ComboFix 07-11-08.1 - Liz 2007-11-07 14:49:30.1 - NTFSx86 
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.154 [GMT -5:00]
Running from: F:\Documents and Settings\Liz\My Documents\My Downloads\ComboFix.exe
 * Created a new restore point
.

	Unable to gain System Privileges

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Colin\Desktop\internet.lnk
C:\Documents and Settings\Liz\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Liz\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Liz\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Ty\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Ty\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Ty\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\elorcjtp.dllbox
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE


(((((((((((((((((((((((((   Files Created from 2007-10-08 to 2007-11-08  )))))))))))))))))))))))))))))))
.

2007-11-07 14:44	145,984	--a------	C:\WINDOWS\system32\tlhwygfq.dll
2007-11-07 14:44	145,984	--a------	C:\WINDOWS\system32\elorcjtp.dll
2007-11-07 14:44	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-11-07 13:02	79,936	--a------	C:\WINDOWS\system32\qgmmbvxq.dll
2007-11-07 11:02	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-07 10:58	<DIR>	d--------	C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-07 09:59	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:54	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 09:53	<DIR>	d--------	C:\Program Files\SUPERAntiSpyware
2007-11-07 09:53	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 09:53	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\SUPERAntiSpyware.com
2007-11-07 09:39	35,328	--a------	C:\WINDOWS\system32\hgghgff.dll
2007-11-07 00:05	81,472	--a------	C:\WINDOWS\system32\gliyqgts.dll
2007-11-06 23:58	87,104	--a------	C:\WINDOWS\system32\fvlxxaqy.dll
2007-11-06 23:55	71,232	--a------	C:\WINDOWS\system32\asyoogeb.exe
2007-11-06 23:52	145,984	--a------	C:\WINDOWS\system32\kksmknrj.dll
2007-11-06 21:33	35,328	--a------	C:\WINDOWS\system32\iifddaa.dll
2007-11-06 20:21	<DIR>	d--------	C:\Program Files\Lavasoft
2007-11-06 20:21	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\Lavasoft
2007-11-06 19:43	<DIR>	d--------	C:\Program Files\CCleaner
2007-11-06 13:10	<DIR>	d--------	C:\Documents and Settings\Liz\.housecall6.6
2007-11-06 10:02	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\HouseCall 6.6
2007-11-06 09:59	<DIR>	d--------	C:\Documents and Settings\Liz\Shared
2007-11-06 09:58	<DIR>	d--------	C:\Documents and Settings\Liz\Incomplete
2007-11-06 09:48	<DIR>	d--------	C:\Documents and Settings\Ty\Application Data\Apple Computer
2007-11-06 09:22	<DIR>	d--------	C:\Documents and Settings\Ty\Application Data\HouseCall 6.6
2007-11-06 09:07	81,472	--a------	C:\WINDOWS\system32\yfgfhmss.dll
2007-11-06 09:05	87,104	--a------	C:\WINDOWS\system32\kgwlivbg.dll
2007-11-06 08:45	35,328	--a------	C:\WINDOWS\system32\mljihif.dll
2007-11-06 00:05	83,008	--a------	C:\WINDOWS\system32\tdfnkhpx.dll
2007-11-05 23:00	35,328	--a------	C:\WINDOWS\system32\ljjkihf.dll
2007-11-05 11:57	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\LimeWire
2007-11-04 21:49	78,912	--a------	C:\WINDOWS\system32\fyfrkneo.dll
2007-11-04 21:47	86,080	--a------	C:\WINDOWS\system32\pueghuvm.dll
2007-11-04 11:44	147,456	--a------	C:\WINDOWS\system32\vbzip10.dll
2007-11-04 10:36	<DIR>	d--------	C:\WINDOWS\system32\Mz18r
2007-11-04 10:36	<DIR>	d--------	C:\TEMP\mZOr
2007-11-04 10:36	35,328	--a------	C:\WINDOWS\system32\yaywwvw.dll.vir
2007-11-04 09:21	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\Viewpoint
2007-11-03 18:05	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\fretsonfire
2007-11-03 18:03	<DIR>	d--------	C:\Program Files\Frets on Fire
2007-11-03 11:59	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\acccore
2007-11-02 17:44	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\Viewpoint
2007-10-31 07:52	<DIR>	d--------	C:\Documents and Settings\Ty\Shared
2007-10-31 07:52	<DIR>	d--------	C:\Documents and Settings\Ty\Incomplete
2007-10-31 07:51	<DIR>	d--------	C:\Documents and Settings\Ty\Application Data\LimeWire
2007-10-30 19:50	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\AdobeUM
2007-10-30 19:46	<DIR>	d--------	C:\Documents and Settings\Colin\Shared
2007-10-30 19:46	<DIR>	d--------	C:\Documents and Settings\Colin\Incomplete
2007-10-30 19:46	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\LimeWire
2007-10-30 13:13	19,496	--a------	C:\Documents and Settings\Liz\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:45	<DIR>	d--------	C:\Program Files\Quicken
2007-10-30 10:45	<DIR>	d--------	C:\Program Files\Common Files\Palo Alto Software
2007-10-30 10:45	<DIR>	d--------	C:\Program Files\Common Files\Intuit
2007-10-30 10:45	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\Intuit
2007-10-30 10:45	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-24 14:37	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\Image Zone Express
2007-10-24 14:23	117,037	--a------	C:\WINDOWS\hpoins11.dat
2007-10-24 09:39	<DIR>	d--------	C:\Documents and Settings\Ty\Application Data\HP
2007-10-24 02:01	<DIR>	d--------	C:\Program Files\MSXML 4.0
2007-10-23 21:16	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\AdobeUM
2007-10-23 21:01	<DIR>	d--------	C:\Documents and Settings\Liz\Application Data\HP
2007-10-23 20:39	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\acccore
2007-10-23 20:38	<DIR>	d--------	C:\Program Files\Viewpoint
2007-10-23 20:38	<DIR>	d--------	C:\Program Files\Common Files\AOL
2007-10-23 20:38	<DIR>	d--------	C:\Program Files\AIM6
2007-10-23 20:38	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-23 20:38	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-23 20:38	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\AOL
2007-10-23 19:53	<DIR>	d--------	C:\Documents and Settings\Colin\Application Data\HP
2007-10-23 18:58	<DIR>	d--------	C:\Documents and Settings\Conrad\Application Data\HP
2007-10-23 18:57	<DIR>	d--------	C:\Documents and Settings\Conrad\Application Data\Sonic
2007-10-23 18:56	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2007-10-23 17:32	<DIR>	d--------	C:\WINDOWS\system32\URTTemp
2007-10-23 17:32	<DIR>	d--------	C:\Program Files\Common Files\HP
2007-10-23 17:30	<DIR>	d--------	C:\Program Files\Hewlett-Packard
2007-10-23 12:21	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\HP
2007-10-23 12:17	<DIR>	d--------	C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 12:17	77,824	-ra------	C:\WINDOWS\system32\HPZIDS01.dll
2007-10-23 12:17	38,400	--a------	C:\WINDOWS\system32\hpz3l054.dll
2007-10-23 12:16	827,392	-ra------	C:\WINDOWS\system32\hpotiop2.dll
2007-10-23 12:16	659,456	-ra------	C:\WINDOWS\system32\hpowiax2.dll
2007-10-23 12:16	254,026	-ra------	C:\WINDOWS\system32\hpovst09.dll
2007-10-23 12:16	6,784	--a------	C:\WINDOWS\system32\drivers\serscan.sys
2007-10-23 12:16	6,784	--a--c---	C:\WINDOWS\system32\dllcache\serscan.sys
2007-10-23 12:15	<DIR>	d--------	C:\TEMP\Google Toolbar
2007-10-23 12:14	<DIR>	d--------	C:\TEMP
2007-10-23 12:14	282,680	--a------	C:\WINDOWS\system32\HPZidr12.dll
2007-10-23 12:14	204,800	--a------	C:\WINDOWS\system32\HPZipr12.dll
2007-10-23 12:14	94,208	--a------	C:\WINDOWS\system32\HPZipt12.dll
2007-10-23 12:14	69,632	--a------	C:\WINDOWS\system32\HPZipm12.exe
2007-10-23 12:14	65,536	--a------	C:\WINDOWS\system32\HPZinw12.exe
2007-10-23 12:14	57,344	--a------	C:\WINDOWS\system32\HPZisn12.dll
2007-10-23 12:13	<DIR>	d--------	C:\Program Files\HP
2007-10-23 12:13	31,616	--a------	C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-23 12:13	31,616	--a--c---	C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-23 12:13	25,856	--a------	C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-23 12:13	25,856	--a--c---	C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-23 12:12	98,304	--a------	C:\WINDOWS\system32\hpzjsn01.dll
2007-10-23 10:16	<DIR>	d--------	C:\WINDOWS\Sun

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 02:37	278,546	----a-w	C:\WINDOWS\Fonts\Setup.exe
2007-11-04 15:34	278,545	--sh--w	C:\WINDOWS\Fonts\svchost.exe
2007-10-30 15:46	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-10-21 16:57	---------	d-----w	C:\Program Files\Common Files\InstallShield
2007-10-18 17:50	---------	d-----w	C:\Program Files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42738672-7C35-47A9-B413-717642C5E7F6}]
2007-11-08 15:30	313440	--a------	C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DFF131B-E9FC-4C6B-8D60-9A5F979C79DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 14:44	145984	--a------	C:\WINDOWS\system32\elorcjtp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-05 23:00	35328	--a------	C:\WINDOWS\system32\ljjkihf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\elorcjtp.dll [2007-11-07 14:44 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\elorcjtp.dll [2007-11-07 14:44 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-24 15:58]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"POINTER"="point32.exe" []
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-29 14:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-22 09:55]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-21 19:27:46]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\ljjkihf.dll [2007-11-05 23:00 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\elorcjtp] 
elorcjtp.dll 2007-11-07 14:44 145984 C:\WINDOWS\system32\elorcjtp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkihf] 
ljjkihf.dll 2007-11-05 23:00 35328 C:\WINDOWS\system32\ljjkihf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll


.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 01:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-08 20:28:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 15:25:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-11-08 15:33:09 - machine was rebooted 
.
	--- E O F ---