win32.BHO.je/vondermonde/PAK_Generic.001 HELP! [Archive]

TallentedJeff

2008-03-28, 18:24

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {910EA866-6CA1-4855-BBDE-9C9D93AB8984} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O2 - BHO: {06ea42b2-bd7a-52c9-e434-a0c2563aa77c} - {c77aa365-2c0a-434e-9c25-a7db2b24ae60} - C:\WINDOWS\system32\jqtjhxmn.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [OpenVPN GUI] "C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect eurovpn.ovpn
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [6d1ea1dd] rundll32.exe "C:\WINDOWS\system32\xgtcaeae.dll",b
O4 - HKLM\..\Run: [cjb] C:\Program Files\cjb\cjb5.exe
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.1.75:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190172639781
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O20 - AppInit_DLLs: iSecurity.cpl
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O21 - SSODL: ChkVolume - {7c88725a-1fab-46ab-aca6-627c43af27a8} - C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}\ChkVolume.dll
O21 - SSODL: zip - {b69d25af-5809-47ba-83a0-08adf8b50b87} - C:\WINDOWS\Installer\{b69d25af-5809-47ba-83a0-08adf8b50b87}\zip.dll
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 13450 bytes

TallentedJeff

2008-03-28, 18:29

error loading C:\WINDOWS\system\xgtcaeae.dll
the specified module could not be found

Friday, March 28, 2008 10:30:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/03/2008
Kaspersky Anti-Virus database records: 668879
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 91608
Number of viruses found 31
Number of infected objects 190
Number of suspicious objects 1
Duration of the scan process 01:25:07

Infected Object Name Virus Name Last Action
C:\67b5908f85dbba9153d7a14dd1a6f025\riprep.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\installation\Local Settings\Temp\6FpWVuJt.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Documents and Settings\installation\Local Settings\Temp\cXSlyb2u.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Documents and Settings\installation\Local Settings\Temp\pD807fx0.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Documents and Settings\installation\Local Settings\Temporary Internet Files\Content.IE5\726W0JLV\1204814751[1].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Documents and Settings\installation\Local Settings\Temporary Internet Files\Content.IE5\A4K3AM2F\1204593114[1].exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Documents and Settings\installation\Local Settings\Temporary Internet Files\Content.IE5\DAWJQN6H\1204593094[2].exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Documents and Settings\installation\Local Settings\Temporary Internet Files\Content.IE5\DAWJQN6H\1205864476[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\cert8.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\history.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\key3.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\parent.lock Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\search.sqlite Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\jeff.tallent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Outlook\outlook.ost Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\History\History.IE5\MSHist012008032820080329\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\ExchangePerflog_8484fa3131ab18d1cfcccd43.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\power64.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\powersys.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\syssyn.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\win58E.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DF6CB0.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DF6ECC.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DF7116.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\Content.Word\~WRS2249.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\ntuser.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SwiHpWmi.log Object is locked skipped
C:\Program Files\IE Extensions\cj.v2.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\tmp11352500.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Program Files\tmp11817187.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Program Files\tmp122203.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp179390.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Program Files\tmp1894687.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp20238859.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\tmp2367421.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Program Files\tmp2368031.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Program Files\tmp2368046.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\tmp2368078.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\Program Files\tmp243358687.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp243358812.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp243388765.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\tmp5549734.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\Program Files\tmp5695406.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp7357390.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp7357750.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp74500.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp74937.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp74953.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp80312.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\tmp80390.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp81718.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp82187.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp8342984.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp8343312.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp8343421.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp84187.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\tmp85187.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\tmp86531.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1204986782[1].exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1204986783[1].exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205159686[1].exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205334549[1].exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205334549[2].exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205334550[1].exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205334550[2].exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205949732[1].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205949732[1]_e54.VIR Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1205949732[2].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206192966[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206192966[1]_e50.VIR Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206192966[2].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206507373[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206507374[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206507377[1].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536563[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536564[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536565[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536566[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536566[1]_3e0.VIR Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536567[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536568[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536568[1]_3e8.VIR Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536569[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536570[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536571[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206536571[1]_3d4.VIR Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206623242[1].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206628709[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206709112[1].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206709112[2].exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206716639[1].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\1206716639[2].exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\2[1].ani Suspicious: Exploit.Win32.IMG-ANI.gen skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0036467.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0039835.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0039877.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0046406.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0046407.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0046408.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\A0046409.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\cyber[1].wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\cyber[3].wmf Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\Dc1.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\gebbxwt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache11268.tmp/Baaaaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache11268.tmp/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache11268.tmp/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache11268.tmp ZIP: infected - 3 skipped

TallentedJeff

2008-03-28, 18:30

C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache11268.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache19407.tmp/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache19407.tmp/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache19407.tmp/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache19407.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache19407.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache41247.tmp/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache41247.tmp/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache41247.tmp/Installer.class Infected: Trojan-Downloader.Java.Agent.a skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache41247.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache41247.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache53325.tmp/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache53325.tmp/OwnClassLoader.class Infected: Trojan.Java.ClassLoader.au skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache53325.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache53325.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\jar_cache53325.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\mxrckhfk.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\setup.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[1].htm Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[1]_e04.VI0 Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[1]_e04.VIR Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[1]_e08.VIR Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[1]_e20.VIR Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\test[2].htm Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\tmp20804656.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\tmp20825468.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\Vmcq8GkR.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xloader30029.exe Infected: Trojan.Win32.Qhost.abh skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xloader30029_e38.VIR Infected: Trojan.Win32.Qhost.abh skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xloader30029_e48.VIR Infected: Trojan.Win32.Qhost.abh skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\xloader30029_e4c.VIR Infected: Trojan.Win32.Qhost.abh skipped
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\zip.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\Program Files\ucleaner_setup.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\Program Files\udefender_setup.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\RECYCLER\S-1-5-21-3732892180-917726064-1294033872-1009\Dc2\winubg32.dll.bad Infected: Trojan.Win32.Dialer.yz skipped
C:\RECYCLER\S-1-5-21-3732892180-917726064-1294033872-1009\Dc2\wvuropp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP56\A0036290.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/keygen.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.iel skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036327.exe Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036464.exe Infected: Trojan-Downloader.Win32.Small.ioq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036465.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036499.exe Infected: Trojan-Spy.Win32.BZub.bys skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036500.exe Infected: Trojan-Downloader.Win32.Small.iel skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP59\A0038611.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP61\A0038638.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP61\A0039768.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039829.exe Infected: Trojan-Downloader.Win32.Small.ioq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039840.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039841.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039914.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039916.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP77\A0051530.dll Infected: Trojan-Clicker.Win32.Agent.wd skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP77\A0051536.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051551.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051557.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051558.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051559.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051560.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051576.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051577.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051590.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051591.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051625.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051629.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051631.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052653.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052654.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052682.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052742.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052778.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052781.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052784.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052856.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052857.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052859.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052861.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052863.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052864.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052866.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052935.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052936.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052937.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052961.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052964.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0053038.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054056.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054057.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054060.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054061.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054062.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{32119051-f64e-4211-b728-5c831ebc89c9}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}\ChkVolume.dll Infected: Trojan.Win32.Agent.feh skipped
C:\WINDOWS\Installer\{be59ba25-50a0-49f5-9ce8-efddc734cb63}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SMINST\schedule.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{4F1AC192-5058-4889-AA70-AA6B53A9FFF2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\atchk.log Object is locked skipped
C:\WINDOWS\Temp\atchksrv.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

Shaba

2008-04-03, 10:54

Hi TallentedJeff

A lot of stuff there.

Go to start - run

Type this and click ok

CMD.exe /C Del /Q C:\Program Files\tmp*.exe

After that:

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Post:

- a fresh HijackThis log
- combofix report

TallentedJeff

2008-04-03, 22:37

Thank you for your time, i know it is alot,it all startng from trying to get a serial for bejeweled (bored at work one day).
When reloading windows after combofix ran the computer stalled on the windows login for 15 minutes untill i rebooted.

Here are my logs

ComboFix 08-04-03.3 - Jeff.tallent 2008-04-03 14:02:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1367 [GMT -6:00]
Running from: C:\Documents and Settings\jeff.tallent\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}
C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}\ChkVolume.dll
C:\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}
C:\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}\zip.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-03-29 12:46 . 2004-09-08 09:42 372,736 --a------ C:\WINDOWS\system32\csccfg10.dll
2008-03-28 15:20 . 2008-03-28 15:20 142,848 --a------ C:\Program Files\tmp9220687.exe
2008-03-28 15:20 . 2008-03-28 15:20 19,968 --a------ C:\Program Files\tmp9220718.exe
2008-03-28 13:19 . 2008-03-28 13:19 142,848 --a------ C:\Program Files\tmp1961187.exe
2008-03-28 07:55 . 2008-03-28 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 07:55 . 2008-03-28 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-03-27 13:58 . 2008-03-26 14:58 124,928 -r-hs---- C:\WINDOWS\system32\iSecurity.cpl
2008-03-26 14:59 . 2008-03-26 14:59 142,848 --a------ C:\Program Files\tmp9265984.exe
2008-03-26 14:58 . 2008-03-27 11:09 <DIR> d-------- C:\Program Files\iSecurity
2008-03-26 07:00 . 2008-03-26 07:00 <DIR> d-------- C:\Program Files\cjb
2008-03-26 07:00 . 2008-03-26 07:00 19,968 --a------ C:\Program Files\tmp143640.exe
2008-03-26 07:00 . 2008-03-26 07:00 9,728 --a------ C:\Program Files\tmp160187.exe
2008-03-26 07:00 . 2008-03-26 07:00 9,728 --a------ C:\Program Files\tmp125296.exe
2008-03-25 22:58 . 2008-03-25 22:58 19,968 --a------ C:\Program Files\tmp86531.exe
2008-03-25 22:58 . 2008-03-25 22:58 19,968 --a------ C:\Program Files\tmp85187.exe
2008-03-23 19:42 . 2008-03-23 19:42 19,968 --a------ C:\Program Files\tmp80312.exe
2008-03-22 07:38 . 2008-03-22 07:38 19,968 --a------ C:\Program Files\tmp243388765.exe
2008-03-19 17:39 . 2008-03-19 17:39 19,968 --a------ C:\Program Files\tmp20238859.exe
2008-03-19 12:04 . 2008-03-19 12:04 19,968 --a------ C:\Program Files\tmp134750.exe
2008-03-18 12:23 . 2008-03-18 12:23 12,288 --a------ C:\Program Files\tmp8343750.exe
2008-03-06 08:47 . 2008-03-06 08:47 <DIR> d-------- C:\Program Files\IE Extensions
2008-03-06 08:47 . 2008-03-06 08:47 19,968 --a------ C:\Program Files\tmp2368046.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:22 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\vulScan
2008-03-29 18:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 14:44 --------- d-----w C:\Program Files\Java
2008-03-29 14:38 --------- d-----w C:\Program Files\DivX
2008-03-28 17:00 --------- d-----w C:\Program Files\Trend Micro
2008-03-26 05:03 98,709 ----a-w C:\Program Files\udefender_setup.exe
2008-02-23 17:40 15,872 ----a-w C:\Program Files\tmp5549734.exe
2008-02-23 16:33 --------- d-----w C:\Documents and Settings\jeff.tallent\Application Data\ATI
2008-02-23 16:33 --------- d-----w C:\DOCUME~1\JEFF~1.TAL\APPLIC~1\ATI
2008-02-22 17:25 15,872 ----a-w C:\Program Files\tmp11817187.exe
2008-02-22 14:11 15,872 ----a-w C:\Program Files\tmp179390.exe
2008-02-20 17:04 15,872 ----a-w C:\Program Files\tmp11352500.exe
2008-02-20 16:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-02-20 16:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-20 16:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-16 20:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{910EA866-6CA1-4855-BBDE-9C9D93AB8984}]
C:\WINDOWS\system32\geebx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]
2008-03-26 14:58 124928 -r-hs---- C:\WINDOWS\system32\ISECUR~1.CPL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c77aa365-2c0a-434e-9c25-a7db2b24ae60}]
C:\WINDOWS\system32\jqtjhxmn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 04:34 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 04:34 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 04:33 131072]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 16:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 07:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 16:54 159744]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 11:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 17:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 18:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 12:23 697976]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 08:52 57344]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 10:36 872448]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-02-26 09:07 3946040]
"OpenVPN GUI"="C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2007-04-25 17:53 104968]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 11:31 710000]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52 404248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 05:06 258048]
"6d1ea1dd"="C:\WINDOWS\system32\xgtcaeae.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"iSecurity applet"="iSecurity.cpl" [2008-03-26 14:58 124928 C:\WINDOWS\system32\iSecurity.cpl]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 13:14:00 561213]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-18 16:33:14 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL [2008-03-26 14:58 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\cba\\pds.exe"= C:\\WINDOWS\\system32\\CBA\\pds.exe
"C:\\WINDOWS\\system32\\msgsys.exe"=
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"=
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=
"C:\\Program Files\\Spark\\Spark.exe"=
"%windir%\\system32\\msgsys.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"34154:TCP"= 34154:TCP:Trend Micro OfficeScan Listener
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"67:TCP"= 67:TCP:LANDesk(R) PXE TCP Port
"67:UDP"= 67:UDP:LANDesk(R) PXE UDP Port
"9535:TCP"= 9535:TCP:LANDesk(R) Remote Control Agent TCP Port
"9535:UDP"= 9535:UDP:LANDesk(R) Remote Control Agent UDP Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:00]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 15:52]
R2 CBA8;LANDesk(R) Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe" [2006-11-21 12:03]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 15:52]
R2 Softmon;LANDesk(R) Software Monitoring Service;"C:\Program Files\LANDesk\LDClient\softmon.exe" [2006-11-16 05:05]
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 14:13]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 15:52]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 13:13]
R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-07-01 15:48]
R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-07-01 15:48]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-07-01 15:48]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 19:08]
S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:00]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\csco21.sys [2007-09-26 04:52]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 20:12]
S3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 23:06]
S3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2007-04-25 17:53]
S3 TPPWRIF;TPPWRIF;C:\Documents and Settings\All Users\Application Data\vulScan\TPPWRIF.sys [2006-09-21 18:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 14:23:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\TEMP\JC90CE.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-04-03 14:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 20:26:52
Pre-Run: 134,429,601,792 bytes free
Post-Run: 134,358,196,224 bytes free
.
2008-03-11 22:04:04 --- E O F ---

