Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Outerinfo [RESOLVED]

Started by wilcom008 , Apr 20 2008 04:29 PM

  • This topic is locked This topic is locked

#1
wilcom008
Posted 20 April 2008 - 04:29 PM

wilcom008

    Member

  • Member
  • PipPip
  • 12 posts
Hi,I am having trouble with browser Hijacks. I know I have had Outerinfo on my computer. I have taken these steps 1) Checked control panel for the listed suspect programs. There were none. 2) Ran the OIUninstaller 3) Ran SuperAntiSpyware according to instructions. 4) Ran Hijackthis with the following results. The logfile and then the uninstall list follows. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:08 PM, on 4/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\winself.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ANPACSOFTWARE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\DLBFPSWX.EXE
C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\DLBFJSWX.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://help.bellsout...cess/launch.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nypejmfw] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\nypejmfw.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PGPtray.exe.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Jacada client full archive 7-0-0 - http://jacada-prod.f...full-signed.cab
O16 - DPF: Jacada client full archive 9-0-0 - http://jacada9-prod....full-signed.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.aka...vex-2.2.1.0.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/...nx.1.0.0.87.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3D4C3992-ABD6-4F85-9A1B-8568E3B4DB3E} (FISERV FIPSCO Insmark Interface Class) - https://access.anico...Mark/imkctl.cab
O16 - DPF: {4592C0F5-3382-44C6-9F79-BEA2CCBDA2EA} (OBXWebDocumentSelect Control) - https://onbase.farmf...BXWebSelect.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {60D402CD-0E51-4DA1-9C3A-4D395A8BFC27} (FISERV FIPSCO Report Viewer) - https://access.anico.../amnrptview.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1140016316765
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/...O1.cab55579.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/...he.cab55579.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://premconf.web...bex/ieatgpc.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {EBFFD54E-849A-11D4-B586-0090275BE299} (LocalReportHandler Class) - https://access.anico...localreport.cab
O16 - DPF: {F5876F16-5217-4B38-96F3-C2BB80215302} (OBXWebViewer Control) - https://onbase.farmf...BXWebViewer.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14606 bytes





This is the uninstall list.

ABBYY FineReader 5.0 Sprint Plus
Ad-Aware SE Personal
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Shockwave Player 11
ALPS Touch Pad Driver
ANPAC System Files Setup
ATI Control Panel
ATI Display Driver
Broadcom Management Programs 2
BroadJump Client Foundation
Citrix Presentation Server Client
Conexant D110 MDC V.92 Modem
Coupon Printer for Windows
Dell AIO Printer A960
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support Center
Digital Content Portal
Digital Line Detect
DocMan
Google AFE
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Solution Center 7.0
HP Update
Intel® PROSet/Wireless Software
Intergate Uninstall
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_11
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LiveUpdt
LPES Desktop - AMN
LPES Desktop - ANICO
Macromedia Flash Player
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Standard 2006
Microsoft Encarta Encyclopedia Standard 2006
Microsoft Excel Viewer 97
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft PowerPoint Viewer 97
Microsoft SQL Server Desktop Engine (ANPACSOFTWARE)
Microsoft Streets & Trips 2006
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Word 2002
Microsoft Word Viewer 97
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
mPfMgr
mPfWiz
MPM
mProSafe
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
mZConfig
NetWaiting
OASIS
OCR Software by I.R.I.S 7.0
OnBase Thin Client
PARIS
PGP Desktop
Picasa 2
PokerStars
PowerDVD 5.5
Print to Fax
Profile
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer Basic
SAM
Scrabble Blast Deluxe
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Shop for HP Supplies
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
TEAM
Trend Micro PC-cillin Internet Security 14
Trend Micro PC-cillin Internet Security 14
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
VINassist
WebCyberCoach 3.2 Dell
WebEx
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
  • 0

Advertisements

#2
greyknight17
Posted 20 April 2008 - 04:42 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
wilcom008
Posted 21 April 2008 - 08:08 PM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the quick response. Here are the Malwarebytes and Combofix logs.


Malwarebytes' Anti-Malware 1.11
Database version: 667

Scan type: Full Scan (C:\|)
Objects scanned: 113647
Time elapsed: 1 hour(s), 7 minute(s), 19 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 35
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 95

Memory Processes Infected:
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\xflock (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\PerfInfo (Rogue.WinPerformance) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\winself.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0025653.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP150\A0025655.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0025663.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP151\A0025665.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000060.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000080.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\000090.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Local Settings\Temp\ismtpa15.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopblackbird.jpg (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\DesktopEditorFKWP1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\DesktopEditorFKWP2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopfilemanagerclient.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopfkwp1.5.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopfkwp2.0.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\Desktopfwebd.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\DesktopFWebdEditor.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Angie\DesktopTrojan.Win32.BlackBird.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.





ComboFix 08-04-20.5 - Angie 2008-04-21 21:54:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.301 [GMT -4:00]
Running from: C:\Documents and Settings\Angie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angie\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport1.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport10.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport100.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport101.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport102.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport103.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport104.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport105.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport106.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport107.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport108.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport109.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport11.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport110.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport111.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport112.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport113.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport114.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport115.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport116.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport117.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport118.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport119.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport12.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport120.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport121.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport122.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport123.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport124.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport125.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport126.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport127.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport128.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport129.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport13.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport130.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport131.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport132.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport133.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport134.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport135.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport136.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport137.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport138.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport139.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport14.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport140.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport141.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport142.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport143.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport144.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport145.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport146.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport147.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport148.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport149.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport15.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport150.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport151.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport152.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport153.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport154.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport155.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport156.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport157.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport158.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport159.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport16.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport160.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport161.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport162.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport163.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport164.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport165.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport166.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport167.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport168.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport169.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport17.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport170.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport171.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport172.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport173.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport174.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport175.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport176.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport177.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport178.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport179.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport18.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport180.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport181.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport182.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport183.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport184.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport19.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport2.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport20.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport21.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport22.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport23.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport24.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport25.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport26.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport27.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport28.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport29.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport3.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport30.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport31.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport32.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport33.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport34.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport35.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport36.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport37.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport38.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport39.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport4.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport40.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport41.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport42.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport43.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport44.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport45.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport46.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport47.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport48.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport49.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport5.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport50.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport51.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport52.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport53.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport54.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport55.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport56.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport57.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport58.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport59.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport6.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport60.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport61.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport62.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport63.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport64.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport65.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport66.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport67.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport68.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport69.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport7.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport70.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport71.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport72.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport73.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport74.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport75.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport76.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport77.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport78.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport79.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport8.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport80.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport81.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport82.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport83.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport84.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport85.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport86.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport87.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport88.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport89.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport9.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport90.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport91.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport92.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport93.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport94.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport95.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport96.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport97.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport98.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport99.pdf
C:\Program Files\pppatc~1
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINDOWS\
  • 0

#4
wilcom008
Posted 21 April 2008 - 08:13 PM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry I don't think all my Combofix log posted. Let me try this again.


ComboFix 08-04-20.5 - Angie 2008-04-21 21:54:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.301 [GMT -4:00]
Running from: C:\Documents and Settings\Angie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angie\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport1.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport10.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport100.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport101.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport102.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport103.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport104.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport105.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport106.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport107.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport108.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport109.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport11.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport110.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport111.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport112.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport113.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport114.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport115.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport116.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport117.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport118.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport119.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport12.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport120.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport121.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport122.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport123.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport124.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport125.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport126.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport127.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport128.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport129.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport13.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport130.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport131.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport132.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport133.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport134.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport135.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport136.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport137.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport138.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport139.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport14.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport140.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport141.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport142.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport143.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport144.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport145.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport146.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport147.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport148.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport149.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport15.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport150.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport151.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport152.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport153.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport154.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport155.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport156.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport157.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport158.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport159.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport16.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport160.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport161.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport162.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport163.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport164.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport165.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport166.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport167.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport168.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport169.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport17.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport170.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport171.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport172.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport173.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport174.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport175.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport176.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport177.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport178.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport179.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport18.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport180.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport181.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport182.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport183.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport184.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport19.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport2.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport20.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport21.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport22.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport23.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport24.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport25.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport26.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport27.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport28.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport29.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport3.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport30.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport31.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport32.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport33.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport34.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport35.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport36.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport37.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport38.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport39.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport4.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport40.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport41.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport42.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport43.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport44.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport45.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport46.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport47.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport48.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport49.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport5.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport50.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport51.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport52.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport53.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport54.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport55.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport56.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport57.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport58.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport59.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport6.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport60.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport61.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport62.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport63.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport64.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport65.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport66.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport67.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport68.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport69.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport7.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport70.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport71.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport72.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport73.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport74.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport75.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport76.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport77.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport78.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport79.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport8.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport80.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport81.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport82.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport83.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport84.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport85.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport86.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport87.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport88.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport89.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport9.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport90.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport91.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport92.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport93.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport94.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport95.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport96.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport97.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport98.pdf
C:\Documents and Settings\Angie\Local Settings\Temporary Internet Files\LocalReport99.pdf
C:\Program Files\pppatc~1
C:\WINDOWS\default.htm
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\areabomb.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\beetlezap.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonusrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bonustimer.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\bucketfilled.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\clearpyramid.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle1c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2a.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2b.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\cleartriangle2c.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\colorchain.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\dialogbox.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\drumbeat.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\fillrow.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\gateopen.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\helptip.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\powerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\rotateboardleft.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\timerup.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\audio\sfx\warning2.ogg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\artifacts-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\bar.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\chamber1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\circledoor.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\full_screen_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\global-hs-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_large.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\help-bb_small.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hexfield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\hidden-artifact_icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\large_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\small_dialog.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\backgrounds\trifield.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetlehover4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetleshock4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\beetletatoo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\dirt.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpost.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\scarabpostovr.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\beetles\tritop.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowdown_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\arrowup_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\bluearrowright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkdown.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\checkup.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\long_button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\orange-button_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotleft_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\rotright_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_down.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_over.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\simplebutton_up.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknob.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderknobover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\buttons\sliderrail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\anwar\look\pl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\bast\look\bl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\characters\kristine\look\kl0001.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\crackedstopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\cursor.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\doorlights.txt
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\jackarmstrong.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\fonts\lithos.mvec
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\greybomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\arrowkeys.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\helptips\helptip.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\levels\levels.dat
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\disk.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\equilateraltriangle.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\flattri.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\pyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\quad.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\rotatingpyramid.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\models\scarabpanel.mesh
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\p1icon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-0.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\page1-1.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-0-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scenes\panel1-1-1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\scorecloud.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\setup.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\areashockwave.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_starter.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\bolt_tail.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\flash.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\rubble.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\sfx\smoke3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue0\snake_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\arm01_dirty.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\mask01_1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\statues\statue1\statue01_dirty.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\stopper.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timer.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timerglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\timericon.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\tm.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseblue3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousegreen3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mousered3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\trails\mouseyellow3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabomb.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\areabombrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\boardfill.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\brick3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\bricktip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared5.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\clearanim\cleared6.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye1.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye2.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye3.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\eye4.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-blue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-bluerollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-green.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-greenrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\plain_tri-yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\red.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\redrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wild.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\wildrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\triangles\yellowrollover.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image0.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image1.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image2.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\upsell\image3.jpg
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\bluebucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\buckettriangle.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chainlink.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\chaintip.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\genericbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\greenbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\redbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallblue.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallgreen.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallred.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\smallyellow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnglow.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\urnplatform.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\urns\yellowbucket.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\assets\warning.png
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\error.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\game.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\gameover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscore.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\instructions.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\leveldesign.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\levelover.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainarcade.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maincontinue.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maingames.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\mainpuzzle.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\maphelptip.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\options.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\pause.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\quitconfirm.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\start.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\storyplayer.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\style.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\screens\upsell.lua
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\strings.xml
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67\TriJinx.exe
C:\WINDOWS\sstem~1
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\Web\def.htm

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Malwarebytes
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 15:38 . 2008-04-20 17:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\SUPERAntiSpyware.com
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 15:36 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:02 . 2008-04-20 10:02 <DIR> d-------- C:\WINDOWS\mgwwgmke
2008-04-20 10:02 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wpexinax
2008-04-20 10:02 . 2008-04-21 10:11 138 -r-hs---- C:\WINDOWS\mainms.vpi
2008-04-20 10:01 . 2008-04-20 10:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 10:01 . 2008-04-20 10:01 6,656 --a------ C:\WINDOWS\ons.dll
2008-04-20 10:01 . 2008-04-20 10:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 10:01 . 2008-04-21 10:11 33 -r-hs---- C:\WINDOWS\muotr.so
2008-04-20 10:01 . 2008-04-20 21:54 4 --------- C:\WINDOWS\megavid.cdt
2008-04-19 20:38 . 2008-04-20 13:04 <DIR> d-------- C:\Program Files\MySpace
2008-04-19 20:38 . 2008-04-19 20:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\MySpace
2008-04-07 16:12 . 2008-04-07 16:13 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-06 16:41 . 2008-04-06 16:41 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Move Networks
2008-03-27 19:07 . 2008-03-27 19:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-25 12:30 . 2008-03-25 12:30 134 --a------ C:\Documents and Settings\Angie\neoteris_write_30238442.reg
2008-03-25 10:52 . 2008-03-25 10:52 200,704 --a------ C:\WINDOWS\system32\anChkHR.dll
2008-03-24 09:50 . 2008-03-24 09:50 134 --a------ C:\Documents and Settings\Angie\neoteris_write_11544872.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 18:43 49,698 ----a-w C:\Documents and Settings\Angie\Application Data\wklnhst.dat
2008-04-20 21:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-17 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2008-04-17 13:54 --------- d-----w C:\Documents and Settings\Angie\Application Data\Juniper Networks
2008-04-10 14:37 --------- d-----w C:\Program Files\Modem Helper
2008-03-21 13:48 --------- d-----w C:\Program Files\PokerStars
2008-03-19 14:57 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_25966201.reg
2008-03-13 12:50 --------- d-----w C:\Program Files\Java
2008-03-12 14:17 --------- d-----w C:\Program Files\Coupons
2008-03-10 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12014770.reg
2008-03-10 19:01 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3981922.reg
2008-02-28 16:59 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_16822261.reg
2008-02-27 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-13 19:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_13218198.reg
2008-01-28 15:24 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26789619.reg
2007-12-27 21:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24189261.reg
2007-12-26 19:05 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26235040.reg
2007-12-04 18:56 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22611277.reg
2007-11-29 20:26 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22221156.reg
2007-11-29 19:44 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5123850.reg
2007-11-20 16:40 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_14884403.reg
2007-11-20 15:43 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_18372676.reg
2007-11-14 15:03 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_12767107.reg
2007-11-09 19:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3413279.reg
2007-11-08 20:25 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22859697.reg
2007-11-07 15:53 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_33116517.reg
2007-11-06 20:27 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7962652.reg
2007-11-06 19:37 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_21731956.reg
2007-11-05 16:48 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_10931191.reg
2007-11-01 16:07 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_9706934.reg
2007-10-31 19:01 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_22736215.reg
2007-10-25 19:48 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_9492714.reg
2007-10-24 16:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3941240.reg
2007-10-24 15:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_701508.reg
2007-10-23 18:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12213211.reg
2007-10-22 15:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5483268.reg
2007-10-10 18:58 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7122710.reg
2007-10-10 17:31 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_3969559.reg
2007-10-05 21:15 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_27334345.reg
2007-10-04 14:11 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_17153368.reg
2007-09-25 15:03 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_16020374.reg
2007-09-21 16:09 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_5226838.reg
2007-09-11 20:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26980954.reg
2007-08-17 15:11 4,518,588 ----a-w C:\Documents and Settings\Angie\neoteris_read_11372121.reg
2007-08-15 16:33 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24763620.reg
2007-07-24 18:03 4,511,776 ----a-w C:\Documents and Settings\Angie\neoteris_read_25292190.reg
2007-06-26 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3794357.reg
2007-06-22 14:54 3,788,806 ----a-w C:\Documents and Settings\Angie\neoteris_read_17171576.reg
2007-06-01 13:27 3,784,568 ----a-w C:\Documents and Settings\Angie\neoteris_read_9740137.reg
2007-05-24 19:56 64,736 ----a-w C:\Documents and Settings\Angie\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 20:01 3,778,816 ----a-w C:\Documents and Settings\Angie\neoteris_read_8687308.reg
2004-08-04 04:56 561,179 ----a-w C:\Program Files\Common Files\dao360.dll
1998-04-27 03:00 570,128 ----a-w C:\Program Files\Common Files\DAO350.DLL
2006-02-22 20:58 56 --sh--r C:\WINDOWS\system32\8EEAC6D094.sys
2006-02-22 20:58 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15 321040]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2005-03-14 13:38 335970]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-10 14:36 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-10 14:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 11:21 270336]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

C:\Documents and Settings\Angie\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-07 18:35:12 21504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 14:31:55 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe [2006-10-30 14:32:12 55296]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE�
  • 0

#5
greyknight17
Posted 22 April 2008 - 03:37 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please attach the log into your post instead. It's still being cut off near the end.
  • 0

#6
wilcom008
Posted 22 April 2008 - 07:07 PM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry I ran combofix again today trying to get yesterdays log. Here it is.


ComboFix 08-04-20.5 - Angie 2008-04-22 20:51:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.275 [GMT -4:00]
Running from: C:\Documents and Settings\Angie\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Malwarebytes
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 15:38 . 2008-04-20 17:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\SUPERAntiSpyware.com
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 15:36 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 10:02 . 2008-04-20 10:02 <DIR> d-------- C:\WINDOWS\mgwwgmke
2008-04-20 10:02 . 2008-04-20 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\wpexinax
2008-04-20 10:02 . 2008-04-21 10:11 138 -r-hs---- C:\WINDOWS\mainms.vpi
2008-04-20 10:01 . 2008-04-20 10:01 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 10:01 . 2008-04-20 10:01 6,656 --a------ C:\WINDOWS\ons.dll
2008-04-20 10:01 . 2008-04-20 10:01 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-20 10:01 . 2008-04-21 10:11 33 -r-hs---- C:\WINDOWS\muotr.so
2008-04-20 10:01 . 2008-04-20 21:54 4 --------- C:\WINDOWS\megavid.cdt
2008-04-19 20:38 . 2008-04-20 13:04 <DIR> d-------- C:\Program Files\MySpace
2008-04-19 20:38 . 2008-04-19 20:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\MySpace
2008-04-07 16:12 . 2008-04-07 16:13 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-06 16:41 . 2008-04-06 16:41 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Move Networks
2008-03-27 19:07 . 2008-03-27 19:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-25 12:30 . 2008-03-25 12:30 134 --a------ C:\Documents and Settings\Angie\neoteris_write_30238442.reg
2008-03-25 10:52 . 2008-03-25 10:52 200,704 --a------ C:\WINDOWS\system32\anChkHR.dll
2008-03-24 09:50 . 2008-03-24 09:50 134 --a------ C:\Documents and Settings\Angie\neoteris_write_11544872.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2008-04-22 17:06 --------- d-----w C:\Documents and Settings\Angie\Application Data\Juniper Networks
2008-04-22 02:55 49,698 ----a-w C:\Documents and Settings\Angie\Application Data\wklnhst.dat
2008-04-20 21:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 14:37 --------- d-----w C:\Program Files\Modem Helper
2008-03-21 19:47 172,032 ----a-w C:\WINDOWS\system32\anChkAC.dll
2008-03-21 13:48 --------- d-----w C:\Program Files\PokerStars
2008-03-19 20:19 466,944 ----a-w C:\WINDOWS\system32\ANFFAuto.dll
2008-03-19 14:57 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_25966201.reg
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 18:03 98,304 ----a-w C:\WINDOWS\system32\anChkUW.dll
2008-03-13 12:50 --------- d-----w C:\Program Files\Java
2008-03-12 14:17 --------- d-----w C:\Program Files\Coupons
2008-03-10 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12014770.reg
2008-03-10 19:01 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3981922.reg
2008-03-06 11:23 180,224 ----a-w C:\WINDOWS\system32\ahpdwlng.dll
2008-03-05 21:49 86,065 ----a-w C:\WINDOWS\system32\anXMLDOM.dll
2008-03-05 16:41 270,385 ----a-w C:\WINDOWS\system32\anRateIO.dll
2008-03-05 16:40 69,632 ----a-w C:\WINDOWS\system32\anFFEZPay.dll
2008-03-01 22:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-28 16:59 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_16822261.reg
2008-02-27 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-21 22:29 45,056 ----a-w C:\WINDOWS\system32\BCVE_STATUS.DLL
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-02-13 19:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_13218198.reg
2008-02-06 15:54 49,152 ----a-w C:\WINDOWS\system32\AHPAPURT.DLL
2008-02-05 18:34 319,488 ----a-w C:\WINDOWS\system32\anFFHome.dll
2008-02-04 13:15 716,800 ----a-w C:\WINDOWS\system32\anPayBIF.dll
2008-01-28 15:24 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26789619.reg
2008-01-25 14:59 593,920 ----a-w C:\WINDOWS\system32\anCList.dll
2007-12-27 21:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24189261.reg
2007-12-26 19:05 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26235040.reg
2007-12-04 18:56 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22611277.reg
2007-11-29 20:26 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22221156.reg
2007-11-29 19:44 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5123850.reg
2007-11-20 16:40 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_14884403.reg
2007-11-20 15:43 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_18372676.reg
2007-11-14 15:03 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_12767107.reg
2007-11-09 19:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3413279.reg
2007-11-08 20:25 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22859697.reg
2007-11-07 15:53 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_33116517.reg
2007-11-06 20:27 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7962652.reg
2007-11-06 19:37 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_21731956.reg
2007-11-05 16:48 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_10931191.reg
2007-11-01 16:07 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_9706934.reg
2007-10-31 19:01 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_22736215.reg
2007-10-25 19:48 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_9492714.reg
2007-10-24 16:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3941240.reg
2007-10-24 15:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_701508.reg
2007-10-23 18:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12213211.reg
2007-10-22 15:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5483268.reg
2007-10-10 18:58 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7122710.reg
2007-10-10 17:31 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_3969559.reg
2007-10-05 21:15 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_27334345.reg
2007-10-04 14:11 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_17153368.reg
2007-09-25 15:03 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_16020374.reg
2007-09-21 16:09 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_5226838.reg
2007-09-11 20:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26980954.reg
2007-08-17 15:11 4,518,588 ----a-w C:\Documents and Settings\Angie\neoteris_read_11372121.reg
2007-08-15 16:33 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24763620.reg
2007-07-24 18:03 4,511,776 ----a-w C:\Documents and Settings\Angie\neoteris_read_25292190.reg
2007-06-26 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3794357.reg
2007-06-22 14:54 3,788,806 ----a-w C:\Documents and Settings\Angie\neoteris_read_17171576.reg
2007-06-01 13:27 3,784,568 ----a-w C:\Documents and Settings\Angie\neoteris_read_9740137.reg
2007-05-24 19:56 64,736 ----a-w C:\Documents and Settings\Angie\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 20:01 3,778,816 ----a-w C:\Documents and Settings\Angie\neoteris_read_8687308.reg
2004-08-04 04:56 561,179 ----a-w C:\Program Files\Common Files\dao360.dll
1998-04-27 03:00 570,128 ----a-w C:\Program Files\Common Files\DAO350.DLL
2006-02-22 20:58 56 --sh--r C:\WINDOWS\system32\8EEAC6D094.sys
2006-02-22 20:58 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-04-21_22.00.26.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 01:06:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 00:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-22 01:10:39 72,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-23 00:22:40 72,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-22 01:10:39 426,068 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 00:22:40 426,068 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 00:19:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
- 2008-01-15 15:18:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
+ 2008-04-23 00:18:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15 321040]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2005-03-14 13:38 335970]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-10 14:36 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-10 14:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 11:21 270336]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

C:\Documents and Settings\Angie\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-07 18:35:12 21504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 14:31:55 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe [2006-10-30 14:32:12 55296]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=OCMAPIHK.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft SQL Server\\MSSQL$ANPACSOFTWARE\\Binn\\sqlservr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\SAM\\SAM.exe"=
"C:\\PARIS\\Paris.exe"=

R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2006-04-05 12:36]
R2 MSSQL$ANPACSOFTWARE;MSSQL$ANPACSOFTWARE;C:\Program Files\Microsoft SQL Server\MSSQL$ANPACSOFTWARE\Binn\sqlservr.exe [2002-12-17 18:26]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdisk.sys [2006-04-05 12:39]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2006-04-05 12:35]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 SQLAgent$ANPACSOFTWARE;SQLAgent$ANPACSOFTWARE;C:\Program Files\Microsoft SQL Server\MSSQL$ANPACSOFTWARE\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 20:57:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 21:02:06
ComboFix-quarantined-files.txt 2008-04-23 01:01:49
ComboFix2.txt 2008-04-22 02:00:52

Pre-Run: 37,366,300,672 bytes free
Post-Run: 37,364,453,376 bytes free

227 --- E O F --- 2008-04-09 18:49:40
  • 0

#7
greyknight17
Posted 22 April 2008 - 08:04 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Do you know what all these C:\Documents and Settings\Angie\neoteris_write_16822261.reg files are for? You have a bunch of these files similarly named...for Juniper Network?

Do you know what these two files are for?

C:\SAM\SAM.exe
C:\PARIS\Paris.exe

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

Collect::
C:\WINDOWS\system32\anChkHR.dll
C:\WINDOWS\system32\anChkAC.dll
C:\WINDOWS\system32\ANFFAuto.dll
C:\WINDOWS\system32\anChkUW.dll
C:\WINDOWS\system32\ahpdwlng.dll
C:\WINDOWS\system32\anXMLDOM.dll
C:\WINDOWS\system32\anRateIO.dll
C:\WINDOWS\system32\anFFEZPay.dll
C:\WINDOWS\system32\AHPAPURT.DLL
C:\WINDOWS\system32\anFFHome.dll
C:\WINDOWS\system32\anPayBIF.dll
C:\WINDOWS\system32\anCList.dll
File::
C:\WINDOWS\mainms.vpi
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\ons.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\muotr.so
C:\WINDOWS\megavid.cdt
Folder::
C:\WINDOWS\mgwwgmke
C:\Documents and Settings\All Users\Application Data\wpexinax
DirLook::
C:\Program Files\Coupons

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far? I found a bunch of suspicious looking files which were removed now. Make sure that whatever programs you usually use are working...basically test out the computer fully to make sure everything is back to normal.
  • 0

#8
wilcom008
Posted 22 April 2008 - 09:17 PM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
All those files are for my job. The computer is running much better, no pop-ups so far and all of the stuff I normally use are running fine except for one update program I use for work. I am going to reload it tommorrow and hopefully that will take care of it. Here is my Combofix log. After it finished I got a screen to submit a file to bleeping computer. I went ahead and submitted it didn't know what else to do.


ComboFix 08-04-20.5 - Angie 2008-04-22 22:42:56.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.272 [GMT -4:00]
Running from: C:\Documents and Settings\Angie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angie\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\muotr.so
C:\WINDOWS\ons.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\wpexinax
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\mgwwgmke
C:\WINDOWS\mgwwgmke\1.png
C:\WINDOWS\mgwwgmke\2.png
C:\WINDOWS\mgwwgmke\3.png
C:\WINDOWS\mgwwgmke\4.png
C:\WINDOWS\mgwwgmke\5.png
C:\WINDOWS\mgwwgmke\6.png
C:\WINDOWS\mgwwgmke\7.png
C:\WINDOWS\mgwwgmke\8.png
C:\WINDOWS\mgwwgmke\9.png
C:\WINDOWS\mgwwgmke\bottom-rc.gif
C:\WINDOWS\mgwwgmke\config.png
C:\WINDOWS\mgwwgmke\content.png
C:\WINDOWS\mgwwgmke\download.gif
C:\WINDOWS\mgwwgmke\frame-bg.gif
C:\WINDOWS\mgwwgmke\frame-bottom-left.gif
C:\WINDOWS\mgwwgmke\frame-h1bg.gif
C:\WINDOWS\mgwwgmke\head.png
C:\WINDOWS\mgwwgmke\icon.png
C:\WINDOWS\mgwwgmke\indexwp.html
C:\WINDOWS\mgwwgmke\main.css
C:\WINDOWS\mgwwgmke\memory-prots.png
C:\WINDOWS\mgwwgmke\net.png
C:\WINDOWS\mgwwgmke\pc-mag.gif
C:\WINDOWS\mgwwgmke\pc.gif
C:\WINDOWS\mgwwgmke\poloska1.png
C:\WINDOWS\mgwwgmke\poloska2.png
C:\WINDOWS\mgwwgmke\poloska3.png
C:\WINDOWS\mgwwgmke\promowp1.html
C:\WINDOWS\mgwwgmke\promowp2.html
C:\WINDOWS\mgwwgmke\promowp3.html
C:\WINDOWS\mgwwgmke\promowp4.html
C:\WINDOWS\mgwwgmke\promowp5.html
C:\WINDOWS\mgwwgmke\reg.png
C:\WINDOWS\mgwwgmke\repair.png
C:\WINDOWS\mgwwgmke\scr-1.png
C:\WINDOWS\mgwwgmke\scr-2.png
C:\WINDOWS\mgwwgmke\start.png
C:\WINDOWS\mgwwgmke\styles.css
C:\WINDOWS\mgwwgmke\Thumbs.db
C:\WINDOWS\mgwwgmke\top-rc.gif
C:\WINDOWS\mgwwgmke\vline.gif
C:\WINDOWS\mgwwgmke\wp.png
C:\WINDOWS\muotr.so
C:\WINDOWS\ons.dll
C:\WINDOWS\QTFont.for
C:\WINDOWS\QTFont.qfn
C:\WINDOWS\system32\AHPAPURT.DLL
C:\WINDOWS\system32\ahpdwlng.dll
C:\WINDOWS\system32\anChkAC.dll
C:\WINDOWS\system32\anChkHR.dll
C:\WINDOWS\system32\anChkUW.dll
C:\WINDOWS\system32\anCList.dll
C:\WINDOWS\system32\ANFFAuto.dll
C:\WINDOWS\system32\anFFEZPay.dll
C:\WINDOWS\system32\anFFHome.dll
C:\WINDOWS\system32\anPayBIF.dll
C:\WINDOWS\system32\anRateIO.dll
C:\WINDOWS\system32\anXMLDOM.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Malwarebytes
2008-04-21 19:45 . 2008-04-21 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-20 15:38 . 2008-04-20 17:05 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\SUPERAntiSpyware.com
2008-04-20 15:38 . 2008-04-20 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-20 15:36 . 2008-04-20 15:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 20:38 . 2008-04-20 13:04 <DIR> d-------- C:\Program Files\MySpace
2008-04-19 20:38 . 2008-04-19 20:38 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\MySpace
2008-04-07 16:12 . 2008-04-07 16:13 96,577 --a------ C:\WINDOWS\hpqins16.dat
2008-04-06 16:41 . 2008-04-06 16:41 <DIR> d-------- C:\Documents and Settings\Angie\Application Data\Move Networks
2008-03-27 19:07 . 2008-03-27 19:09 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-03-25 12:30 . 2008-03-25 12:30 134 --a------ C:\Documents and Settings\Angie\neoteris_write_30238442.reg
2008-03-24 09:50 . 2008-03-24 09:50 134 --a------ C:\Documents and Settings\Angie\neoteris_write_11544872.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Juniper Networks
2008-04-22 17:06 --------- d-----w C:\Documents and Settings\Angie\Application Data\Juniper Networks
2008-04-22 02:55 49,698 ----a-w C:\Documents and Settings\Angie\Application Data\wklnhst.dat
2008-04-20 21:55 --------- d-----w C:\Program Files\Trend Micro
2008-04-10 14:37 --------- d-----w C:\Program Files\Modem Helper
2008-03-21 13:48 --------- d-----w C:\Program Files\PokerStars
2008-03-19 14:57 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_25966201.reg
2008-03-13 12:50 --------- d-----w C:\Program Files\Java
2008-03-12 14:17 --------- d-----w C:\Program Files\Coupons
2008-03-10 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12014770.reg
2008-03-10 19:01 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3981922.reg
2008-02-28 16:59 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_16822261.reg
2008-02-27 20:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-13 19:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_13218198.reg
2008-01-28 15:24 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26789619.reg
2007-12-27 21:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24189261.reg
2007-12-26 19:05 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26235040.reg
2007-12-04 18:56 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22611277.reg
2007-11-29 20:26 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22221156.reg
2007-11-29 19:44 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5123850.reg
2007-11-20 16:40 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_14884403.reg
2007-11-20 15:43 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_18372676.reg
2007-11-14 15:03 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_12767107.reg
2007-11-09 19:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3413279.reg
2007-11-08 20:25 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_22859697.reg
2007-11-07 15:53 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_33116517.reg
2007-11-06 20:27 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7962652.reg
2007-11-06 19:37 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_21731956.reg
2007-11-05 16:48 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_10931191.reg
2007-11-01 16:07 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_9706934.reg
2007-10-31 19:01 4,577,334 ----a-w C:\Documents and Settings\Angie\neoteris_read_22736215.reg
2007-10-25 19:48 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_9492714.reg
2007-10-24 16:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3941240.reg
2007-10-24 15:47 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_701508.reg
2007-10-23 18:31 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_12213211.reg
2007-10-22 15:21 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_5483268.reg
2007-10-10 18:58 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_7122710.reg
2007-10-10 17:31 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_3969559.reg
2007-10-05 21:15 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_27334345.reg
2007-10-04 14:11 484 ----a-w C:\Documents and Settings\Angie\neoteris_read_17153368.reg
2007-09-25 15:03 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_16020374.reg
2007-09-21 16:09 4,536,660 ----a-w C:\Documents and Settings\Angie\neoteris_read_5226838.reg
2007-09-11 20:19 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_26980954.reg
2007-08-17 15:11 4,518,588 ----a-w C:\Documents and Settings\Angie\neoteris_read_11372121.reg
2007-08-15 16:33 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_24763620.reg
2007-07-24 18:03 4,511,776 ----a-w C:\Documents and Settings\Angie\neoteris_read_25292190.reg
2007-06-26 20:36 134 ----a-w C:\Documents and Settings\Angie\neoteris_write_3794357.reg
2007-06-22 14:54 3,788,806 ----a-w C:\Documents and Settings\Angie\neoteris_read_17171576.reg
2007-06-01 13:27 3,784,568 ----a-w C:\Documents and Settings\Angie\neoteris_read_9740137.reg
2007-05-24 19:56 64,736 ----a-w C:\Documents and Settings\Angie\Application Data\GDIPFONTCACHEV1.DAT
2007-02-21 20:01 3,778,816 ----a-w C:\Documents and Settings\Angie\neoteris_read_8687308.reg
2004-08-04 04:56 561,179 ----a-w C:\Program Files\Common Files\dao360.dll
1998-04-27 03:00 570,128 ----a-w C:\Program Files\Common Files\DAO350.DLL
2006-02-22 20:58 56 --sh--r C:\WINDOWS\system32\8EEAC6D094.sys
2006-02-22 20:58 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Coupons ----

2008-03-12 10:17 6167 --a------ C:\Program Files\Coupons\Uninstall\uninstall.xml
2008-03-12 10:17 473600 --a------ C:\Program Files\Coupons\uninstall.exe
2008-03-12 10:17 4301 --a------ C:\Program Files\Coupons\Uninstall\IRIMG6.JPG
2008-03-12 10:17 415368 --a------ C:\Program Files\Coupons\Uninstall\uninstall.dat
2008-03-12 10:17 3350 --a------ C:\Program Files\Coupons\Uninstall\IRIMG4.JPG
2008-03-12 10:17 26791 --a------ C:\Program Files\Coupons\Uninstall\IRIMG5.JPG
2008-03-12 10:17 19374 --a------ C:\Program Files\Coupons\Uninstall\IRIMG2.JPG
2008-03-12 10:17 18195 --a------ C:\Program Files\Coupons\Uninstall\IRIMG1.JPG
2008-03-12 10:17 17831 --a------ C:\Program Files\Coupons\Uninstall\IRIMG8.JPG
2008-03-12 10:17 17831 --a------ C:\Program Files\Coupons\Uninstall\IRIMG3.JPG
2008-03-12 10:17 11005 --a------ C:\Program Files\Coupons\Uninstall\IRIMG7.JPG
2006-12-13 18:33 202 --------- C:\Program Files\Coupons\Coupons.com.url


((((((((((((((((((((((((((((( snapshot@2008-04-21_22.00.26.09 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 01:06:21 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 00:18:00 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-22 01:10:39 72,286 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-23 00:22:40 72,286 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-22 01:10:39 426,068 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 00:22:40 426,068 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 00:19:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1c0.dat
- 2008-01-15 15:18:52 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
+ 2008-04-23 00:18:09 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_520.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15 321040]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 18:33 155648]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 16:59 385024]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05 344064]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2005-03-14 13:38 335970]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-09-01 19:24 684032]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 18:19 53248]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-02-10 14:36 26112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-10 14:37 98304]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 03:05 127035]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 12:44 81920]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 22:26 368706]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01 110592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02 1807960]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [2003-09-21 11:21 270336]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 07:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 21:17 443968]

C:\Documents and Settings\Angie\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2005-10-07 18:35:12 21504]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-02-10 14:31:55 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]
PGPtray.exe.lnk - C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe [2006-10-30 14:32:12 55296]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 18:23:32 74308]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-09-07 18:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=OCMAPIHK.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft SQL Server\\MSSQL$ANPACSOFTWARE\\Binn\\sqlservr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\SAM\\SAM.exe"=
"C:\\PARIS\\Paris.exe"=

R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2006-04-05 12:36]
R2 MSSQL$ANPACSOFTWARE;MSSQL$ANPACSOFTWARE;C:\Program Files\Microsoft SQL Server\MSSQL$ANPACSOFTWARE\Binn\sqlservr.exe [2002-12-17 18:26]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdisk.sys [2006-04-05 12:39]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2006-04-05 12:35]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
S3 SQLAgent$ANPACSOFTWARE;SQLAgent$ANPACSOFTWARE;C:\Program Files\Microsoft SQL Server\MSSQL$ANPACSOFTWARE\Binn\sqlagent.EXE [2002-12-17 18:23]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys [2006-03-13 17:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys [2006-03-13 17:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys [2006-03-13 17:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 17:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys [2006-03-13 17:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 22:45:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 22:48:58
ComboFix-quarantined-files.txt 2008-04-23 02:48:49
ComboFix2.txt 2008-04-23 01:02:07
ComboFix3.txt 2008-04-22 02:00:52

Pre-Run: 37,355,573,248 bytes free
Post-Run: 37,338,001,408 bytes free

284 --- E O F --- 2008-04-09 18:49:40
  • 0

#9
greyknight17
Posted 23 April 2008 - 07:46 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sorry about the last part...forgot to mention that it will prompt you to submit a file online. Just want to make sure those are not malware related...

Do you know what this program is for? -> C:\Program Files\Coupons
Don't run it if unsure. If you don't know what it's for, uninstall it via the Add/Remove Programs panel.

Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run and copy/paste in combofix /u to remove it. You should be set to go.
  • 0

#10
wilcom008
Posted 23 April 2008 - 08:24 AM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
The coupons file I use to print coupons online. All is well except 3 of my work related programs are not working. I am going to reload them today and hope that will take care of it. Should I remove the other anti malware programs I have loaded?
  • 0

#11
greyknight17
Posted 23 April 2008 - 09:49 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
I think they were corrupted when we removed some of those files...the ones you submitted :) Reinstalling should fix the issue.

Which program? SUPERAntiSpyware and Malwarebytes Anti-Malware? You can probably hold on to them. No harm in keeping them. I think only SUPERAntiSpyware has the real-time detection. If TrendMicro has a built-in antispyware feature, I guess you can uninstall SUPERAntiSpyware.

Any more questions before we close this topic? :)
  • 0

#12
wilcom008
Posted 23 April 2008 - 11:23 AM

wilcom008

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
No questions, I have reinstalled my work programs and everything seems to be running fine now. I will hold onto the other Anti-malware/Spyware programs I'm sure I will need them in the future. Thank you so much for you help I really appreciate it.
  • 0

#13
greyknight17
Posted 23 April 2008 - 11:32 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP