the below lines. Right click on them once all are selected and choose Copy:

C:\WINDOWS\system32.exe
C:\WINDOWS\system32\rund1132.exe
C:\WINDOWS\patchw32.dll
C:\AUT0EXEC.BAT StartUp
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com

Go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes. If you get a PendingOperations message, just close it and restart your computer manually.

Run a new combofix scan and post the log here along with a new HijackThis log.

How is the computer running so far?

Logfile of HijackThis v1.99.1
Scan saved at 5:10:42 PM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\dllChache\Empty.jpg
C:\windows\system32\dllChache\Blank.doc
C:\windows\system32\dllChache\Zero.txt
C:\windows\system32\dllChache\Hole.zip
C:\windows\system32\dllChache\Unoccupied.reg
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijack\show.exe

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe, "C:\windows\system32\M5VBVM60.EXE StartUp"
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

heres the log after i rebotted and what not i still cnat load up panda scan on the site

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Secure64"=-
"Secure32"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

1. Download The Avenger (http://swandog46.gee...com/avenger.zip) to your Desktop and unzip/extract it.

2. Copy all the below text in bold contained in the quotebox below to a blank notepad file:

Files to delete:
C:\windows\system32\M5VBVM60.EXE
C:\WINDOWS\system32.exe
C:\WINDOWS\system32\rund1132.exe
C:\WINDOWS\patchw32.dll
C:\AUT0EXEC.BAT
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
C:\windows\system32\dllchache.exe

Folders to delete:
C:\windows\system32\dllChache\

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Blank AntiViri

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Start The Avenger program from your desktop.
- Under 'Script file to execute', choose 'Input Script Manually'.
- Click on the Magnifying Glass icon which will open a new window titled 'View/edit script'.
- Paste the text you copied to the notepad earlier into this window.
- Click Done.
- Now click on the Green Light to begin execution of the script.
- Answer 'Yes' twice when prompted.

4. The Avenger will automatically do the following:
- Restart your computer. In cases where the code to execute contains 'Drivers to Unload', The Avenger will actually restart your system twice.
- On reboot, it briefly opens a black command window on your desktop. This is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Copy and paste all the contents of avenger.txt into your reply along with a new HijackThis log.

umm i did the regedit but the avenger software wont auto reboot i tried to reboot after inputting the data in the mag. glass and running it but it wont reboot automatically so any ways i rebooted it manually after i clicked on go but no thing happened after that

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Blank AntiViri"=-

Save the file as "delete.reg". Make sure to save it with the quotes. Close Notepad. Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\windows\system32\M5VBVM60.EXE
C:\WINDOWS\system32.exe
C:\WINDOWS\system32\rund1132.exe
C:\WINDOWS\patchw32.dll
C:\AUT0EXEC.BAT
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
C:\windows\system32\dllchache.exe

Folder::
C:\windows\system32\dllChache\

Save this as CFScript.txt



Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Heres the Combofix log after reboot