TallentedJeff

2008-04-03, 22:38

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:20 PM, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\TEMP\JC90CE.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {910EA866-6CA1-4855-BBDE-9C9D93AB8984} - C:\WINDOWS\system32\geebx.dll (file missing)
O2 - BHO: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O2 - BHO: {06ea42b2-bd7a-52c9-e434-a0c2563aa77c} - {c77aa365-2c0a-434e-9c25-a7db2b24ae60} - C:\WINDOWS\system32\jqtjhxmn.dll (file missing)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [OpenVPN GUI] "C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect eurovpn.ovpn
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [6d1ea1dd] rundll32.exe "C:\WINDOWS\system32\xgtcaeae.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iSecurity applet] rundll32.exe iSecurity.cpl,SecurityMonitor
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.1.75:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190172639781
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O21 - SSODL: ChkVolume - {7c88725a-1fab-46ab-aca6-627c43af27a8} - (no file)
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12791 bytes

Shaba

2008-04-04, 10:28

Hi

Much better :)

We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:

1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Program Files\tmp9220687.exe
C:\Program Files\tmp9220718.exe
C:\Program Files\tmp1961187.exe
C:\WINDOWS\system32\iSecurity.cpl
C:\Program Files\tmp9265984.exe
C:\Program Files\tmp143640.exe
C:\Program Files\tmp160187.exe
C:\Program Files\tmp125296.exe
C:\Program Files\tmp86531.exe
C:\Program Files\tmp85187.exe
C:\Program Files\tmp80312.exe
C:\Program Files\tmp243388765.exe
C:\Program Files\tmp20238859.exe
C:\Program Files\tmp134750.exe
C:\Program Files\tmp8343750.exe
C:\Program Files\tmp2368046.exe
C:\Program Files\udefender_setup.exe
C:\Program Files\tmp5549734.exe
C:\Program Files\tmp11817187.exe
C:\Program Files\tmp179390.exe
C:\Program Files\tmp11352500.exe

Folder::
C:\Program Files\iSecurity
C:\Program Files\cjb
C:\Program Files\IE Extensions

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{910EA866-6CA1-4855-BBDE-9C9D93AB8984}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c77aa365-2c0a-434e-9c25-a7db2b24ae60}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"6d1ea1dd"=-
"iSecurity applet"=-

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

TallentedJeff

2008-04-04, 13:40

ComboFix 08-04-03.3 - Jeff.tallent 2008-04-03 14:02:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1367 [GMT -6:00]
Running from: C:\Documents and Settings\jeff.tallent\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
TimedOut: progfile.dat

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program Files\ucleaner_setup.exe
C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}
C:\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}\ChkVolume.dll
C:\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}
C:\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}\zip.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.

