Had Virtrumonde, deleted, think I have something else

Y

Yensho

New member
Hi. My computer is currently infected, but I'm not exactly sure what it is. I have run spybot, and used it to fix what it can, but there's still more. I'm am currently running a kaspersky scan, and will post when ready and if necessary.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:58 PM, on 4/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Flashget] C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\rd.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
O21 - SSODL: DriveRom - {12f089a8-6c5d-411c-8e42-63fe1ac0998a} - C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 
Hi,

Your log shows that there are 2 antivirus programs installed on your computer.

This is not recommended as having more than one antivirus programs installed will cause conflicts and lower system security.

Please choose to keep either Trend Micro Antivirus or Symantec Antivirus.

After removing one of the antivirus program, please restart your computer and do the following:

  1. Please download and install CCleaner Slim.
  2. Once installed, double click on the desktop shortcut created.
  3. On the leftmost column, click on Tools.
  4. On the middle column, click on Uninstall.
  5. At the bottom right hand corner, click on the Save to text file... button.
  6. By default, it saves this file to C:\Program Files\CCleaner named install.txt. You may want to save it to your desktop to find it easily. Click Save.
  7. Close CCleaner.
Note: Doing this will not uninstall any programs. It will only produce a log of installed programs on your computer.

In your next reply, please post:

  1. A new HijackThis log
  2. CCleaner install.txt file
 
Not sure why it had symantec on there. Thought I had uninstalled it. Anyway, here are they logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:05 PM, on 4/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\System32\msiexec.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: cj helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\IE Extensions\cj.v2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Flashget] C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\rd.exe /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O20 - AppInit_DLLs: iSecurity.cpl
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
O21 - SSODL: DriveRom - {12f089a8-6c5d-411c-8e42-63fe1ac0998a} - C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 11818 bytes

Install text:

“Œ•û•—_˜^ ‘ÌŒ±”Å ver 0.02a
7-Zip 4.32
ABC Amber LIT Converter
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
AnswerWorks Runtime
Anvil Studio
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
AT&T Plug&Share 54Mbps Wireless PCI Adapter
Audacity 1.2.6
Audio Editor Gold v9.2.19.1
AudioShell 1.3 beta 1
Audiosurf
AutoCAD 2007 - English
Autodesk DWF Viewer
Avanquest update
AVI Codec Pack
Azureus
Battlefield 2142
CCleaner (remove only)
C-Dilla Licence Management System
DesktopEarth
DivX Web Player
EA Download Manager
Easy CD & DVD Creator 6
EVGA Display Driver
Fable - The Lost Chapters
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
foobar2000 v0.9.5
Free Download Manager 2.1
GMAT Diagnostic
Google Earth
Google Toolbar for Firefox
Guitar Pro 5.0
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915865)
hp deskjet 3600
iPod for Windows 2006-03-23
IrfanView (remove only)
iScrobbler
ISO Recorder
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Last.fm Player 1.1.4
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Visual C++ 2005 Redistributable
mIRC
Motorola Driver Installation
Motorola Phone Tools
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
myFairTunes v.7.0.2c
neroxml
NVIDIA Drivers
OpenSA web server 2
Peggle Extreme
PlayOnline Viewer and Tetra Master
POLUtils
Portal
qŠCŽmŠ*‹Ö`»o‚̉¤“s•Ò`
QuickTime
Ragnarok Online
RealPlayer
Replay Media Catcher
Roxio DVDMAX Player
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SimCity 2000ョ CD Collection
Source SDK Base
Spybot - Search & Destroy
Steam
Symantec KB-DocID:2003093015493306
Team Fortress 2
TeamSpeak 2 RC2
Trend Micro PC-cillin Internet Security 2007
Tweak UI
Tweakui Powertoy for Windows XP
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
Winamp
Winamp Toolbar for Firefox
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
Xfire (remove only)
 
Hi,

Do you know anything about these programs?

“Œ•û•—_˜^ ‘ÌŒ±”Å ver 0.02a
qŠCŽmŠ*‹Ö`»o‚̉¤“s•Ò`
____________________

Azureus is installed on your computer. While Azureus is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it /them while cleaning your computer to prevent getting more infections.

A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info.

The risks of using a P2P program are stated in this Sourceforge website and Information Week article.

Please also read this sticky.
____________________

Step 1

Download and save Norton Removal Tool to your desktop.

Run it to remove Norton. After this, please restart your computer.

Step 2

Please disable Spybot Teatimer temporarily as it may interfere with the fixes. You can re-enable it back after your computer is clean.

Please also disable Trend Micro Antivirus temporarily. Remember to re-enable your antivirus before posting the logs.

  1. Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol).
  2. Click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  3. Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  4. Click on Mode > Advanced Mode. When it prompts you, click Yes.
  5. On the left hand side, click on Tools.
  6. Check (tick) this box if it is not yet ticked: Resident.
  7. You will notice that Resident is now added under Tools. Click on Resident.
  8. Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  9. Exit Spybot Search & Destroy.
  10. Restart your computer for the changes to take effect.

Step 3

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from Bleeping Computer. Save it to your desktop.

If you can't download it, please try these 2 alternative sites:

Forospyware
Geeks to Go

Double click to run it. Follow the prompts. Once done, it will reboot and a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
  3. If you know what those programs are
 
I know what the first one is. It's a program with Japanese as it's main language, so that's probably why it's like that. I do not know what the second one is. When I tried to uninstall it, some unknown error popped up. Here are the logs.

ComboFix 08-04-14.2 - Stewart 2008-04-15 15:15:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.372 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\cjb
C:\Program Files\cjb\cjb7.exe
C:\Program Files\cjb\cjb8.exe
C:\Program Files\iSecurity
C:\Program Files\iSecurity\iSecurity.dat
C:\Program Files\iSecurity\syscleaner.bmp
C:\Program Files\iSecurity\syscleanerinstalled.bmp
C:\Program Files\iSecurity\systemdefender.bmp
C:\Program Files\iSecurity\systemdefenderinstalled.bmp
C:\Program Files\iSecurity\Ultimate Cleaner\setup.exe
C:\Program Files\iSecurity\winifixer.bmp
C:\Program Files\iSecurity\winifixerinstalled.bmp
C:\Program Files\SysCleaner
C:\Program Files\SystemDefender
C:\WINDOWS\BM2336d263.xml
C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}
C:\WINDOWS\Installer\{12f089a8-6c5d-411c-8e42-63fe1ac0998a}\DriveRom.dll
C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}
C:\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\iSecurity.cpl
C:\WINDOWS\system32\ybeeg.ini
C:\WINDOWS\system32\ybeeg.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.

2008-04-15 15:09 . 2008-04-15 15:09 124 --a------ C:\tempdel.bat
2008-04-15 14:44 . 2008-04-15 14:44 19,968 --a------ C:\Program Files\tmp168515.exe
2008-04-14 19:29 . 2008-04-14 19:29 19,968 --a------ C:\Program Files\tmp9350218.exe
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-14 04:14 . 2008-04-14 04:14 10,240 --a------ C:\Program Files\tmp39553078.exe
2008-04-14 04:05 . 2008-04-14 04:05 10,240 --a------ C:\Program Files\tmp39066578.exe
2008-04-13 18:49 . 2008-04-13 18:49 35,660 --a------ C:\Program Files\tmp5678828.exe
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
2008-03-20 19:52 . 2008-03-20 19:52 294 ---hs---- C:\WINDOWS\system32\kmxxjvyh.ini
2008-03-20 19:47 . 2008-03-21 19:38 120 --a------ C:\temp.bat
2008-03-19 19:51 . 2008-03-19 19:51 354 ---hs---- C:\WINDOWS\system32\moguqlbg.ini
2008-03-19 17:19 . 2008-03-19 17:19 294 ---hs---- C:\WINDOWS\system32\fwrpgsmw.ini
2008-03-19 17:18 . 2008-04-06 12:28 <DIR> d-------- C:\Program Files\IE Extensions
2008-03-17 22:13 . 2008-03-18 18:28 1,734 ---hs---- C:\WINDOWS\system32\vgibcxyf.ini
2008-03-16 14:57 . 2008-04-06 12:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-16 14:56 . 2008-03-19 17:28 <DIR> d-------- C:\Program Files\Security Task Manager
2008-03-16 13:58 . 2008-03-16 14:02 354 ---hs---- C:\WINDOWS\system32\xwwqmsot.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 21:23 --------- d-----w C:\Program Files\Steam
2008-04-15 21:04 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-03-28 04:44 --------- d-----w C:\Program Files\ACIDHEAD
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]
"BM2336d263"="C:\WINDOWS\system32\woutrufo.dll" [ ]

C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 15:30:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-15 15:38:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 21:38:20

Pre-Run: 81,667,366,912 bytes free
Post-Run: 84,902,264,832 bytes free
.
2008-04-11 04:10:46 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:58 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKLM\..\Run: [BM2336d263] Rundll32.exe "C:\WINDOWS\system32\woutrufo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10810 bytes
 
Hi,

Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System. You are using Windows XP Home Service Pack 2 (SP2).

KB310994.gif


Download the file & save it as it's originally named, next to ComboFix.exe.

rc1.gif


Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.

Please do not restart or shut down your machine until we have reviewed the log.
 
Here is the log.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
 
Hi,

Step 1

Please open Notepad and copy and paste the following in the Code box into Notepad.

Code: 
http://forums.spybot.info/showthread.php?t=26637

Collect::
C:\Program Files\tmp168515.exe
C:\Program Files\tmp9350218.exe
C:\Program Files\tmp39553078.exe
C:\Program Files\tmp39066578.exe
C:\Program Files\tmp5678828.exe

File::
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini

DirLook::
C:\Program Files\IE Extensions
C:\Program Files\ACIDHEAD

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
2005e1ff"=-
"BM2336d263"=-

Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

CFScript.gif


Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.

CF-Submit_notice.gif


Click OK.

Copy and paste the file path into the text box next to the Browse button (boxed up in red).

cfsumbit320.png


Click on Send File.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad.

Code: 
@echo off
echo The log can be found at C:\contents.txt if Notepad doesn't open automatically.
echo Contents of tempdel.bat >> C:\contents.txt
echo. >> C:\contents.txt
type C:\tempdel.bat >> C:\contents.txt
echo. >> C:\contents.txt
echo Contents of temp.bat >> C:\contents.txt
echo. >> C:\contents.txt
type C:\temp.bat >> C:\contents.txt
notepad C:\contents.txt

Click on File > Save As....

In the File Name box, copy and paste in see.bat

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on see.bat to run it. Command Prompt will open, followed by Notepad shortly afterwards. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. Contents of Notepad from Step 2 (C:\contents.txt)
  3. A new HijackThis log
 
Here are the various logs.

ComboFix 08-04-14.2 - Stewart 2008-04-17 0:02:57.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFscript.txt

FILE ::
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\tmp39066578.exe
C:\Program Files\tmp39553078.exe
C:\WINDOWS\system32\fwrpgsmw.ini
C:\WINDOWS\system32\kmxxjvyh.ini
C:\WINDOWS\system32\moguqlbg.ini
C:\WINDOWS\system32\vgibcxyf.ini
C:\WINDOWS\system32\xwwqmsot.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-16 21:58 . 2008-04-16 21:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-15 15:09 . 2008-04-15 15:09 124 --a------ C:\tempdel.bat
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups
2008-03-20 19:47 . 2008-03-21 19:38 120 --a------ C:\temp.bat
2008-03-19 17:18 . 2008-04-16 21:33 <DIR> d-------- C:\Program Files\IE Extensions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 06:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-17 05:10 --------- d-----w C:\Program Files\Steam
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:44 --------- d-----w C:\Program Files\ACIDHEAD
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\ACIDHEAD ----


---- Directory of C:\Program Files\IE Extensions ----



((((((((((((((((((((((((((((( snapshot@2008-04-15_15.38.11.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-22 21:43:01 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-04-17 03:58:50 53,248 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-01-22 21:43:02 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-04-17 03:58:50 12,800 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-01-22 21:43:02 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-04-17 03:58:50 473,600 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-01-22 21:42:55 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:41 2,676,224 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:57 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:43 2,846,720 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:58 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:44 563,712 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:58 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:45 567,296 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:46 576,000 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:46 577,024 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:42:59 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:47 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:00 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:47 577,536 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:00 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:48 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:02 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-04-17 03:58:51 578,560 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-01-22 21:43:02 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-04-17 03:58:51 145,920 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-01-22 21:43:02 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-04-17 03:58:51 159,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-01-22 21:43:03 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-04-17 03:58:52 364,544 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-01-22 21:43:03 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-04-17 03:58:52 178,176 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-01-22 21:43:01 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-04-17 03:58:50 223,232 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2008-04-15 21:21:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-16 21:41:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-03-12 22:42:30 1,123,696 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_33.dll
+ 2007-05-16 22:45:16 1,124,720 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_34.dll
+ 2007-07-20 00:14:42 1,358,192 ----a-w C:\WINDOWS\LastGood\system32\D3DCompiler_35.dll
+ 2007-03-15 22:57:58 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_33.dll
+ 2007-05-16 22:45:16 443,752 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_34.dll
+ 2007-07-20 00:14:42 444,776 ----a-w C:\WINDOWS\LastGood\system32\d3dx10_35.dll
+ 2005-02-06 01:45:26 2,222,800 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_24.dll
+ 2005-03-18 23:19:58 2,337,488 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_25.dll
+ 2005-05-26 21:34:52 2,297,552 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_26.dll
+ 2005-07-23 01:59:04 2,319,568 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_27.dll
+ 2005-12-06 00:09:18 2,323,664 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_28.dll
+ 2006-02-03 14:43:16 2,332,368 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_29.dll
+ 2006-03-31 18:40:58 2,388,176 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_30.dll
+ 2006-09-28 22:05:20 2,414,360 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_31.dll
+ 2006-11-29 19:06:18 3,426,072 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_32.dll
+ 2007-03-12 22:42:30 3,495,784 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_33.dll
+ 2007-05-16 22:45:16 3,497,832 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_34.dll
+ 2007-07-20 00:14:42 3,727,720 ----a-w C:\WINDOWS\LastGood\system32\d3dx9_35.dll
+ 2006-02-03 14:41:26 14,032 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_0.dll
+ 2007-03-05 18:42:18 15,128 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_1.dll
+ 2007-10-22 09:37:16 17,928 ----a-w C:\WINDOWS\LastGood\system32\x3daudio1_2.dll
+ 2006-02-03 14:42:06 230,096 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_0.dll
+ 2006-03-31 18:39:48 229,584 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_1.dll
+ 2006-05-31 13:24:16 230,168 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_2.dll
+ 2006-07-28 15:30:32 236,824 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_3.dll
+ 2006-09-28 22:05:56 237,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_4.dll
+ 2006-12-08 18:02:00 251,672 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_5.dll
+ 2007-01-24 21:27:30 255,848 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_6.dll
+ 2007-04-05 00:55:00 261,480 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_7.dll
+ 2007-06-21 02:46:04 266,088 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_8.dll
+ 2007-07-20 06:57:12 267,112 ----a-w C:\WINDOWS\LastGood\system32\xactengine2_9.dll
+ 2006-03-31 18:39:24 62,672 ----a-w C:\WINDOWS\LastGood\system32\xinput1_1.dll
+ 2006-07-28 15:30:14 62,744 ----a-w C:\WINDOWS\LastGood\system32\xinput1_2.dll
+ 2007-04-05 00:53:42 81,768 ----a-w C:\WINDOWS\LastGood\system32\xinput1_3.dll
+ 2005-12-06 00:07:30 61,136 ----a-w C:\WINDOWS\LastGood\system32\xinput9_1_0.dll
- 2007-01-24 23:45:46 102,800 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
+ 2007-12-24 23:37:00 138,384 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]

C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 00:07:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-04-17 0:10:38
ComboFix-quarantined-files.txt 2008-04-17 06:09:34
ComboFix2.txt 2008-04-15 21:38:24

Pre-Run: 84,893,310,976 bytes free
Post-Run: 84,888,580,096 bytes free
.
2008-04-11 04:10:46 --- E O F ---

Contents of tempdel.bat

:Repeat
del "C:\Program Files\tmp212656.exe"
if exist "C:\Program Files\tmp212656.exe" goto Repeat
del "c:\tempdel.bat"
Contents of temp.bat

:Repeat
del "C:\Program Files\tmp31675031.exe"
if exist "C:\Program Files\tmp31675031.exe" goto Repeat
del "c:\temp.bat"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:26 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10936 bytes
 
Oops, forgot to say, I also sent to file as it requested, and also, a big thank you for helping me out. I can already see some improvements.
 
Hi,

Did your computer crash?

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: 
File::
C:\tempdel.bat
C:\temp.bat

Folder::
C:\Program Files\ACIDHEAD
C:\Program Files\IE Extensions

Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

CFScript.gif


Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
 
No, it did not crash. Why? Was it supposed to?

ComboFix 08-04-14.2 - Stewart 2008-04-17 7:45:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.474 [GMT -6:00]Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\temp.bat
C:\tempdel.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ACIDHEAD
C:\Program Files\IE Extensions
C:\temp.bat
C:\tempdel.bat

.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.

2008-04-16 21:58 . 2008-04-16 21:59 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 13:47 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-17 05:10 --------- d-----w C:\Program Files\Steam
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]
"2005e1ff"="C:\WINDOWS\system32\tosmqwwx.dll" [ ]

C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

*Newly Created Service* - TMCOMM
.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 07:49:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501


**************************************************************************
.
Completion time: 2008-04-17 7:53:15
ComboFix-quarantined-files.txt 2008-04-17 13:52:05
ComboFix2.txt 2008-04-17 06:10:39
ComboFix3.txt 2008-04-15 21:38:24

Pre-Run: 84,880,654,336 bytes free
Post-Run: 84,877,017,088 bytes free
.
2008-04-11 04:10:46 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:37:56 AM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [2005e1ff] rundll32.exe "C:\WINDOWS\system32\tosmqwwx.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.com/setup/webinst.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10948 bytes
 
Hi,

No, the computer isn't supposed to crash.

Please disable Trend Micro Antivirus before dragging CFScript into Combofix. Remember to turn it back on before posting back the logs.

Step 1

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: 
Rootkit::
C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2005e1ff"=-

Warning: The above script is just for Yensho. If you are not Yensho, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

CFScript.gif


Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

Step 2

Please open HijackThis and select Do a system scan only.

Put a check (tick) next to these lines:

O16 - DPF: {343CE214-9998-4B21-A151-FFE970167297} - http://xscanner.spyshredderscanner.c...up/webinst.cab
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O21 - SSODL: zip - {9f66da1e-eeaf-42cf-91a6-e5a388c55f2e} - (no file)

Click Fix checked. Close HijackThis.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
 
Here are the logs.

ComboFix 08-04-14.2 - Stewart 2008-04-17 18:32:10.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.408 [GMT -6:00]
Running from: C:\Documents and Settings\Stewart\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Stewart\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\TEMP\xx497
C:\WINDOWS\TEMP\xx498
C:\WINDOWS\TEMP\xx499
C:\WINDOWS\TEMP\xx500
C:\WINDOWS\TEMP\xx501

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-14 17:15 . 2008-04-14 17:15 <DIR> d-------- C:\Program Files\CCleaner
2008-04-09 20:01 . 2008-04-09 21:13 4,620 --a------ C:\WINDOWS\XChange.dat
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-27 22:36 . 2008-03-27 22:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-22 00:59 . 2008-03-22 00:59 <DIR> d-------- C:\Program Files\DesktopEarth
2008-03-20 21:34 . 2008-03-20 21:34 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-03-20 20:32 . 2008-03-20 21:29 <DIR> d-------- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-18 00:42 --------- d-----w C:\Program Files\Steam
2008-04-18 00:21 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Free Download Manager
2008-04-15 21:03 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-14 17:28 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Azureus
2008-04-13 23:44 --------- d-----w C:\Program Files\Electronic Arts
2008-04-13 22:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-10 05:01 --------- d-----w C:\Documents and Settings\Stewart\Application Data\U3
2008-04-06 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-03-28 04:39 --------- d-----w C:\Program Files\Lineage II
2008-03-28 04:38 --------- d-----w C:\Program Files\Audiosurf
2008-03-23 18:57 --------- d-----w C:\Documents and Settings\Stewart\Application Data\Roxio
2008-03-21 05:31 --------- d-----w C:\Program Files\Azureus
2008-03-19 23:28 --------- d-----w C:\Program Files\Security Task Manager
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-09 16:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-09 15:29 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 22:07 --------- d-----w C:\Documents and Settings\Stewart\Application Data\dvdcss
2008-02-22 02:21 --------- d-----w C:\Program Files\Maxis
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-01-23 21:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-23 16:27 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
.

((((((((((((((((((((((((((((( snapshot_2008-04-17_ 0.08.38.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-16 21:41:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-18 00:38:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 09:20 50528]
"tunebite.exe"="C:\Program Files\tunebite\tunebite.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 04:48 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [ ]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 10:45 1271032]
"EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2007-12-04 05:57 2494464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-05-22 00:20 868352]
"RoxioAudioCentral"="C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2003-05-13 16:07 319488]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 19:51 233472]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 11:24 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-22 20:40 176128]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 23:31 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2003-03-31 06:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"HostManager"="C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe" [2006-05-09 18:24 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 10:59 124520]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2006-12-29 00:52 3429904]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:50 185632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 09:16 37376]

C:\Documents and Settings\Stewart\Start Menu\Programs\Startup\
DesktopEarth AutoStart.lnk - C:\Documents and Settings\Stewart\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe [2008-03-22 00:59:36 29926]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk - C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe [2006-03-31 16:46:48 794624]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-20 19:15:54 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\1148347186\\ee\\aim6.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 00:23]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2002-07-18 21:59]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb762141-c0d3-11da-baed-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-29 17:23:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 18:39:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-17 19:05:06 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-18 01:04:24
ComboFix2.txt 2008-04-17 13:53:19
ComboFix3.txt 2008-04-17 06:10:39
ComboFix4.txt 2008-04-15 21:38:24

Pre-Run: 84,856,053,760 bytes free
Post-Run: 84,844,142,592 bytes free
.
2008-04-11 04:10:46 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:01 PM, on 4/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10415 bytes
 
Hi,

Step 1

  1. Click on Start > All Programs > CCleaner > CCleaner.
  2. On the Windows tab, leave the default options alone.
  3. On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  4. Click on the Run Cleaner button at the bottom right hand corner.
  5. Close CCleaner.

Step 2

  1. Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
    • Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Checked (ticked) all items and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

In your next reply, please post:

  1. Malwarebytes' Anti-Malware scan report
  2. A new HijackThis log
 
Here are the new logs.

Malwarebytes' Anti-Malware 1.11
Database version: 650

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 224690
Time elapsed: 2 hour(s), 27 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cj.cjmgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cj.cjmgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iscrobbler (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\iSecurity (Rouge.ISecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataDisp32 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{182c7ed7-e56d-4509-9d9b-ac49318d9895} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Application Data\SecTaskMan\iSecurity.cpl.q_804E801_q (Rouge.ISecurity) -> Quarantined and deleted successfully.
C:\Program Files\iTunes\UninstalliScrobble.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\cjb\cjb8.exe.vir (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\iSecurity\Ultimate Cleaner\setup.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\Flac_Plugin_for_WA2.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\iScrobblerWin_1_1_0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Stewart\My Documents\My Downloads\StepMania-3.9.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:13:48 PM, on 4/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunOnce: [TSC] "C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe" /HD
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10552 bytes
 
Hi,

Can you check that the unknown program is no longer present in Add/Remove Programs? If it's still there, try uninstalling it. If you can't uninstall it, please let me know what error it gives out.
____________________

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  3. When the downloads have finished, click on Next button.
  4. Click on Scan Settings button.
  5. Select extended under Scan using the following antivirus database:
  6. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  7. Click OK
  8. Click on My Computer under Please select a target to scan:
  9. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  10. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
  3. Uninstall error of the unknown program (if any)
 
Hi. Sorry for the late post, I have been a bit busier than usual with school. About the program: It is still in Add/Remove programs, and will not uninstall. However, I finally remembered what it was, and can say with full confidence that it was a program I willfully and knowingly installed. Anyway, the error that pops up is in another language, using the same jumbled characters that showed up with the name. I can only assume that it is an error associated with the program itself, and not an error with windows.

Here are the logs.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 19, 2008 8:51:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/04/2008
Kaspersky Anti-Virus database records: 715802
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 193011
Number of viruses found: 25
Number of infected objects: 655
Number of suspicious objects: 3
Duration of the scan process: 03:29:28

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia5.zip/uninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VcodeceMedia5.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.45706 Infected: Trojan-Downloader.Win32.Agent.mso skipped
C:\Documents and Settings\Stewart\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip/tmp39066578.exe Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip/tmp39553078.exe Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Documents and Settings\Stewart\Desktop\[4]-Submit_2008-04-17@0.02.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\History\History.IE5\MSHist012008041920080420\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temp\Free Download Manager\tic8B.tmp Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temp\~DFE686.tmp Object is locked skipped
C:\Documents and Settings\Stewart\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stewart\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Stewart\ntuser.dat.LOG Object is locked skipped
C:\OpenSA\Apache2\logs\access.log Object is locked skipped
C:\OpenSA\Apache2\logs\error.log Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Steam\logs\connection_log.txt Object is locked skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\SteamApps\trackmania nations forever content.ncf Object is locked skipped
C:\Program Files\Steam\SteamApps\trackmania nations forever content1.ncf Object is locked skipped
C:\Program Files\Steam\SteamApps\winui.gcf Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\100.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\101.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\102.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\103.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\104.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\105.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\106.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\107.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\108.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\109.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\10F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\110.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\111.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\112.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\113.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\114.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\115.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\116.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\117.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\118.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\119.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\11F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\120.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\121.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\122.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\123.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\124.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\125.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\126.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\127.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\128.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\129.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\12F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\130.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\131.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\132.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\133.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\134.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\135.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\136.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\137.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\138.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\139.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\13F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\140.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\141.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\142.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\143.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\144.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\145.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\146.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\147.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\148.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\149.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\14F.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\150.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\151.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\152.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\153.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\154.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\155.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\156.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\157.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\158.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\159.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\160.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\161.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\162.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\163.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\164.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\165.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\166.tmp Infected: Trojan.Win32.Dialer.yz skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\167.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\168.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\169.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16C.tmp Infected: Trojan-Downloader.Win32.Agent.mox skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\16F.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\170.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\171.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\172.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\173.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\174.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\175.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\176.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\177.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\178.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\179.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17A.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17B.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17C.tmp Infected: Trojan.Win32.Agent.feh skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\180.tmp Infected: Trojan-Downloader.Win32.Agent.mox skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\181.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\182.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\183.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\184.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\185.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\186.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\187.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\188.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\190D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\192.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1920.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1921.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1922.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1923.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1924.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1925.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\193.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\194.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\195.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\196.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\198.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\199.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1A9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B99.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B9D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BA0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1BF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1D7.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1DF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1E4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1FE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\200.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\206.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\207.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\208.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\209.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20A.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20C.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\20F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\210.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\211.tmp Infected: Trojan-Clicker.Win32.Agent.xs skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\214.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21E.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\221.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\222.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\225.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\226.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\227.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\229.tmp Infected: Trojan-Downloader.JS.Agent.bi skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22A.tmp Infected: Exploit.Win32.IMG-WMF.v skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22B.tmp Suspicious: Exploit.Win32.IMG-ANI.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\22E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\231.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\233.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\235.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\236.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\23D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\245.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\246.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\247.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\249.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\24E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\251.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\252.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\254.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\255.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\257.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\25D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\26.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\260.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\262.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\263.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\265.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\266.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\267.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\268.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\269.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\272.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\275.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\277.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\27E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\280.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\281.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\289.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\28E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\291.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\292.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\293.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\294.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\297.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\299.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\29F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2A.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2A0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2BF.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C.tmp Infected: Trojan-Dropper.Win32.Agent.ftv skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2D4.tmp Infected: Trojan-Downloader.Win32.Agent.mas skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2DE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2E9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2EF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\30.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\301.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\30F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\311.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\312.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\314.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\315.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\319.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\31D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\32.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\320.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\322.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\326.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\340.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\342.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\346.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\347.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\348.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\34E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\359.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\35B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\364.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\366.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\368.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\36F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\370.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\371.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\37F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\384.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\385.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\386.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\3F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\40.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\41.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\42.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\43.tmp Infected: Packed.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\44.tmp Infected: Trojan-Downloader.Win32.Adload.ma skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\45.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\46.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\47.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\48.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\49.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4EA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\50.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\59.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\5F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\60.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\61.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\62.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\63.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\64.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\65.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\66.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\67.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\69.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
 
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6B.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\70.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\71.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\72.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\73.tmp Infected: Trojan-Downloader.Win32.Small.ivo skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\74.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\75.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\76.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\77.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\78.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\79.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\81.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\82.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\83.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\84.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\85.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\86.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\88.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\89.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\8F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\90.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\91.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\92.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\93.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\94.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\95.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\96.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\97.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\98.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\99.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9A.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9B.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9C.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9D.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9E.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\9F.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\AF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\C9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\CF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\D9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\DF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\E9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\ED.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F0.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F1.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F2.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F3.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F4.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F5.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F6.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F7.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F8.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\F9.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FA.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FB.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FC.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FD.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FE.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FF.tmp Infected: Trojan-Downloader.Win32.BHO.ea skipped
C:\QooBox\Quarantine\C\WINDOWS\Installer\{9f66da1e-eeaf-42cf-91a6-e5a388c55f2e}\zip.dll.vir Infected: Trojan-Downloader.Win32.BHO.ct skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AF0521B0-4C9C-403B-9FE2-6D905137CA7F}\RP7\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E24A8DBF-D134-461B-8750-6FB7AAF52A13}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip ZIP: infected - 4 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\mirc621.exe NSIS: infected - 2 skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Stewart\My Documents\SmitfraudFix\Reboot.exe Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP84\A0038403.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0042917.dll Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043319.EXE Infected: not-a-virus:Porn-Dialer.Win32.ALifeDialer skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043320.exe Infected: Trojan-Downloader.Win32.IstBar.gen skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0003/data0001 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0003 Infected: not-a-virus:AdWare.Win32.WebRebates.g skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0004 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebRebates.d skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebRebates.c skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe NSIS: infected - 5 skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043321.exe CryptFF: infected - 5 skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0043322.dll Infected: Virus.Win32.Nsag.b skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0044781.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0044998.exe Object is locked skipped
D:\System Volume Information\_restore{23AB08B4-D73A-4296-B55E-5EF89E1EC8B9}\RP89\A0045021.exe Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:12:02 PM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\OpenSA\Apache2\bin\Apache.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\AT&T Plug&Share 54Mbps Wireless PCI Adapter\WLANMON.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\DesktopEarth\DesktopEarth.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Stewart\My Documents\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.altavista.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\DOCUME~1\Stewart\LOCALS~1\Temp\RarSFX0\jccatch.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148347186\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O4 - Global Startup: AT&T Plug&Share 54Mbps Wireless PCI Adapter Utility.lnk = ?
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B25F672-379F-4944-99F9-3C6823BAA415} -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {1D0E54EC-2217-4C7F-52DC-0CB16E88644A} -
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {421C5A96-D56C-714F-EFE3-347605A4FF77} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143862386967
O16 - DPF: {6511C9B0-5988-4A26-34C7-1BD06C08E518} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143906825640
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} -
O23 - Service: Apache2 - Apache Software Foundation - C:\OpenSA\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 10407 bytes
 
Hi,

Empty Spybot Quarantine

  1. Please open Spybot Search & Destroy.
  2. Click on Recovery on the left.
  3. Check all items there and click on Purge selected items.
  4. Close Spybot Search & Destroy.

Empty Malwarebytes' Anti-Malware Quarantine

  1. Please open Malwarebytes' Anti-Malware.
  2. Select the Quarantine tab.
  3. Select all the items there and click on the Delete All button.
  4. Close Malwarebytes' Anti-Malware.

Empty Trend Micro Quarantine

  1. Open My Computer.
  2. Go to Tools > Folder Options.
  3. Select the View tab.
  4. Scroll down to Hidden files and folders.
  5. Select Show hidden files and folders.
  6. Uncheck (untick) Hide extensions of known file types.
  7. Uncheck (untick) Hide protected operating system files (Recommended).
  8. Click Yes when prompted.
  9. Click OK.

Delete the contents of this folder. Do not delete the whole folder.

C:\Program Files\Trend Micro\Internet Security 2007\Quarantine

Delete file

Delete this file.

D:\Documents and Settings\Stewart\My Documents\My Downloads\SmitfraudFix.zip

Update Java Runtime Environment (JRE)

Your JRE is out of date. The current version is Java Runtime Environment (JRE) 6 Update 6.

  1. Click on Start > Control Panel and double click on Add/Remove Programs. Locate J2SE Runtime Environment 5.0 Update 6 and click on Change/Remove to uninstall it.
  2. Click here to visit Java's website.
  3. Scroll down to Java Runtime Environment (JRE) 6 Update 6. Click on Download.
  4. Select Windows from the drop-down list for Platform.
  5. Select Multi-language from the drop-down list for Language.
  6. Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  7. Click on jre-6u6-windows-i586-p.exe link to download it and save this to a convenient location.
  8. Run this installation to update your Java.

Update Adobe Reader

  1. Please uninstall Adobe Reader 8.1.0 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.0 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.

D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\Stewart\My Documents\My Downloads\kf141.zip ZIP: infected - 4 skipped
Click to expand...

Kaspersky flagged this file - kf141.zip. Do you know what is this?

Please post a new HijackThis log in your next reply. Also let me know about kf141.zip file.
 
You must log in or register to reply here.
Back
Top