ComboFix 07-11-01.1** - Administrator 2007-11-07 22:09:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.765 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\AUT0EXEC.BAT
C:\WINDOWS\patchw32.dll
C:\WINDOWS\system32.exe
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
C:\windows\system32\dllchache.exe
C:\windows\system32\M5VBVM60.EXE
C:\WINDOWS\system32\rund1132.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\AUT0EXEC.BAT
C:\WINDOWS\system32.exe
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
C:\windows\system32\dllchache.exe
C:\windows\system32\dllChache\
C:\windows\system32\dllChache\\Blank.doc
C:\windows\system32\dllChache\\Empty.jpg
C:\windows\system32\dllChache\\Hole.zip
C:\windows\system32\dllChache\\msvbvm60.dll
C:\windows\system32\dllChache\\Unoccupied.reg
C:\windows\system32\dllChache\\Zero.txt
C:\windows\system32\M5VBVM60.EXE
C:\WINDOWS\system32\rund1132.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-06 18:27 408 --a------ C:\avexport.bat
2007-11-05 22:20 34,304 --------- C:\Documents and Settings\Administrator\New Folder.exe
2007-11-04 18:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 05:56 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-10-30 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-30 22:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-30 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-28 01:15 <DIR> d-------- C:\Program Files\FireFly Studios
2007-10-22 07:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2007-10-22 07:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-22 07:32 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-10-22 07:28 <DIR> d-------- C:\Program Files\Atari
2007-10-22 00:00 616 --a------ C:\WINDOWS\eReg.dat
2007-10-21 23:46 <DIR> d-------- C:\Program Files\EA Games
2007-10-21 11:25 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-10-17 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 23:23 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 21:28 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2007-10-17 21:28 1,386,496 -r-hs---- C:\msvbvm60.dll
2007-10-17 06:14 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 23:07 --------- d-----w C:\Program Files\Incomplete
2007-11-07 22:48 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-07 19:54 --------- d-----w C:\Program Files\LimeWire
2007-11-06 14:41 --------- d-----w C:\Program Files\hijack
2007-11-05 01:53 --------- d-----w C:\Program Files\Java
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-10-31 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:26 --------- d-----w C:\Program Files\Virtual Villagers 2
2007-10-22 22:54 --------- d-----w C:\Program Files\Cheat Engine
2007-10-22 08:12 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-14 23:40 --------- d-----w C:\Program Files\Zune
2007-10-10 19:09 --------- d-----w C:\Program Files\DivX
2007-10-08 22:39 --------- d-----w C:\Program Files\Azureus
2007-09-28 16:08 156,992 ----a-w C:\windows\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-09-28 16:07 129,784 ----a-w C:\windows\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\windows\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\windows\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\windows\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\windows\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\windows\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-09-25 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-25 06:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-24 04:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2007-09-12 05:54 --------- d-----w C:\Program Files\Diablo
2007-09-12 05:51 --------- d-----w C:\Program Files\BoBaFeTT Diablo Trainer
2007-09-12 05:11 86,528 ----a-w C:\windows\bnetunin.exe
2007-09-12 05:11 61,440 ----a-w C:\windows\diabunin.exe
2007-09-12 05:04 21,840 ----atw C:\windows\system32\SIntfNT.dll
2007-09-12 05:04 17,212 ----atw C:\windows\system32\SIntf32.dll
2007-09-12 05:04 12,067 ----atw C:\windows\system32\SIntf16.dll
2007-08-02 05:10 5,632 --sha-w C:\Program Files\Thumbs.db
2006-09-19 21:21 0 ----a-w C:\Documents and Settings\Administrator\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\WoW-1.10.1.5230-to-0.10.2.5257-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\PTCpatch.exe
2006-03-24 00:14 24,192 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2006-03-24 00:14 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2006-03-18 00:56 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-29 01:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
2004-02-23 19:42:40 1,386,496 --sh--r C:\windows\system32\msvbvm60.dll
2004-02-23 19:42:40 1,386,496 -csh--r C:\windows\system32\dllcache\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-06-19 19:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-03 14:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 09:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 09:53]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 09:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"Blank AntiViri"="C:\AUT0EXEC.BAT StartUp" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Secure64"="C:\windows\system32\dllcache\Regedit32.com StartUp" []
"Secure32"="C:\windows\system32\dllcache\Shell32.com StartUp" []
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 12:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 14:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-31 05:50]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 14:24]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 14:06:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-10-31 05:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R0 stwlfbus;stwlfbus;C:\windows\system32\DRIVERS\stwlfbus.sys
R2 EarthLinkMonitor;EarthLink Monitor Service;"C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe"
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\windows\system32\DRIVERS\AN983.sys
R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
R3 st3wolf;st3wolf;C:\windows\system32\DRIVERS\st3wolf.sys
S1 lusbaudio;Logitech USB Microphone;C:\windows\system32\drivers\OVSound2.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\windows\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\windows\system32\Drivers\BW2NDIS5.sys
S3 epozfi;epozfi;\??\C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
S3 mKernel;mKernel;\??\C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
S3 QCAbsee;Logitech QuickCam Web (0801);C:\windows\system32\DRIVERS\OVCA.sys
S3 zenos1;zenos1;\??\C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]
\Shell\AutoRun\command - S:\Autorun.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-07 22:25:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-07 22:27:52 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-04 18:23
C:\ComboFix3.txt ... 2006-12-03 13:42
.
--- E O F ---


heres the Hijack log



Logfile of HijackThis v1.99.1
Scan saved at 10:34:43 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\windows\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\windows\system32\svchost.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\windows\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\windows\System32\NOTEPAD.EXE
C:\windows\System32\NOTEPAD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijack\show.exe

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Blank AntiViri] C:\AUT0EXEC.BAT StartUp
O4 - HKCU\..\Run: [Secure64] C:\windows\system32\dllcache\Regedit32.com StartUp
O4 - HKCU\..\Run: [Secure32] C:\windows\system32\dllcache\Shell32.com StartUp
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

I dont know if this is normal on reboot but like after the Combofix rebooted my computer 2 Notepad applications opened and heres whats on the note pad


[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

both notepad contained that text inside and the file is called desktop

I see several "hack" tools that you might be using. These mods can be legitimate but then again, I have seen cases where they were fakes and actually wreaked havoc on systems. One of these tools I see in your log is for Diablo. I will be asking you to remove it. Just wanted to let you know in case you tried to use it later and find out it's gone.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\avexport.bat
C:\Documents and Settings\Administrator\New Folder.exe
C:\windows\bnetunin.exe
C:\windows\diabunin.exe
C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys
C:\AUT0EXEC.BAT
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com

Folder::
C:\Program Files\Diablo
C:\Program Files\BoBaFeTT Diablo Trainer

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Blank AntiViri"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Secure64"=-
"Secure32"=-

Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post a new HijackThis log here.

ComboFix 07-11-01.1** - Administrator 2007-11-08 21:56:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.747 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\AUT0EXEC.BAT
C:\avexport.bat
C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys
C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
C:\Documents and Settings\Administrator\New Folder.exe
C:\windows\bnetunin.exe
C:\windows\diabunin.exe
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\avexport.bat
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys
C:\Documents and Settings\Administrator\New Folder.exe
C:\Program Files\BoBaFeTT Diablo Trainer
C:\Program Files\BoBaFeTT Diablo Trainer\Amber Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulet of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulet of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet of harmony 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet of harmony.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet of the stars 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amber Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of accuracy 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of accuracy 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of accuracy.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of balance.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of brilliance 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of brilliance 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of brilliance 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of brilliance 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of brilliance.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of health.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of health.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 6.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 8.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of life.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of magic 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of magic 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of magic 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of magic.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of might 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of might 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of might 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of might.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 8.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of perfection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of power 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of power 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of power 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of power 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of power.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of precision.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of radiance.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of skill 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of skill 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of skill 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of skill.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of sorcery.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of stability.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the eagle.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the fox 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the fox.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the heavens 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the heavens 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the heavens 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the jaguar 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the mind.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the moon 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the sky 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the sky 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the sky.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the stars 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the stars 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the stars 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the stars 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger 6.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the tiger.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the zodiac 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of the zodiac.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of thieves.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of titans 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of titans 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of titans 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of titans.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vim 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vim.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vitality 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of vitality 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 8.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of wizardry.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of zest 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of zest 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of zest 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of zest 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Amulet of zest.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet 10.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet of the sky 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet of the wolf 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet of the wolf 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Azure Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Blue Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Blue Amulet of the sky 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Blue Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Bronze Amulet of the fox 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Bronze Amulet of the fox.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of giants 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of giants 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of perfection 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of sorcery 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of the wolf 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of wizardry 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of wizardry 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of wizardry 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet of wizardry 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Cobalt Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet 11.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet 15.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of might 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of might.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of radiance 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of radiance.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of vigor 17.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crimson Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet 6.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Crystal Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet of the tiger 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet of the tiger 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet of wizardry 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet of wizardry.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Diamond Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Dragon's Amulet 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Dragon's Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Dragon's Amulet 6.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Dragon's Amulet 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Dragon's Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of giants 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of giants.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of the wolf 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of titans 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of titans.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of vigor 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Drake's Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet of sorcery 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet of wizardry 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Garnet Amulet of wizardry.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet of the stars 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Gold Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet of health 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet of health.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet of the mind 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Iron Amulet of the mind.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet of life 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet of life.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet of perfection 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet of perfection 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet of perfection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ivory Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Jade Amulet 10.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Jade Amulet of the tiger 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Jade Amulet of the tiger.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Jade Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet of precision 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet of sorcery 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet of wizardry 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet of wizardry.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Lapis Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of harmony 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of precision 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of precision.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of sorcery 7.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of the zodiac 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of the zodiac.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet of vigor 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Obsidian Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet 9.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet of power 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet of power.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet of the eagle 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet of the eagle.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Pearl Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Raven's Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Red Amulet of the sky 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Red Amulet of the sky.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ruby Amulet 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ruby Amulet 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ruby Amulet of vigor 6.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ruby Amulet of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Ruby Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet 7.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Sapphire Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 4.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 8.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet 9.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet of life 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet of life.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet of the lion 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet of wizardry 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet of wizardry.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Serpent's Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of power 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of radiance 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of radiance 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of radiance.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of the jaguar 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of the wolf 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Silver Amulet of thieves 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Snake's Amulet 10.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Snake's Amulet 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Snake's Amulet of accuracy 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Snake's Amulet of accuracy.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Snake's Amulet.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet of accuracy 5.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet of accuracy.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet of the eagle 3.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet of the mind 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Steel Amulet.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Topaz Amulet 5.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\Topaz Amulet of brilliance 4.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\White Amulet 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\White Amulet of might 8.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\White Amulet of might.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\White Amulet of zest 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Amulets\White Amulet of zest.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Anvil of Fury.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Arkaine's Valor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of brilliance.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of might.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of power.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the ages.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the stars 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the tiger.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Armor of the whale.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Armor of osmosis.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Armor of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Armor of the wolf.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Armor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Mail of harmony.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Mail of osmosis.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Mail of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Mail of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Plate 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Plate 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Plate of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Awesome Robe of osmosis.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Mail of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Blessed Plate of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Cape of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Cobalt Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Crimson Mail.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Crimson Plate of structure.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Crimson Plate of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Diamond Mail of the whale.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Diamond Plate of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Garnet Cloak.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Garnet Plate of deflection.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Armor of the eagle.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Cloak of absorption.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Plate of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Plate of thieves.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Plate of vim.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Glorious Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Armor of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Armor of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Armor of the whale.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Armor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Cloak of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Cloak of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Cloak.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Rags of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Rags of the whale.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Godly Robe of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Grand Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Armor of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Armor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Chain Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Mail of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Plate Mail.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Ring Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Scale Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Holy Splint Mail.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ivory Plate of deflection 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ivory Plate of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Armor of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Cape of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Field Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Plate of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Plate of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Jade Scale Mail.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Lapis Armor of precision.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Lapis Mail of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Lapis Plate of sorcery.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Lapis Plate of the wolf.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of brilliance 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of brilliance.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of osmosis 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of osmosis.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of precision.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of radiance.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the eagle 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the eagle.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the mammoth 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the mammoth 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the mammoth.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the tiger 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the tiger.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the whale 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the whale 2.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the whale 3.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of the whale.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of trouble.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Mail of vim.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Armor of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Cape of giants.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Mail of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Mail of precision.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Mail of the tiger.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Plate of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Obsidian Plate of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of deflection.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of giants 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of giants.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of harmony.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the ages.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the lion 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the mammoth 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the mammoth 2.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the tiger.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the whale 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the whale.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of the wolf 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Plate of vigor 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Robe of osmosis.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Robe of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Robe of the mammoth.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ruby Armor of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ruby Armor of the whale.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ruby Plate of precision.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Ruby Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Armor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Mail of deflection.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Mail of sorcery.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Mail of the lion.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Mail of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Mail of the tiger.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate of giants 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate of the tiger.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Saintly Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Sapphire Armor of the whale.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Sapphire Mail of the mammoth.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Sapphire Plate of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor\Valiant Mail of power.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Amber Plate of the eagle.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Amber Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Awesome Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Awesome Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Blessed Plate of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Blessed Plate of vigor.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Blessed Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crimson Plate of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crimson Plate of sorcery.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crimson Plate of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crimson Plate of the tiger 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crystal Plate of deflection.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Crystal Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Diamond Plate of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Garnet Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Grand Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Ivory Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Ivory Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Jade Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Lapis Plate of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Obsidian Plate.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of absorption.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of deflection.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of giants.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of harmony.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of power.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of precision.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of protection.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of sorcery.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of stability.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the fox.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the lion.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the moon.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the tiger.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Plate of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Ruby Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Saintly Plate of the wolf.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Saintly Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Sapphire Plate of sorcery.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Sapphire Plate of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Armor_FullPlate\Sapphire Plate.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\ArtemisV109.dat
C:\Program Files\BoBaFeTT Diablo Trainer\Awesome Plate of precision.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axe of titans.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of accuracy.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of accuracy.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of blood.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of carnage.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of gore 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of gore.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of haste.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of illness.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of skill.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of slaughter 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of slaughter.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of the heavens 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of the heavens.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of the stars 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of the stars.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of the stars.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of titans 1.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of titans.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of titans.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of zest.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Axe of zest.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Brutal Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Champion's Axe of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Champion's Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Crimson Axe of structure.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Crimson Axe of titans.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Diamond Axe of slaughter.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Diamond Axe of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Axe of blood.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Axe of gore.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Axe of slaying.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Axe of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Great Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Great Axe.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\King's Small Axe.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Knight's Axe of precision.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Knight's Axe of speed.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Knight's Axe of titans.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Knight's Axe.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Lapis Axe of accuracy.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Lightning Axe of slaying.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Lord's Axe of vigor.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Lord's Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Master's Axe of vampires.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Merciless Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Obsidian Axe of speed.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Obsidian Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruby Axe of haste.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruthless Axe of carnage.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruthless Axe of carnage.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruthless Axe of gore.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruthless Axe of the ages.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Ruthless Axe of the heavens.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Savage Axe of titans.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Strange Axe of the ages.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Strange Axe.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Topaz Axe of slaying.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Weird Axe of carnage.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Axes\Weird Axe of haste.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Amulet of illness.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Amulet of pain.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Amulet of the vulture 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Amulet of the vulture.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Armor of the pit.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Armor of trouble.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Axe of brittleness.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Axe of paralysis.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Axe of the dark.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Axe of trouble.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bent Bow.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bent Large Axe.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bent Sword of magic.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Blue Blade of corruption.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Blue Cloak of the fool.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of frailty.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of illness.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of paralysis 1.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of paralysis.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of the pit.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of trouble.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bow of weakness.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Brass Bow.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Bronze Ring of disease.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Cap of dyslexia.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Cloak of fragility.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Cloak of pain.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Club of atrophy.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Club of the pit.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Staff of Firebolt.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Staff of Flash.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Staff of Inferno.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Staff of Lightning.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Staff of Town Portal.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Clumsy Sword of paralysis.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Crimson Robe of trouble.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Crown of dyslexia.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Dagger of the dark.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Dagger of the pit.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Dull Staff of Chain Lightning.ITM
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Dull Staff of Charged Bolt.DIE
C:\Program Files\BoBaFeTT Diablo Trainer\Bad\Dull Staff of Firebolt.ITM

Is that combofix log cut off?

Run combofix again and post the log here along with a new HijackThis log.

alright sorry bout that i didnt realize the log was chopped short hehe

ComboFix 07-11-01.1** - Administrator 2007-11-11 1:06:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.752 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE::
C:\AUT0EXEC.BAT
C:\avexport.bat
C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys
C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
C:\Documents and Settings\Administrator\New Folder.exe
C:\windows\bnetunin.exe
C:\windows\diabunin.exe
C:\windows\system32\dllcache\Regedit32.com
C:\windows\system32\dllcache\Shell32.com
.

((((((((((((((((((((((((( Files Created from 2007-10-11 to 2007-11-11 )))))))))))))))))))))))))))))))
.

2007-11-04 18:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 05:56 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-10-30 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-30 22:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-30 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-28 01:15 <DIR> d-------- C:\Program Files\FireFly Studios
2007-10-22 07:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2007-10-22 07:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-22 07:32 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-10-22 07:28 <DIR> d-------- C:\Program Files\Atari
2007-10-22 00:00 616 --a------ C:\WINDOWS\eReg.dat
2007-10-21 23:46 <DIR> d-------- C:\Program Files\EA Games
2007-10-21 11:25 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-10-17 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 23:23 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 21:28 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2007-10-17 21:28 1,386,496 -r-hs---- C:\msvbvm60.dll
2007-10-17 06:14 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 01:50 --------- d-----w C:\Program Files\Incomplete
2007-11-11 00:20 --------- d-----w C:\Program Files\LimeWire
2007-11-10 22:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-09 09:18 --------- d-----w C:\Program Files\hijack
2007-11-05 01:53 --------- d-----w C:\Program Files\Java
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-10-31 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:26 --------- d-----w C:\Program Files\Virtual Villagers 2
2007-10-22 22:54 --------- d-----w C:\Program Files\Cheat Engine
2007-10-22 08:12 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-14 23:40 --------- d-----w C:\Program Files\Zune
2007-10-10 19:09 --------- d-----w C:\Program Files\DivX
2007-10-08 22:39 --------- d-----w C:\Program Files\Azureus
2007-09-28 16:08 156,992 ----a-w C:\windows\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-09-28 16:07 129,784 ----a-w C:\windows\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\windows\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\windows\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\windows\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\windows\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\windows\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-09-25 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-25 06:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-24 04:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2007-09-12 05:04 21,840 ----atw C:\windows\system32\SIntfNT.dll
2007-09-12 05:04 17,212 ----atw C:\windows\system32\SIntf32.dll
2007-09-12 05:04 12,067 ----atw C:\windows\system32\SIntf16.dll
2007-08-02 05:10 5,632 --sha-w C:\Program Files\Thumbs.db
2006-09-19 21:21 0 ----a-w C:\Documents and Settings\Administrator\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\WoW-1.10.1.5230-to-0.10.2.5257-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\PTCpatch.exe
2006-03-24 00:14 24,192 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2006-03-24 00:14 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2006-03-18 00:56 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-29 01:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
2004-02-23 19:42:40 1,386,496 --sh--r C:\windows\system32\msvbvm60.dll
2004-02-23 19:42:40 1,386,496 -csh--r C:\windows\system32\dllcache\msvbvm60.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-06-19 19:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-03 14:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 09:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 09:53]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 09:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 14:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-31 05:50]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 14:24]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 14:06:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-10-31 05:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R0 stwlfbus;stwlfbus;C:\windows\system32\DRIVERS\stwlfbus.sys
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\windows\system32\DRIVERS\AN983.sys
R3 RivaTuner32;RivaTuner32;\??\C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner32.sys
R3 st3wolf;st3wolf;C:\windows\system32\DRIVERS\st3wolf.sys
S1 lusbaudio;Logitech USB Microphone;C:\windows\system32\drivers\OVSound2.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\windows\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\windows\system32\Drivers\BW2NDIS5.sys
S3 epozfi;epozfi;\??\C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
S3 mKernel;mKernel;\??\C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
S3 QCAbsee;Logitech QuickCam Web (0801);C:\windows\system32\DRIVERS\OVCA.sys
S3 zenos1;zenos1;\??\C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]
\Shell\AutoRun\command - S:\Autorun.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 01:10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 1:13:08
C:\ComboFix2.txt ... 2007-11-09 00:21
C:\ComboFix3.txt ... 2007-11-07 22:27
.
--- E O F ---


and heres the hijack

Logfile of HijackThis v1.99.1
Scan saved at 1:14:31 AM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\system32\wscntfy.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\windows\system32\CTHELPER.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\windows\explorer.exe
C:\windows\system32\notepad.exe
C:\Program Files\hijack\show.exe

R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: EarthLink Google Search - res://C:\Program Files\EarthLink TotalAccess\Toolbar\SearchUI.dll/search.html
O8 - Extra context menu item: Open Client to monitor &1 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\windows\web\AOpenClient.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.att.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190602144718
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190602136046
O17 - HKLM\System\CCS\Services\Tcpip\..\{A495B349-F9C1-41DA-97A4-08CF9B44E62D}: NameServer = 64.105.132.250,64.105.166.122
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys

Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

ComboFix 07-11-08.1 - Administrator 2007-11-12 18:00:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.600 [GMT -8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
C:\Documents and Settings\Administrator\My Documents\download\zenosengine\zenos.sys
C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys
.

((((((((((((((((((((((((( Files Created from 2007-10-13 to 2007-11-13 )))))))))))))))))))))))))))))))
.

2007-11-04 18:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-31 05:56 <DIR> d-------- C:\WINDOWS\system32\SuperAdBlocker.com
2007-10-30 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-30 22:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-30 22:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-10-28 01:15 <DIR> d-------- C:\Program Files\FireFly Studios
2007-10-22 07:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Atari
2007-10-22 07:33 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-10-22 07:32 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-10-22 07:28 <DIR> d-------- C:\Program Files\Atari
2007-10-22 00:00 616 --a------ C:\WINDOWS\eReg.dat
2007-10-21 23:46 <DIR> d-------- C:\Program Files\EA Games
2007-10-21 11:25 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-10-17 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 23:23 <DIR> d-------- C:\WINDOWS\pss
2007-10-17 21:28 1,386,496 -r-hsc--- C:\WINDOWS\system32\dllcache\msvbvm60.dll
2007-10-17 21:28 1,386,496 -r-hs---- C:\msvbvm60.dll
2007-10-17 06:14 <DIR> d-------- C:\Program Files\Veoh Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-11 09:14 --------- d-----w C:\Program Files\hijack
2007-11-11 01:50 --------- d-----w C:\Program Files\Incomplete
2007-11-11 00:20 --------- d-----w C:\Program Files\LimeWire
2007-11-10 22:44 --------- d-----w C:\Documents and Settings\Administrator\Application Data\LimeWire
2007-11-05 01:53 --------- d-----w C:\Program Files\Java
2007-11-02 20:54 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Azureus
2007-10-31 06:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-28 09:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-26 16:26 --------- d-----w C:\Program Files\Virtual Villagers 2
2007-10-22 22:54 --------- d-----w C:\Program Files\Cheat Engine
2007-10-22 08:12 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-14 23:40 --------- d-----w C:\Program Files\Zune
2007-10-10 19:09 --------- d-----w C:\Program Files\DivX
2007-10-08 22:39 --------- d-----w C:\Program Files\Azureus
2007-09-28 16:08 156,992 ----a-w C:\windows\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 3,596,288 ----a-w C:\windows\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\windows\system32\ssldivx.dll
2007-09-28 16:07 129,784 ----a-w C:\windows\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\windows\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\windows\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\windows\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\windows\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\windows\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\windows\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\windows\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\windows\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\windows\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\windows\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\windows\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\windows\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\windows\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\windows\system32\DivXWMPExtType.dll
2007-09-25 06:08 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-25 06:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-09-24 04:16 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ATI
2007-09-12 05:04 21,840 ----atw C:\windows\system32\SIntfNT.dll
2007-09-12 05:04 17,212 ----atw C:\windows\system32\SIntf32.dll
2007-09-12 05:04 12,067 ----atw C:\windows\system32\SIntf16.dll
2007-08-02 05:10 5,632 --sha-w C:\Program Files\Thumbs.db
2006-09-19 21:21 0 ----a-w C:\Documents and Settings\Administrator\WoW-1.12.0.5595-to-0.12.1.5803-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\WoW-1.10.1.5230-to-0.10.2.5257-enUS-patch.exe
2006-05-01 05:57 1,309,311 ----a-w C:\Documents and Settings\Administrator\PTCpatch.exe
2006-03-24 00:14 24,192 ----a-w C:\Documents and Settings\Administrator\usbsermptxp.sys
2006-03-24 00:14 22,768 ----a-w C:\Documents and Settings\Administrator\usbsermpt.sys
2006-03-18 00:56 3,580 ----a-w C:\Program Files\INSTALL.LOG
2001-09-29 01:00 164,864 ----a-w C:\Program Files\UNWISE.EXE
2004-02-23 19:42:40 1,386,496 --sh--r C:\windows\system32\msvbvm60.dll
2004-02-23 19:42:40 1,386,496 -csh--r C:\windows\system32\dllcache\msvbvm60.dll
.

((((((((((((((((((((((((((((( snapshot@2007-11-04_18.22.35.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-02 22:21:27 139,776 ----a-w C:\windows\system32\swreg.exe
+ 2007-07-23 02:39:27 279,552 ----a-w C:\windows\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 21:10]
"ATI DeviceDetect"="C:\Program Files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-15 22:17]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00]
"CTHelper"="CTHELPER.EXE" [2003-06-19 19:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-03 14:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2003-04-27 11:54]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 20:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 09:52]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 09:53]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40]
"RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.0 RC 16\RivaTuner.exe" [2006-05-21 09:00]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 19:15]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 14:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 13:43]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="C:\Program Files\ATI Multimedia\main\launchpd.exe" [2004-06-15 22:22]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 15:14]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2007-10-17 00:29]
"ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-03 14:56]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-10-31 05:50]
"E6TaskPanel"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 14:24]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-07-28 14:06:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-10-31 05:50 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\windows\system32\DRIVERS\AN983.sys
S1 lusbaudio;Logitech USB Microphone;C:\windows\system32\drivers\OVSound2.sys
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);C:\windows\system32\DRIVERS\ADSFilter.sys
S3 BW2NDIS5;BW2NDIS5;C:\windows\system32\Drivers\BW2NDIS5.sys
S3 epozfi;epozfi;\??\C:\Documents and Settings\Administrator\My Documents\download\epozfi.sys
S3 mKernel;mKernel;\??\C:\Documents and Settings\Administrator\My Documents\hac\game tools\MIRB.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\suppress_explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\setup\rsrc\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\S]
\Shell\AutoRun\command - S:\Autorun.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-12 18:09:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-12 18:14:02
C:\ComboFix2.txt ... 2007-11-11 01:13
C:\ComboFix3.txt ... 2007-11-09 00:21
.
--- E O F ---