2008-03-29 12:46 . 2004-09-08 09:42 372,736 --a------ C:\WINDOWS\system32\csccfg10.dll
2008-03-28 15:20 . 2008-03-28 15:20 142,848 --a------ C:\Program Files\tmp9220687.exe
2008-03-28 15:20 . 2008-03-28 15:20 19,968 --a------ C:\Program Files\tmp9220718.exe
2008-03-28 13:19 . 2008-03-28 13:19 142,848 --a------ C:\Program Files\tmp1961187.exe
2008-03-28 07:55 . 2008-03-28 07:55 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-28 07:55 . 2008-03-28 07:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-03-27 13:58 . 2008-03-26 14:58 124,928 -r-hs---- C:\WINDOWS\system32\iSecurity.cpl
2008-03-26 14:59 . 2008-03-26 14:59 142,848 --a------ C:\Program Files\tmp9265984.exe
2008-03-26 14:58 . 2008-03-27 11:09 <DIR> d-------- C:\Program Files\iSecurity
2008-03-26 07:00 . 2008-03-26 07:00 <DIR> d-------- C:\Program Files\cjb
2008-03-26 07:00 . 2008-03-26 07:00 19,968 --a------ C:\Program Files\tmp143640.exe
2008-03-26 07:00 . 2008-03-26 07:00 9,728 --a------ C:\Program Files\tmp160187.exe
2008-03-26 07:00 . 2008-03-26 07:00 9,728 --a------ C:\Program Files\tmp125296.exe
2008-03-25 22:58 . 2008-03-25 22:58 19,968 --a------ C:\Program Files\tmp86531.exe
2008-03-25 22:58 . 2008-03-25 22:58 19,968 --a------ C:\Program Files\tmp85187.exe
2008-03-23 19:42 . 2008-03-23 19:42 19,968 --a------ C:\Program Files\tmp80312.exe
2008-03-22 07:38 . 2008-03-22 07:38 19,968 --a------ C:\Program Files\tmp243388765.exe
2008-03-19 17:39 . 2008-03-19 17:39 19,968 --a------ C:\Program Files\tmp20238859.exe
2008-03-19 12:04 . 2008-03-19 12:04 19,968 --a------ C:\Program Files\tmp134750.exe
2008-03-18 12:23 . 2008-03-18 12:23 12,288 --a------ C:\Program Files\tmp8343750.exe
2008-03-06 08:47 . 2008-03-06 08:47 <DIR> d-------- C:\Program Files\IE Extensions
2008-03-06 08:47 . 2008-03-06 08:47 19,968 --a------ C:\Program Files\tmp2368046.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 20:22 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\vulScan
2008-03-29 18:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-29 14:44 --------- d-----w C:\Program Files\Java
2008-03-29 14:38 --------- d-----w C:\Program Files\DivX
2008-03-28 17:00 --------- d-----w C:\Program Files\Trend Micro
2008-03-26 05:03 98,709 ----a-w C:\Program Files\udefender_setup.exe
2008-02-23 17:40 15,872 ----a-w C:\Program Files\tmp5549734.exe
2008-02-23 16:33 --------- d-----w C:\Documents and Settings\jeff.tallent\Application Data\ATI
2008-02-23 16:33 --------- d-----w C:\DOCUME~1\JEFF~1.TAL\APPLIC~1\ATI
2008-02-22 17:25 15,872 ----a-w C:\Program Files\tmp11817187.exe
2008-02-22 14:11 15,872 ----a-w C:\Program Files\tmp179390.exe
2008-02-20 17:04 15,872 ----a-w C:\Program Files\tmp11352500.exe
2008-02-20 16:06 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2008-02-20 16:05 --------- d-----w C:\Program Files\Lavasoft
2008-02-20 16:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 21:12 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-16 20:41 --------- d-----w C:\Program Files\Spybot - Search & Destroy
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{910EA866-6CA1-4855-BBDE-9C9D93AB8984}]
C:\WINDOWS\system32\geebx.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]
2008-03-26 14:58 124928 -r-hs---- C:\WINDOWS\system32\ISECUR~1.CPL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c77aa365-2c0a-434e-9c25-a7db2b24ae60}]
C:\WINDOWS\system32\jqtjhxmn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 04:34 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 04:34 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 04:33 131072]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 08:12 729088]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2007-01-09 16:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 07:36 827392]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 13:18 472776]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-05 16:54 159744]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 11:12 17920]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [2005-12-20 17:51 1187840]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [2006-03-09 18:38 806912]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [2006-10-09 12:23 697976]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-05-12 00:12 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 08:52 57344]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 10:36 872448]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [2007-02-26 09:07 3946040]
"OpenVPN GUI"="C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2007-04-25 17:53 104968]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-12-11 11:31 710000]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [2007-05-01 15:52 404248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [2006-11-01 05:06 258048]
"6d1ea1dd"="C:\WINDOWS\system32\xgtcaeae.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"iSecurity applet"="iSecurity.cpl" [2008-03-26 14:58 124928 C:\WINDOWS\system32\iSecurity.cpl]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 13:14:00 561213]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-09-18 16:33:14 192512]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-05-12 00:23:26 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"iSecurity"= {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - C:\WINDOWS\system32\ISECUR~1.CPL [2008-03-26 14:58 124928]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\cba\\pds.exe"= C:\\WINDOWS\\system32\\CBA\\pds.exe
"C:\\WINDOWS\\system32\\msgsys.exe"=
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"=
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"=
"C:\\Program Files\\Spark\\Spark.exe"=
"%windir%\\system32\\msgsys.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"34154:TCP"= 34154:TCP:Trend Micro OfficeScan Listener
"137:UDP"= 137:UDP:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"67:TCP"= 67:TCP:LANDesk(R) PXE TCP Port
"67:UDP"= 67:UDP:LANDesk(R) PXE UDP Port
"9535:TCP"= 9535:TCP:LANDesk(R) Remote Control Agent TCP Port
"9535:UDP"= 9535:UDP:LANDesk(R) Remote Control Agent UDP Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:00]
R2 atchksrv;Intel(R) Active Management Technology System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 15:52]
R2 CBA8;LANDesk(R) Management Agent;"C:\Program Files\LANDesk\Shared Files\residentagent.exe" [2006-11-21 12:03]
R2 LMS;Intel(R) Active Management Technology Local Management Service;C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 15:52]
R2 Softmon;LANDesk(R) Software Monitoring Service;"C:\Program Files\LANDesk\LDClient\softmon.exe" [2006-11-16 05:05]
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 14:13]
R2 UNS;Intel(R) Active Management Technology User Notification Service;C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 15:52]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 13:13]
R3 ldblank;Screen Blanking driver for Remote Control;C:\WINDOWS\system32\DRIVERS\ldblank.sys [2005-07-01 15:48]
R3 ldmirror;ldmirror;C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2005-07-01 15:48]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2005-07-01 15:48]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 19:08]
S2 ASBroker;Logon Session Broker;C:\WINDOWS\System32\svchost.exe [2004-08-04 02:00]
S3 CSCO21;Cisco Aironet 802.11a/b/g Wireless Adapter Service;C:\WINDOWS\system32\DRIVERS\csco21.sys [2007-09-26 04:52]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 20:12]
S3 PCX500;Cisco Wireless LAN Adapters Driver;C:\WINDOWS\system32\DRIVERS\pcx500.sys [2004-08-03 23:06]
S3 tap0901;TAP-Win32 Adapter V9;C:\WINDOWS\system32\DRIVERS\tap0901.sys [2007-04-25 17:53]
S3 TPPWRIF;TPPWRIF;C:\Documents and Settings\All Users\Application Data\vulScan\TPPWRIF.sys [2006-09-21 18:53]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 14:23:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\WINDOWS\TEMP\JC90CE.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2008-04-03 14:26:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-03 20:26:52
Pre-Run: 134,429,601,792 bytes free
Post-Run: 134,358,196,224 bytes free
.
2008-03-11 22:04:04 --- E O F ---

TallentedJeff

2008-04-04, 13:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:44 AM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\FU89FC.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [OpenVPN GUI] "C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect eurovpn.ovpn
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.1.75:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190172639781
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O21 - SSODL: ChkVolume - {7c88725a-1fab-46ab-aca6-627c43af27a8} - (no file)
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 11273 bytes

Shaba

2008-04-04, 18:07

Hi

You posted now an old combofix log.

