View Full Version : Had Virtrumonde, deleted, think I have something else
Hi. My computer is currently infected, but I'm not exactly sure what it is. I have run spybot, and used it to fix what it can, but there's still more. I'm am currently running a kaspersky scan, and will post when ready and if necessary.
Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:58 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Flashget] C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\rd.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
O21 - SSODL: DriveRom - {12f089a8-6c5d-411c-8e42-63fe1ac0998a} - C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ndmmxiaomayi
2008-04-14, 20:42
Hi,
Your log shows that there are 2 antivirus programs installed on your computer.
This is not recommended as having more than one antivirus programs installed will cause conflicts and lower system security.
Please choose to keep either Trend Micro Antivirus or Symantec Antivirus.
After removing one of the antivirus program, please restart your computer and do the following:
Please download and install CCleaner Slim (http://www.ccleaner.com/download/builds/downloading-slim).
Once installed, double click on the desktop shortcut created.
On the leftmost column, click on Tools.
On the middle column, click on Uninstall.
At the bottom right hand corner, click on the Save to text file... button.
By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
Close CCleaner.Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.
In your next reply, please post:
A new HijackThis log
CCleaner install.txt file
Not sure why it had symantec on there. Thought I had uninstalled it. Anyway, here are they logs.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:05 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Flashget] C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\rd.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
O21 - SSODL: DriveRom - {12f089a8-6c5d-411c-8e42-63fe1ac0998a} - C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 11818 bytes
Install text:
東方風神録 体験版 ver 0.02a
7-Zip 4.32
ABC Amber LIT Converter
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
AnswerWorks Runtime
Anvil Studio
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Plug&Share 54Mbps Wireless PCI Adapter
Audacity 1.2.6
Audio Editor Gold v9.2.19.1
AudioShell 1.3 beta 1
Audiosurf
AutoCAD 2007 - English
Autodesk DWF Viewer
Avanquest update
AVI Codec Pack
Azureus
Battlefield 2142
CCleaner (remove only)
C-Dilla Licence Management System
DesktopEarth
DivX Web Player
EA Download Manager
Easy CD & DVD Creator 6
EVGA Display Driver
Fable - The Lost Chapters
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
foobar2000 v0.9.5
Free Download Manager 2.1
GMAT Diagnostic
Google Earth
Google Toolbar for Firefox
Guitar Pro 5.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
hp deskjet 3600
iPod for Windows 2006-03-23
IrfanView (remove only)
iScrobbler
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Last.fm Player 1.1.4
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Visual C++ 2005 Redistributable
mIRC
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
myFairTunes v.7.0.2c
neroxml
NVIDIA Drivers
OpenSA web server 2
Peggle Extreme
PlayOnline Viewer and Tetra Master
POLUtils
Portal
航海士*禁〜砂塵の王都編〜
QuickTime
Ragnarok Online
RealPlayer
Replay Media Catcher
Roxio DVDMAX Player
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SimCity 2000ョ CD Collection
Source SDK Base
Spybot - Search & Destroy
Steam
Symantec KB-DocID:2003093015493306
Team Fortress 2
TeamSpeak 2 RC2
Trend Micro PC-cillin Internet Security 2007
Tweak UI
Tweakui Powertoy for Windows XP
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Winamp
Winamp Toolbar for Firefox
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
ndmmxiaomayi
2008-04-15, 09:59
Hi,
Do you know anything about these programs?
東方風神録 体験版 ver 0.02a
航海士*禁〜砂塵の王都編〜
____________________
Azureus is installed on your computer. While Azureus is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it /them while cleaning your computer to prevent getting more infections.
A list of clean and infected P2P programs can be found at Malware Removal (http://p2p.malwareremoval.com/) and Spyware Info (http://www.spywareinfo.com/articles/p2p/).
The risks of using a P2P program are stated in this Sourceforge website (http://aresgalaxy.sourceforge.net/p2prisks.htm) and Information Week article (http://www.informationweek.com/security/showArticle.jhtml?articleID=53200209&pgno=2&queryText=).
Please also read this sticky (http://forums.spybot.info/showthread.php?t=282).
____________________
Step 1
Download and save Norton Removal Tool (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039) to your desktop.
Run it to remove Norton. After this, please restart your computer.
Step 2
Please disable Spybot Teatimer temporarily as it may interfere with the fixes. You can re-enable it back after your computer is clean.
Please also disable Trend Micro Antivirus temporarily. Remember to re-enable your antivirus before posting the logs.
Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
Click on Mode > Advanced Mode. When it prompts you, click Yes.
On the left hand side, click on Tools.
Check (tick) this box if it is not yet ticked: Resident.
You will notice that Resident is now added under Tools. Click on Resident.
Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
Exit Spybot Search & Destroy.
Restart your computer for the changes to take effect.
Step 3
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Please download Combofix from Bleeping Computer (http://download.bleepingcomputer.com/sUBs/ComboFix.exe). Save it to your desktop.
If you can't download it, please try these 2 alternative sites:
Forospyware (http://www.forospyware.com/sUBs/ComboFix.exe)
Geeks to Go (http://subs.geekstogo.com/ComboFix.exe)
Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
A new HijackThis log
If you know what those programs are
I know what the first one is. It's a program with Japanese as it's main language, so that's probably why it's like that. I do not know what the second one is. When I tried to uninstall it, some unknown error popped up. Here are the logs.
ComboFix 08-04-14.2 - Stewart 2008-04-15 15:15:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\cjb
C:\Program Files\cjb\cjb7.exe
C:\Program Files\cjb\cjb8.exe
C:\Program Files\iSecurity
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\syscleaner.bmp
C:\Program Files\iSecurity\syscleanerinstalled.bmp
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefenderinstalled.bmp
C:\Program Files\iSecurity\Ultimate Cleaner\setup.exe
C:\Program Files\iSecurity\winifixer.bmp
C:\Program Files\iSecurity\winifixerinstalled.bmp
C:\Program Files\SysCleaner
C:\Program Files\SystemDefender
C:\WINDOWS\BM2336d263.xml
C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}
C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}
C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-15 15:09 . 2008-04-15 15:09 124 --a------ C:\tempdel.bat
2008-04-15 14:44 . 2008-04-15 14:44 19,968 --a------ C:\Program Files\tmp168515.exe
2008-04-14 19:29 . 2008-04-14 19:29 19,968 --a------ C:\Program Files\tmp9350218.exe
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-14 04:14 . 2008-04-14 04:14 10,240 --a------ C:\Program Files\tmp39553078.exe
2008-04-14 04:05 . 2008-04-14 04:05 10,240 --a------ C:\Program Files\tmp39066578.exe
2008-04-13 18:49 . 2008-04-13 18:49 35,660 --a------ C:\Program Files\tmp5678828.exe
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
2008-03-20 19:52 . 2008-03-20 19:52 294 ---hs---- C:\WINDOWS\system32\kmxxjvyh.ini
2008-03-20 19:47 . 2008-03-21 19:38 120 --a------ C:\temp.bat
2008-03-19 19:51 . 2008-03-19 19:51 354 ---hs---- C:\WINDOWS\system32\moguqlbg.ini
2008-03-19 17:19 . 2008-03-19 17:19 294 ---hs---- C:\WINDOWS\system32\fwrpgsmw.ini
2008-03-19 17:18 . 2008-04-06 12:28 <DIR> d-------- C:\Program Files\IE Extensions
2008-03-17 22:13 . 2008-03-18 18:28 1,734 ---hs---- C:\WINDOWS\system32\vgibcxyf.ini
2008-03-16 14:57 . 2008-04-06 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-16 14:56 . 2008-03-19 17:28 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-16 13:58 . 2008-03-16 14:02 354 ---hs---- C:\WINDOWS\system32\xwwqmsot.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 21:23 --------- d-----w C:\Program Files\Steam
2008-04-15 21:04 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-03-28 04:44 --------- d-----w C:\Program Files\ACIDHEAD
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]
"BM2336d263"="C:\WINDOWS\system32\woutrufo.dll" [ ]
C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 15:30:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-15 15:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 21:38:20
Pre-Run: 81,667,366,912 bytes free
Post-Run: 84,902,264,832 bytes free
.
2008-04-11 04:10:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:58 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10810 bytes
ndmmxiaomayi
2008-04-16, 16:13
Hi,
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System. You are using Windows XP Home Service Pack 2 (SP2).
http://img.photobucket.com/albums/v666/sUBs/KB310994.gif
Download the file & save it as it's originally named, next to ComboFix.exe.
http://img.photobucket.com/albums/v666/sUBs/rc1.gif
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
Please do not restart or shut down your machine until we have reviewed the log.
Here is the log.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
ndmmxiaomayi
2008-04-17, 07:16
Hi,
Step 1
Please open Notepad and copy and paste the following in the Code box into Notepad.
http://forums.spybot.info/showthread.php?t=26637
Collect::
C:\Program Files\tmp168515.exe
C:\Program Files\tmp9350218.exe
C:\Program Files\tmp39553078.exe
C:\Program Files\tmp39066578.exe
C:\Program Files\tmp5678828.exe
File::
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini
DirLook::
C:\Program Files\IE Extensions
C:\Program Files\ACIDHEAD
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
2005e1ff"=-
"BM2336d263"=-
Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.
Click on File > Save As....
In the File Name field, copy and paste in CFScript.txt. Do not change the file name.
Click Save.
Referring to the picture below, drag CFScript into Combofix.
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Combofix will start running. When done, a log will be produced. Please post this log in your next reply.
In addition, it will prompt you to submit some files for analyzing.
http://i266.photobucket.com/albums/ii277/sUBs_/CF-Submit_notice.gif
Click OK.
Copy and paste the file path into the text box next to the Browse button (boxed up in red).
http://xs123.xs.to/xs123/08053/cfsumbit320.png
Click on Send File.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Step 2
Please open Notepad and copy and paste the following in the Code box into Notepad.
@echo off
echo The log can be found at C:\contents.txt if Notepad doesn't open automatically.
echo Contents of tempdel.bat >> C:\contents.txt
echo. >> C:\contents.txt
type C:\tempdel.bat >> C:\contents.txt
echo. >> C:\contents.txt
echo Contents of temp.bat >> C:\contents.txt
echo. >> C:\contents.txt
type C:\temp.bat >> C:\contents.txt
notepad C:\contents.txt
Click on File > Save As....
In the File Name box, copy and paste in see.bat
In the Save As Type box, select All Files from the drop-down list.
Click Save.
Double click on see.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
Contents of Notepad from Step 2 (C:\contents.txt)
A new HijackThis log
Here are the various logs.
ComboFix 08-04-14.2 - Stewart 2008-04-17 0:02:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFscript.txt
FILE ::
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\tmp39066578.exe
C:\Program Files\tmp39553078.exe
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 21:58 . 2008-04-16 21:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-15 15:09 . 2008-04-15 15:09 124 --a------ C:\tempdel.bat
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
2008-03-20 19:47 . 2008-03-21 19:38 120 --a------ C:\temp.bat
2008-03-19 17:18 . 2008-04-16 21:33 <DIR> d-------- C:\Program Files\IE Extensions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 06:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-17 05:10 --------- d-----w C:\Program Files\Steam
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:44 --------- d-----w C:\Program Files\ACIDHEAD
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\ACIDHEAD ----
---- Directory of C:\Program Files\IE Extensions ----
((((((((((((((((((((((((((((( snapshot@2008-04-15_15.38.11.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 21:43:01 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-17 03:58:50 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-01-22 21:43:02 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-17 03:58:50 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-01-22 21:43:02 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-17 03:58:50 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-01-22 21:42:55 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:41 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:57 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:43 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:58 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:44 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:58 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:45 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:46 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:46 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:47 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:00 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:47 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:48 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:02 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:51 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:02 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-17 03:58:51 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-01-22 21:43:02 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-17 03:58:51 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-01-22 21:43:03 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-17 03:58:52 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-01-22 21:43:03 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-17 03:58:52 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-01-22 21:43:01 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-17 03:58:50 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-15 21:21:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 21:41:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-12 22:42:30 1,123,696 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_33.dll
+ 2007-05-16 22:45:16 1,124,720 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_34.dll
+ 2007-07-20 00:14:42 1,358,192 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_35.dll
+ 2007-03-15 22:57:58 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_33.dll
+ 2007-05-16 22:45:16 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_34.dll
+ 2007-07-20 00:14:42 444,776 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_35.dll
+ 2005-02-06 01:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-03-18 23:19:58 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 21:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
+ 2005-07-23 01:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
+ 2005-12-06 00:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 14:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 18:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-09-28 22:05:20 2,414,360 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_31.dll
+ 2006-11-29 19:06:18 3,426,072 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_32.dll
+ 2007-03-12 22:42:30 3,495,784 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_33.dll
+ 2007-05-16 22:45:16 3,497,832 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_34.dll
+ 2007-07-20 00:14:42 3,727,720 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_35.dll
+ 2006-02-03 14:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2007-03-05 18:42:18 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll
+ 2007-10-22 09:37:16 17,928 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_2.dll
+ 2006-02-03 14:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 18:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-05-31 13:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
+ 2006-07-28 15:30:32 236,824 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_3.dll
+ 2006-09-28 22:05:56 237,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_4.dll
+ 2006-12-08 18:02:00 251,672 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_5.dll
+ 2007-01-24 21:27:30 255,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_6.dll
+ 2007-04-05 00:55:00 261,480 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_7.dll
+ 2007-06-21 02:46:04 266,088 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_8.dll
+ 2007-07-20 06:57:12 267,112 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_9.dll
+ 2006-03-31 18:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2006-07-28 15:30:14 62,744 ----a-w C:\WINDOWS\LastGood\system32\xinput1_2.dll
+ 2007-04-05 00:53:42 81,768 ----a-w C:\WINDOWS\LastGood\system32\xinput1_3.dll
+ 2005-12-06 00:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
- 2007-01-24 23:45:46 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
+ 2007-12-24 23:37:00 138,384 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]
C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 00:07:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-04-17 0:10:38
ComboFix-quarantined-files.txt 2008-04-17 06:09:34
ComboFix2.txt 2008-04-15 21:38:24
Pre-Run: 84,893,310,976 bytes free
Post-Run: 84,888,580,096 bytes free
.
2008-04-11 04:10:46 --- E O F ---
Contents of tempdel.bat
:Repeat
del "C:\Program Files\tmp212656.exe"
if exist "C:\Program Files\tmp212656.exe" goto Repeat
del "c:\tempdel.bat"
Contents of temp.bat
:Repeat
del "C:\Program Files\tmp31675031.exe"
if exist "C:\Program Files\tmp31675031.exe" goto Repeat
del "c:\temp.bat"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:26 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10936 bytes
Oops, forgot to say, I also sent to file as it requested, and also, a big thank you for helping me out. I can already see some improvements.
ndmmxiaomayi
2008-04-17, 09:02
Hi,
Did your computer crash?
Please open Notepad and copy and paste the following in the Code box into Notepad:
File::
C:\tempdel.bat
C:\temp.bat
Folder::
C:\Program Files\ACIDHEAD
C:\Program Files\IE Extensions
Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.
Click on File > Save As....
In the File Name field, copy and paste in CFScript.txt. Do not change the file name.
Click Save.
Referring to the picture below, drag CFScript into Combofix.
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Combofix will start running. When done, a log will be produced. Please post this log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
A new HijackThis log
No, it did not crash. Why? Was it supposed to?
ComboFix 08-04-14.2 - Stewart 2008-04-17 7:45:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.474 [GMT -6:00]Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\temp.bat
C:\tempdel.bat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\ACIDHEAD
C:\Program Files\IE Extensions
C:\temp.bat
C:\tempdel.bat
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-16 21:58 . 2008-04-16 21:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 13:47 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-17 05:10 --------- d-----w C:\Program Files\Steam
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]
C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 07:49:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501
**************************************************************************
.
Completion time: 2008-04-17 7:53:15
ComboFix-quarantined-files.txt 2008-04-17 13:52:05
ComboFix2.txt 2008-04-17 06:10:39
ComboFix3.txt 2008-04-15 21:38:24
Pre-Run: 84,880,654,336 bytes free
Post-Run: 84,877,017,088 bytes free
.
2008-04-11 04:10:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:56 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10948 bytes
ndmmxiaomayi
2008-04-17, 20:03
Hi,
No, the computer isn't supposed to crash.
Please disable Trend Micro Antivirus before dragging CFScript into Combofix. Remember to turn it back on before posting back the logs.
Step 1
Please open Notepad and copy and paste the following in the Code box into Notepad:
Rootkit::
C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2005e1ff"=-
Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.
Click on File > Save As....
In the File Name field, copy and paste in CFScript.txt. Do not change the file name.
Click Save.
Referring to the picture below, drag CFScript into Combofix.
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
Combofix will start running. When done, a log will be produced. Please post this log in your next reply.
Do not mouse click on Combofix while it is running. That may cause it to stall.
Step 2
Please open HijackThis and select Do a system scan only.
Put a check (tick) next to these lines:
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.c...up/webinst.cab
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
Click Fix checked. Close HijackThis.
In your next reply, please post:
Combofix log (C:\Combofix.txt)
A new HijackThis log
Here are the logs.
ComboFix 08-04-14.2 - Stewart 2008-04-17 18:32:10.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.408 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501
.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 00:42 --------- d-----w C:\Program Files\Steam
2008-04-18 00:21 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.
((((((((((((((((((((((((((((( snapshot_2008-04-17_ 0.08.38.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 21:41:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 00:38:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 18:39:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-17 19:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 01:04:24
ComboFix2.txt 2008-04-17 13:53:19
ComboFix3.txt 2008-04-17 06:10:39
ComboFix4.txt 2008-04-15 21:38:24
Pre-Run: 84,856,053,760 bytes free
Post-Run: 84,844,142,592 bytes free
.
2008-04-11 04:10:46 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:01 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10415 bytes
ndmmxiaomayi
2008-04-18, 15:26
Hi,
Step 1
Click on Start > All Programs > CCleaner > CCleaner.
On the Windows tab, leave the default options alone.
On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
Click on the Run Cleaner button at the bottom right hand corner.
Close CCleaner.
Step 2
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to a convenient location.
Double click on mbam-setup.exe to install it.
Before clicking the Finish button, make sure that these 2 boxes are checked (ticked): Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
Select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
When done, you will be prompted. Click OK, then click on Show Results.
Checked (ticked) all items and click on Remove Selected.
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
In your next reply, please post:
Malwarebytes' Anti-Malware scan report
A new HijackThis log
Here are the new logs.
Malwarebytes' Anti-Malware 1.11
Database version: 650
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 224690
Time elapsed: 2 hour(s), 27 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\cj.cjmgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cj.cjmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iscrobbler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\iSecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{182c7ed7-e56d-4509-9d9b-ac49318d9895} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\iSecurity.cpl.q_804E801_q (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\iTunes\UninstalliScrobble.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\cjb\cjb8.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\iSecurity\Ultimate Cleaner\setup.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\Flac_Plugin_for_WA2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\iScrobblerWin_1_1_0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\StepMania-3.9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:48 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunOnce: [TSC] "C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe" /HD
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10552 bytes
ndmmxiaomayi
2008-04-19, 07:45
Hi,
Can you check that the unknown program is no longer present in Add/Remove Programs? If it's still there, try uninstalling it. If you can't uninstall it, please let me know what error it gives out.
____________________
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
When the downloads have finished, click on Next button.
Click on Scan Settings button.
Select extended under Scan using the following antivirus database:
Check (tick) these boxes under Scan options: Scan Archives
Scan Mail Bases Click OK
Click on My Computer under Please select a target to scan:
Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
Copy and paste this log in your next reply.
In your next reply, please post:
Kaspersky Antivirus scan report
A new HijackThis log
Uninstall error of the unknown program (if any)
Hi. Sorry for the late post, I have been a bit busier than usual with school. About the program: It is still in Add/Remove programs, and will not uninstall. However, I finally remembered what it was, and can say with full confidence that it was a program I willfully and knowingly installed. Anyway, the error that pops up is in another language, using the same jumbled characters that showed up with the name. I can only assume that it is an error associated with the program itself, and not an error with windows.
Here are the logs.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 8:51:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715802
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 193011
Number of viruses found: 25
Number of infected objects: 655
Number of suspicious objects: 3
Duration of the scan process: 03:29:28
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia5.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia5.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45706 Infected: Trojan-Downloader.Win32.Agent.mso skipped
C:\Documents and Settings\Stewart\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip/tmp39066578.exe Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip/tmp39553078.exe Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temp\Free Download Manager\tic8B.tmp Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temp\~DFE686.tmp Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stewart\ntuser.dat.LOG Object is locked skipped
C:\OpenSA\Apache2\logs\access.log Object is locked skipped
C:\OpenSA\Apache2\logs\error.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\trackmania nations forever content.ncf Object is locked skipped
C:\Program Files\Steam\SteamApps\trackmania nations forever content1.ncf Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\100.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\101.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\102.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\104.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\105.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\106.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\107.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\109.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\110.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\111.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\112.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\113.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\114.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\115.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\116.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\117.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\118.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\119.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\120.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\121.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\122.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\123.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\124.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\125.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\126.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\127.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\128.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\129.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\130.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\131.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\132.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\133.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\134.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\135.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\136.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\137.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\138.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\139.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\140.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\141.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\142.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\143.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\144.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\145.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\146.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\147.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\148.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\149.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14F.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\150.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\151.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\152.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\153.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\154.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\155.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\156.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\157.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\158.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\159.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\160.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\161.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\162.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\163.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\164.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\165.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\166.tmp Infected: Trojan.Win32.Dialer.yz skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\167.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\168.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\169.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16C.tmp Infected: Trojan-Downloader.Win32.Agent.mox skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16F.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\170.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\171.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\172.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\173.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\174.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\175.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\176.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\177.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\178.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\179.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17A.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17B.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17C.tmp Infected: Trojan.Win32.Agent.feh skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\180.tmp Infected: Trojan-Downloader.Win32.Agent.mox skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\181.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\182.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\183.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\184.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\185.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\186.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\187.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\188.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\192.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1920.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1921.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1922.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1923.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1924.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1925.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\193.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\194.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\195.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\196.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\198.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\199.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B99.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B9D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BA0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D7.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\200.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\206.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\207.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\208.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\209.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20A.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20C.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\210.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\211.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\214.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21E.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\221.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\222.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\225.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\226.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\227.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\229.tmp Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22A.tmp Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22B.tmp Suspicious: Exploit.Win32.IMG-ANI.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\231.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\233.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\235.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\236.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\245.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\246.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\247.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\249.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\251.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\252.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\254.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\255.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\257.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\260.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\262.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\263.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\265.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\266.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\267.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\268.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\269.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\272.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\275.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\277.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\280.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\281.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\289.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\291.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\292.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\293.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\294.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\297.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\299.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2A.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2A0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BF.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C.tmp Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D4.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2DE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\30.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\301.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\30F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\311.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\312.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\314.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\315.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\319.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\320.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\322.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\326.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\340.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\342.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\346.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\347.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\348.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\359.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\364.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\366.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\368.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\370.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\371.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\384.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\385.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\386.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\41.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\42.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\43.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\44.tmp Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\45.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\46.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\47.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\48.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\49.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4EA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\50.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\70.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\71.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\72.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\73.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\74.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\75.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\76.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\77.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\78.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\79.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\81.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\82.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\83.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\84.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\85.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\86.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\88.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\89.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\90.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\91.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\92.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\93.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\94.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\95.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\96.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\97.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\98.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\99.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\ED.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll.vir Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AF0521B0-4C9C-403B-9FE2-6D905137CA7F}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E24A8DBF-D134-461B-8750-6FB7AAF52A13}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip ZIP: infected - 4 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe NSIS: infected - 2 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Stewart\My Documents\SmitfraudFix\Reboot.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP84\A0038403.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0042917.dll Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043319.EXE Infected: not-a-virus:Porn-Dialer.Win32.ALifeDialer skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043320.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe NSIS: infected - 5 skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe CryptFF: infected - 5 skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043322.dll Infected: Virus.Win32.Nsag.b skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0044781.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0044998.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0045021.exe Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:02 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10407 bytes
ndmmxiaomayi
2008-04-22, 16:58
Hi,
Empty Spybot Quarantine
Please open Spybot Search & Destroy.
Click on Recovery on the left.
Check all items there and click on Purge selected items.
Close Spybot Search & Destroy.
Empty Malwarebytes' Anti-Malware Quarantine
Please open Malwarebytes' Anti-Malware.
Select the Quarantine tab.
Select all the items there and click on the Delete All button.
Close Malwarebytes' Anti-Malware.
Empty Trend Micro Quarantine
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck (untick) Hide extensions of known file types.
Uncheck (untick) Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.
Delete the contents of this folder. Do not delete the whole folder.
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine
Delete file
Delete this file.
D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip
Update Java Runtime Environment (JRE)
Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.
Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 6 and click on Change/Remove to uninstall it.
Click here (http://java.sun.com/javase/downloads/index.jsp) to visit Java's website.
Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
Select Windows from the drop-down list for Platform.
Select Multi-language from the drop-down list for Language.
Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
Run this installation to update your Java.
Update Adobe Reader
Please uninstall Adobe Reader 8.1.0 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.0 and click on Change/Remove to uninstall it.
Click here (http://www.adobe.com/products/acrobat/readstep2.html) to download the latest version of Adobe Acrobat Reader.
Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.
If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
Close your Internet browser and open it again.
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip ZIP: infected - 4 skipped
Kaspersky flagged this file - kf141.zip. Do you know what is this?
Please post a new HijackThis log in your next reply. Also let me know about kf141.zip file.
Yes, that was a file I used to find out which CD key I used to install windows. I have multiple versions of XP here at my house for multiple computers, and needed the key to install some language files. Instead of just going through each of the keys separately, I used the program to find which one it was. I no longer need it, though, so if I need to, I can delete it.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:34:14 PM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\devldr32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\system32\msiexec.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_dll] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
--
End of file - 10438 bytes
ndmmxiaomayi
2008-04-26, 14:32
Thought I replied, but looks like I didn't. :rolleyes:
Your log looks good. Any other issues?
It is running quite smoothly, and I haven't run into any problems yet.
Thank you so much for helping me with this. I really cannot express my gratitude enough.
ndmmxiaomayi
2008-04-27, 19:09
This is great! :)
Please remove Combofix as it's no longer needed. It is important that you remove Combofix.
Remove Combofix
Click on Start > Run. Copy and paste in ComboFix /u and click OK. An image is below for reference.
http://xs121.xs.to/xs121/07484/remcf.PNG
Now that your computer is clean, here are some ways to prevent an infection again. There's no need to install all programs recommended.
Keep your system updated
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.
Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Alternatively, you can visit the links below to update Windows and Office products.
Windows Update (http://update.microsoft.com/)
Office Update (http://office.microsoft.com/en-us/officeupdate/default.aspx)
If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:
Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.
Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.
Be careful when opening attachments and downloading files.
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Surf safely
Many of the exploits are directed to users of Internet Explorer and Firefox.
Using Firefox (http://www.mozilla.com/en-US/firefox/) with NoScript add-on (https://addons.mozilla.org/en-US/firefox/addon/722) helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.
If you prefer to use Internet Explorer, here are some settings to change to improve the security of Internet Explorer.
For Internet Explorer 6
Open Internet Explorer. Click on Tools > Options.
Click on the Security tab.
Click on the Internet icon.
Click on the Custom Level button.
Under Download signed ActiveX controls, select Prompt.
Under Download unsigned ActiveX controls, select Disable.
Under Initialize and script ActiveX controls not marked as safe, select Disable.
Under Installation of desktop items, select Prompt.
Under Launching programs and files in an IFRAME, select Prompt.
Under Navigate sub-frames across different domains, select Prompt.
Under Allow paste operations via script, select Disable.
Click OK to apply these settings.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Press OK to exit the Internet Properties page.
For a pictorial guide, please refer to this article (http://surfthenetsafely.com/slides/ieconfigureslide1.htm).
Stop malicious scripts
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article (http://www.microsoft.com/athome/security/update/howbackup.mspx) to learn how to backup. Follow this article (http://support.microsoft.com/kb/309340) by Microsoft to restore your backups.
Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer (http://www.bleepingcomputer.com/tutorials/tutorial127.html).
Avoid P2P
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs (http://p2p.malwareremoval.com/) if you need to use one.
Prevent a re-infection
Winpatrol
Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here (http://www.winpatrol.com/features.html).
You can get a free copy (http://www.winpatrol.com/wpsetup.exe) of Winpatrol or use the Plus version (http://winpatrol.stores.yahoo.net/winplusmemre.html) for more features.
You can read Winpatrol's FAQ (http://www.winpatrol.com/faq.html) if you run into problems.
Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX (http://surfthenetsafely.com/activex.htm) programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.
You can download SpywareBlaster from Javacool (http://www.javacoolsoftware.com/spywareblaster.html).
If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html) at Bleeping Computer.
SpywareGuard
Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.
You can download SpywareGuard from Javacool (http://www.javacoolsoftware.com/spywareguard.html).
If you need help in using SpywareGuard, you can SpywareGuard's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial50.html) at Bleeping Computer.
IE-SPYAD
IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.
You can download IE-SPYAD from Spyware Warrior (http://www.spywarewarrior.com/uiuc/resource.htm). Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.
Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download)
A tutorial (http://forum.malwareremoval.com/viewtopic.php?t=22187) about Hosts File can be found at Malware Removal.
a-squared Free
a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.
You can download a-squared Free from here (http://www.emsisoft.com/en/software/download/).
Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs (http://www.spywarewarrior.com/rogue_anti-spyware.htm) and Malwarebytes RogueNET (http://www.malwarebytes.org/roguenet.php). This will save you from a lot of trouble. If in doubt, don't ever download it.
SiteHound Toolbar
SiteHound (http://www.firetrust.com/en/products/sitehound) is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.
Use an alternative email client
If you are using Outlook Express as your default email client, try using Thunderbird (http://www.mozilla.com/en-US/thunderbird/) or Pegasus Mail (http://www.pmail.com/) instead.
Here are some more things to read about:
List of clean and infected download managers (http://www.safer-networking.org/en/articles/download-managers.html)
Configuring Skype (http://www.tcd.ie/iss/internet/skype.php)
Greater email safety (http://surfthenetsafely.com/surfsafely4.htm)
Phishing - what is it? (http://surfthenetsafely.com/phishing.htm)
Configuring Outlook Express (http://surfthenetsafely.com/slides/oeconfigureslide1.htm)
The Unofficial Cookie FAQ (http://www.cookiecentral.com/faq)
Securing your home wireless network (http://www.windowsecurity.com/articles/Wireless-Network-Security-Home.html)
80 Super Security Tips (http://www.pcmag.com/article2/0,1895,1838690,00.asp)
The different classes of security softwares (http://wiki.castlecops.com/Different_classes_of_security_software)