Did you run it again like I instructed?

TallentedJeff

2008-04-08, 16:33

Hello Shaba,
sorry for the latency on my reply.

i tried to run Comboxfix again with the CFScript.txt as per your instruction.Combofix will open the blue screen and thats it, it will not finish the scan, i then tried to run combofix straight without adding the CFScript and i get the same thing. it will load and throw the blue sreen for a second and then nothing.

Shaba

2008-04-08, 16:40

Hi

Then we do this:

Open HijackThis, click do a system scan only and checkmark these:

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
O21 - SSODL: ChkVolume - {7c88725a-1fab-46ab-aca6-627c43af27a8} - (no file)
O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)

Close all windows including browser and press fix checked.

Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Program Files\tmp9220687.exe
C:\Program Files\tmp9220718.exe
C:\Program Files\tmp1961187.exe
C:\WINDOWS\system32\iSecurity.cpl
C:\Program Files\tmp9265984.exe
C:\Program Files\tmp143640.exe
C:\Program Files\tmp160187.exe
C:\Program Files\tmp125296.exe
C:\Program Files\tmp86531.exe
C:\Program Files\tmp85187.exe
C:\Program Files\tmp80312.exe
C:\Program Files\tmp243388765.exe
C:\Program Files\tmp20238859.exe
C:\Program Files\tmp134750.exe
C:\Program Files\tmp8343750.exe
C:\Program Files\tmp2368046.exe
C:\Program Files\udefender_setup.exe
C:\Program Files\tmp5549734.exe
C:\Program Files\tmp11817187.exe
C:\Program Files\tmp179390.exe
C:\Program Files\tmp11352500.exe
C:\Program Files\iSecurity
C:\Program Files\cjb
C:\Program Files\IE Extensions

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light blue bar) and choose Paste.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot.

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.

Post:

- dss log
- otmoveit2 report

TallentedJeff

2008-04-08, 16:59

Deckard's System Scanner v20071014.68
Run by jeff.tallent on 2008-04-08 08:54:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
77: 2008-04-08 14:54:26 UTC - RP92 - Deckard's System Scanner Restore Point
76: 2008-04-04 11:03:07 UTC - RP91 - ComboFix created restore point
75: 2008-04-03 20:01:55 UTC - RP90 - ComboFix created restore point
74: 2008-03-29 18:55:12 UTC - RP89 - Removed Cisco Aironet Client Administration Utility
73: 2008-03-29 18:54:14 UTC - RP88 - Installed Cisco Aironet Client Administration Utility

-- First Restore Point --
1: 2008-02-14 23:34:56 UTC - RP16 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as jeff.tallent.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:07 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\IC18D4.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Documents and Settings\jeff.tallent\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\jeff.tallent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {910EA866-6CA1-4855-BBDE-9C9D93AB8984} - (no file)
O2 - BHO: (no name) - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O2 - BHO: (no name) - {c77aa365-2c0a-434e-9c25-a7db2b24ae60} - (no file)
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [OpenVPN GUI] "C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect eurovpn.ovpn
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.1.75:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190172639781
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 11851 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080408-084656-661 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
backup-20080408-084657-233 O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} -
backup-20080408-084657-300 O21 - SSODL: ChkVolume - {7c88725a-1fab-46ab-aca6-627c43af27a8} - (no file)
backup-20080408-084657-692 O21 - SSODL: iSecurity - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
backup-20080408-084657-785 O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
backup-20080408-084657-888 O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -
backup-20080408-084657-976 O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 tap0901 (TAP-Win32 Adapter V9) - c:\windows\system32\drivers\tap0901.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>

S3 catchme - c:\docume~1\jeff~1.tal\locals~1\temp\catchme.sys (file missing)
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 TPPWRIF - c:\documents and settings\all users\application data\vulscan\tppwrif.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CBA8 (LANDesk(R) Management Agent) - "c:\program files\landesk\shared files\residentagent.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk(R) Management Agent>
R2 Intel Local Scheduler Service - "c:\program files\landesk\ldclient\localsch.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 Intel PDS - c:\windows\system32\cba\pds.exe <Not Verified; LANDesk Software Ltd.; Intel Common Base Agent>
R2 Intel Targeted Multicast (LANDesk Targeted Multicast) - c:\program files\landesk\ldclient\tmcsvc.exe <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 ISSUSER (LANDesk Remote Control Service) - c:\progra~1\landesk\ldclient\issuser.exe /service <Not Verified; LANDesk Software, Ltd.; LANDesk Software>
R2 Softmon (LANDesk(R) Software Monitoring Service) - "c:\program files\landesk\ldclient\softmon.exe" <Not Verified; LANDesk Software, Ltd.; LANDesk Software>

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>
S3 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-01-25 17:34:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

-- Files created between 2008-03-08 and 2008-04-08 -----------------------------

2008-04-04 05:10:08 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-03 14:01:07 68096 --a------ C:\WINDOWS\zip.exe
2008-04-03 14:01:07 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-03 14:01:07 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-03 14:01:07 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-03 14:01:07 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-03 14:01:07 98816 --a------ C:\WINDOWS\sed.exe
2008-04-03 14:01:07 80412 --a------ C:\WINDOWS\grep.exe
2008-04-03 14:01:07 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-29 12:46:13 372736 --a------ C:\WINDOWS\system32\csccfg10.dll <Not Verified; Cisco Systems, Inc.; Cisco Configuration API Dynamic Link Library>
2008-03-28 07:55:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-28 07:55:22 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-26 11:16:08 4194304 --a------ C:\Documents and Settings\jeff.tallent\ntuser.dat

-- Find3M Report ---------------------------------------------------------------

2008-03-29 12:46:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 08:44:40 0 d-------- C:\Program Files\Java
2008-03-29 08:38:08 0 d-------- C:\Program Files\DivX
2008-03-28 11:00:41 0 d-------- C:\Program Files\Trend Micro
2008-02-23 10:33:08 0 d-------- C:\Documents and Settings\jeff.tallent\Application Data\ATI
2008-02-20 10:05:39 0 d-------- C:\Program Files\Lavasoft
2008-02-20 10:04:49 0 d-------- C:\Program Files\Common Files
2008-02-20 10:04:49 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 17:18:51 20 --a------ C:\WINDOWS\popcinfot.dat
2008-02-14 11:25:38 0 --a------ C:\WINDOWS\popcreg.dat
2008-01-12 08:50:46 79425 --a------ C:\WINDOWS\hpfins05.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{910EA866-6CA1-4855-BBDE-9C9D93AB8984}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8311E8F-E459-4D22-89B4-CB9DCF10A425}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c77aa365-2c0a-434e-9c25-a7db2b24ae60}]

TallentedJeff

2008-04-08, 17:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [02/26/2007 04:34 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [02/26/2007 04:34 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [02/26/2007 04:33 AM]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12 AM]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [01/09/2007 04:52 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/12/2007 07:36 AM]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [03/01/2007 01:18 PM]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [03/05/2007 04:54 PM]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [12/22/2003 11:12 AM]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [12/20/2005 05:51 PM]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [03/09/2006 06:38 PM]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [10/09/2006 12:23 PM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/12/2005 12:12 AM]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [05/03/2007 08:52 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [01/05/2007 10:36 AM]
"HPWWANGSAssistant"="c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe" [02/26/2007 09:07 AM]
"OpenVPN GUI"="C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" [04/25/2007 05:53 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [12/11/2007 11:31 AM]
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" [05/01/2007 03:52 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 08:51 PM]
"SDClientMonitor"="C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe" [11/01/2006 05:06 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:00 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 10:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2/6/2007 1:14:00 PM]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [9/18/2007 4:33:14 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/12/2005 12:23:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
Cognizance ASBroker ASChannel

-- End of Deckard's System Scanner: finished at 2008-04-08 08:55:30 ------------

TallentedJeff

2008-04-08, 17:02

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 2015.23 MiB / 1375.66 MiB
Pagefile Memory (total/avail): 3397.05 MiB / 2905.05 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.9 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 125.19 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Trend Micro Personal Firewall v3.32 (Trend Micro Inc.)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)
AV: Trend Micro OfficeScan Antivirus v8.0 (TrendAntiVirus)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\CBA\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:enabled:LANDesk(R) Management Agent"
"C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe"="C:\\Program Files\\LANDesk\\LDClient\\wuser32.exe:*:enabled:Remote Control Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\mqsvc.exe"="C:\\WINDOWS\\system32\\mqsvc.exe:*:Enabled:Message Queuing"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\cba\\pds.exe"="C:\\WINDOWS\\system32\\CBA\\pds.exe:*:enabled:LANDesk(R) Ping Discovery Service"
"C:\\WINDOWS\\system32\\msgsys.exe"="C:\\WINDOWS\\system32\\msgsys.exe:*:Enabled:LANDesk Message Service"
"C:\\Program Files\\LANDesk\\LDClient\\issuser.exe"="C:\\Program Files\\LANDesk\\LDClient\\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe"="C:\\Program Files\\LANDesk\\LDClient\\tmcsvc.exe:*:enabled:LANDesk(R) Targeted Multicast Client"
"C:\\Program Files\\Spark\\Spark.exe"="C:\\Program Files\\Spark\\Spark.exe:*:Enabled:Spark"
"%windir%\\system32\\msgsys.exe"="%windir%\\system32\\msgsys.exe:*:enabled:LANDesk(R) CBA Message System"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"="C:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe:*:Enabled:LANDesk(R) Management Agent"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jeff.tallent\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JTALLENT-6910P
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jeff.tallent
LDMS_LOCAL_DIR=C:\Program Files\LANDesk\LDClient\Data
LOGONSERVER=\\JTALLENT-6910P
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\Temp
TMP=C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\Temp
USERDOMAIN=JTALLENT-6910P
USERNAME=Jeff.tallent
USERPROFILE=C:\Documents and Settings\jeff.tallent
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

john.byrne (new local)
jeff.tallent (admin)
installation (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> MsiExec.exe /I{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Application Installer 4.00.B13 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Catalyst Control Center - Branding --> MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Credential Manager for HP ProtectTools --> MsiExec.exe /X{377E3D59-C8FB-4E16-B3D1-E1D92D30DA00}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP 3D DriveGuard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\setup.exe" -l0x9 UNINSTALL
HP Backup and Recovery Manager Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP BIOS Configuration for ProtectTools --> MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
HP Broadband Wireless Modules --> MsiExec.exe /X{B2D74DEC-9F82-428C-8C30-CCFBCFE45F90}
HP Deskjet 5900 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Doc Viewer --> MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP Notebook Accessories Product Tour --> MsiExec.exe /I{521F72F4-FFE4-4959-AA88-EED06125211F}
HP ProtectTools Security Manager --> MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.20 D3 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guide Bluetooth Addendum 0062 --> MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0058 --> MsiExec.exe /I{AAD766FC-9DD0-4493-8EBF-B9DFA869E401}
HP Wireless Assistant --> MsiExec.exe /I{7E41B06E-FD17-4518-8C8E-493C251C2C8E}
HP WWAN Setup Utility --> MsiExec.exe /X{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}
Intel(R) Active Management Technology Device Software --> C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Management Engine Interface --> C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
InterVideo DVD Check --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
IPSU --> C:\WINDOWS\IsUninst.exe -fC:\Cisco\IPSU\Uninst.isu
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LANDesk Advance Agent --> MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Viewer 2003 (English) --> MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
nextmile --> C:\Program Files\nextmile\uninstall.exe
OpenVPN 2.1_rc4 --> C:\Program Files\OpenVPN\Uninstall.exe
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9 --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3 --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Skype™ Beta 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.inf
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spark 2.5.5 --> C:\Program Files\Spark\uninstall.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type5218 / Error
Event Submitted/Written: 04/08/2008 08:39:11 AM
Event ID/Source: 14 / Inventory Scanner
Event Description:
LDIScn32: The inventory server ARTEMIS.BE.SCEUR.CH did not respond.

Event Record #/Type5215 / Error
Event Submitted/Written: 04/08/2008 08:15:20 AM
Event ID/Source: 2002 / Intel(R) AMT
Event Description:
[UNS] Failed to subscribe to local Intel(R) AMT.

Event Record #/Type5210 / Warning
Event Submitted/Written: 04/08/2008 08:15:15 AM
Event ID/Source: 2001 / Intel(R) AMT
Event Description:
[UNS] Failed to get EAC Status.

Event Record #/Type5209 / Error
Event Submitted/Written: 04/08/2008 08:15:15 AM
Event ID/Source: 2002 / Intel(R) AMT
Event Description:
[UNS] Failed to subscribe to local Intel(R) AMT.

Event Record #/Type5198 / Error
Event Submitted/Written: 04/08/2008 07:30:49 AM
Event ID/Source: 14 / Inventory Scanner
Event Description:
LDIScn32: The inventory server ARTEMIS.BE.SCEUR.CH did not respond.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type9132 / Error
Event Submitted/Written: 04/08/2008 08:16:27 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\Program Files\InterVideo\DVD Check\DVDCheck.exe.
Reference error message: The operation completed successfully.
.

Event Record #/Type9131 / Error
Event Submitted/Written: 04/08/2008 08:16:27 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type9130 / Error
Event Submitted/Written: 04/08/2008 08:16:27 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type9108 / Error
Event Submitted/Written: 04/08/2008 08:15:15 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Logon Session Broker service terminated with the following error:
%%126

Event Record #/Type9103 / Warning
Event Submitted/Written: 04/08/2008 07:58:50 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

-- End of Deckard's System Scanner: finished at 2008-04-08 08:55:30 ------------

TallentedJeff

2008-04-08, 17:02

OTMoveit2 Log

File/Folder C:\Program Files\tmp9220687.exe not found.
File/Folder C:\Program Files\tmp9220718.exe not found.
File/Folder C:\Program Files\tmp1961187.exe not found.
File/Folder C:\WINDOWS\system32\iSecurity.cpl not found.
File/Folder C:\Program Files\tmp9265984.exe not found.
File/Folder C:\Program Files\tmp143640.exe not found.
File/Folder C:\Program Files\tmp160187.exe not found.
File/Folder C:\Program Files\tmp125296.exe not found.
File/Folder C:\Program Files\tmp86531.exe not found.
File/Folder C:\Program Files\tmp85187.exe not found.
File/Folder C:\Program Files\tmp80312.exe not found.
File/Folder C:\Program Files\tmp243388765.exe not found.
File/Folder C:\Program Files\tmp20238859.exe not found.
File/Folder C:\Program Files\tmp134750.exe not found.
File/Folder C:\Program Files\tmp8343750.exe not found.
File/Folder C:\Program Files\tmp2368046.exe not found.
File/Folder C:\Program Files\udefender_setup.exe not found.
File/Folder C:\Program Files\tmp5549734.exe not found.
File/Folder C:\Program Files\tmp11817187.exe not found.
File/Folder C:\Program Files\tmp179390.exe not found.
File/Folder C:\Program Files\tmp11352500.exe not found.
File/Folder C:\Program Files\iSecurity not found.
File/Folder C:\Program Files\cjb not found.
File/Folder C:\Program Files\IE Extensions not found.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04082008_085151

Shaba

2008-04-08, 17:06

Hi

It looks like that combo actually really deleted those files/folders :)

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {910EA866-6CA1-4855-BBDE-9C9D93AB8984} - (no file)
O2 - BHO: (no name) - {A8311E8F-E459-4D22-89B4-CB9DCF10A425} - (no file)
O2 - BHO: (no name) - {c77aa365-2c0a-434e-9c25-a7db2b24ae60} - (no file)

Close all windows including browser and press fix checked.

Reboot.

Empty this folder:

C:\Program Files\Trend Micro\OfficeScan Client\Suspect\

Empty Recycle Bin.

Re-scan with kaspersky.

Post:

- a fresh HijackThis log
- kaspersky report

TallentedJeff

2008-04-08, 19:04

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:57 AM, on 4/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\LDIScn32.EXE
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
C:\WINDOWS\TEMP\ZGD5C.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\LANDesk\LDClient\AMCLIENT.EXE
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\LANDesk\Shared Files\proxyhost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [HPWWANGSAssistant] c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode
O4 - HKLM\..\Run: [OpenVPN GUI] "C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe" --connect eurovpn.ovpn
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://10.1.1.75:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://10.1.1.75:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190172639781
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\JEFF~1.TAL\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 12501 bytes

TallentedJeff

2008-04-08, 19:07

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, April 08, 2008 11:01:51 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/04/2008
Kaspersky Anti-Virus database records: 690209
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 85296
Number of viruses found: 23
Number of infected objects: 191
Number of suspicious objects: 0
Duration of the scan process: 01:04:42

Infected Object Name / Virus Name / Last Action
C:\67b5908f85dbba9153d7a14dd1a6f025\riprep.exe Object is locked skipped
C:\ComboFix\dumphive.cfexe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\cert8.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\history.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\key3.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\parent.lock Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\search.sqlite Object is locked skipped
C:\Documents and Settings\jeff.tallent\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\jeff.tallent\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Outlook\outlook.ost Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Outlook\OutlookHotmail-00000003.pst Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Application Data\Mozilla\Firefox\Profiles\5lnymg8w.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\History\History.IE5\MSHist012008040820080409\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\Acr3FA3.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\ExchangePerflog_8484fa3131ab18d1cfcccd43.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\lilo2 Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\lilo3 Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DF7CCD.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DF7CDA.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temp\~DFEDAB.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\Local Settings\Temporary Internet Files\Content.Word\~WRS2738.tmp Object is locked skipped
C:\Documents and Settings\jeff.tallent\ntuser.dat Object is locked skipped
C:\Documents and Settings\jeff.tallent\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SwiHpWmi.log Object is locked skipped
C:\Program Files\LANDesk\Shared Files\proxyhost.log Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\IE Extensions\cj.v2.dll.vir Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\QooBox\Quarantine\C\Program Files\tmp11352500.exe.vir Infected: Backdoor.Win32.Small.cwc skipped
C:\QooBox\Quarantine\C\Program Files\tmp11817187.exe.vir Infected: Backdoor.Win32.Small.cwc skipped
C:\QooBox\Quarantine\C\Program Files\tmp179390.exe.vir Infected: Backdoor.Win32.Small.cwc skipped
C:\QooBox\Quarantine\C\Program Files\tmp20238859.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp2368046.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp243388765.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp5549734.exe.vir Infected: Backdoor.Win32.Small.cwc skipped
C:\QooBox\Quarantine\C\Program Files\tmp80312.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp85187.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp86531.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\tmp9220718.exe.vir Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\Program Files\ucleaner_setup.exe.vir Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\QooBox\Quarantine\C\Program Files\udefender_setup.exe.vir Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{7c88725a-1fab-46ab-aca6-627c43af27a8}\ChkVolume.dll.vir Infected: Trojan.Win32.Agent.feh skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{e7d735c0-524b-4f6b-adf6-cd49c15d193d}\zip.dll.vir Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP56\A0036290.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/keygen.exe Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/patch.exe Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/crack.exe Infected: Trojan-Downloader.Win32.Small.iel skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar/install.exe Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036326.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP57\A0036327.exe Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036464.exe Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036465.exe Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036499.exe Infected: Trojan-Spy.Win32.BZub.bys skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP58\A0036500.exe Infected: Trojan-Downloader.Win32.Small.iel skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP59\A0038611.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP61\A0038638.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP61\A0039768.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039829.exe Object is locked skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039840.dll Infected: Trojan.Win32.Dialer.yz skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039841.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039914.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP62\A0039916.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP77\A0051530.dll Infected: Trojan-Clicker.Win32.Agent.wd skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP77\A0051536.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051551.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051557.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051558.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051559.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051560.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051576.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051577.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051590.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051591.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051625.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051629.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP78\A0051631.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052653.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052654.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052682.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052742.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.e skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP79\A0052778.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052781.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052782.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052783.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052856.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052859.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052861.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052864.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP80\A0052866.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052935.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052936.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052937.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052960.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052962.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0052963.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0053038.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054056.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054057.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054060.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054061.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054062.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054117.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054118.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054119.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0054120.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0055117.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP81\A0055118.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped

TallentedJeff

2008-04-08, 19:10

C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP90\A0056931.exe Infected: not-a-virus:Downloader.Win32.UltimateFix.h skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP90\A0056932.dll Infected: Trojan.Win32.Agent.feh skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP90\A0056933.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058099.dll Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058100.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058101.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058106.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058108.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058109.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058110.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058111.exe Infected: Backdoor.Win32.Small.cwc skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058112.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058114.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058115.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058117.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058119.exe Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058406.exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058407.exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058408.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058409.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058410.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058411.exe Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058412.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058413.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058414.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058415.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058416.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058417.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058419.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058421.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058422.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058423.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058424.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058425.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058426.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058427.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058428.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058429.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058430.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058431.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058432.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058433.exe Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058434.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058435.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058436.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058437.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058438.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058439.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058440.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058441.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058442.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058443.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058444.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058445.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058446.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058447.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058448.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058449.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058450.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058451.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058452.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058453.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058454.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058455.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058456.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058457.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058458.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058459.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058460.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058461.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058462.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058463.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058464.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058465.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058466.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058467.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058468.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058469.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058470.exe Infected: Trojan-Downloader.Win32.BHO.cu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058471.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058472.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.v skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058473.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058474.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058475.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058476.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058477.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058478.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058479.exe Infected: Trojan-Downloader.Win32.Small.iuq skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058480.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058481.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058482.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058483.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058484.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058485.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058486.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058487.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058488.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058489.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058490.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058491.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058492.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058493.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058494.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058495.exe Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058496.exe Infected: Trojan.Win32.Qhost.abh skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058497.dll Infected: Trojan-Dropper.Win32.Agent.fbe skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP91\A0058498.exe Infected: Trojan-Dropper.Win32.Agent.ftu skipped
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP92\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Installer\{0bac193a-6828-40fe-b7e2-601dbccdd5ca}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{32119051-f64e-4211-b728-5c831ebc89c9}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\Installer\{7e4ee584-7125-4757-86ac-23ca28a58a76}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{a6c3e386-be3a-430f-a402-61bad6ceaee9}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{b69d25af-5809-47ba-83a0-08adf8b50b87}\zip.dll Infected: Trojan-Dropper.Win32.Agent.qfy skipped
C:\WINDOWS\Installer\{be59ba25-50a0-49f5-9ce8-efddc734cb63}\zip.dll Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SMINST\schedule.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Credenti.evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\atchk.log Object is locked skipped
C:\WINDOWS\Temp\atchksrv.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba

2008-04-08, 19:13

Hi

Delete these:

C:\WINDOWS\Installer\{0bac193a-6828-40fe-b7e2-601dbccdd5ca}
C:\WINDOWS\Installer\{32119051-f64e-4211-b728-5c831ebc89c9}
C:\WINDOWS\Installer\{7e4ee584-7125-4757-86ac-23ca28a58a76}
C:\WINDOWS\Installer\{a6c3e386-be3a-430f-a402-61bad6ceaee9}
C:\WINDOWS\Installer\{b69d25af-5809-47ba-83a0-08adf8b50b87}
C:\WINDOWS\Installer\{be59ba25-50a0-49f5-9ce8-efddc734cb63}

Empty this folder:

C:\QooBox\Quarantine\

Empty Recycle Bin.

All other viruses are in system restore and inactive.

I give you later instructions how to empty it.

Other than that, any problems left?

TallentedJeff

2008-04-08, 19:34

So far everything seems to be back to working order.I tip my hat to you if the massive problems are no more.

Shaba

2008-04-08, 19:37

Hi

Then you're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

If Trend Micro doesn't have a firewall, install one from below:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (http://www.personalfirewall.comodo.com/)
2) Online Armor (http://www.tallemu.com/online_armor_free.html)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
5) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za) (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Next we remove all used tools.

Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)

Re-enable system restore with instructions from tutorial above

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt

Change the Download unsigned ActiveX controls to Disable

Change the Initialize and script ActiveX controls not marked as safe to Disable

Change the Installation of desktop items to Prompt

Change the Launching programs and files in an IFRAME to Prompt

Change the Navigate sub-frames across different domains to Prompt

When all these settings have been made, click on the OK button.

If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

Malwarebytes' Anti-Malware Setup Guide (http://bfccomputers.com/index.php?showtopic=1644)

Malwarebytes' Anti-Malware Scanning Guide (http://bfccomputers.com/index.php?showtopic=1645)

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)

Happy surfing and stay clean! :bigthumb: