Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] help with winself.exe


  • This topic is locked This topic is locked
28 replies to this topic

#1 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 15 June 2008 - 05:45 PM

I am having alot of problems with my PC. I've run several scans including vundo fix and still am having problems. One scan found winself.exe on the computer but was unable to fix it. I am getting alot of safety pop ups, there is a red x on my C drive icon, my desktop is telling me I have malware installed on my computer and need to run a scan, and I really have no idea how to fix any of my problems so if somone is patient enough to help me I would greatly appreciated it.

    Advertisements

Register to Remove


#2 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 08:27 AM

Hi and welcome to the forums.

We need a HijackThis log to analyze your issue. Please read through and follow the instructions in the "Welcome New Members" post here.

http://forums.whatth...ers_t34502.html

Then download, run, and post a Hijackthis log as instructed in the link I gave.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 10:35 AM

Hello thanks for helping. I read the information you posted and I ran the program. Notepad will not open on my computer so I can't see the results. I'm trying to open notepad but I'm not having any luck.

#4 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 11:22 AM

OK let's try this... Click Start -> Run... and type in: sfc /scannow It may prompt you for your XP CD. Let me know how you make out.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#5 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 03:12 PM

Before I got your message I opened the log in Word and this is what I got:
Logfile of HijackThis v1.99.1
Scan saved at 17:04:09, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\winself.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\portsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: StFlex IE Helper - {8334A30C-49E5-489a-B63D-5B927C1EF46E} - C:\Program Files\QdrDrive\QdrDrive15.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {9E958DF7-1EFA-476F-A5F0-6E6D9D571528} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {f27b4b2c-9958-079a-e2d4-2fbae351296c} - {c692153e-abf2-4d2e-a970-8599c2b4b72f} - C:\WINDOWS\system32\nhtxdbhn.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BM0f69e75e] Rundll32.exe "C:\WINDOWS\system32\ufaosdce.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O18 - Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - C:\Program Files\RcvSystem\httpdchk.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: qommnmk - qommnmk.dll (file missing)
O20 - Winlogon Notify: __c00ED5C6 - C:\WINDOWS\system32\__c00ED5C6.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#6 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 03:18 PM

Pretty heavily infected machine here...

Please download SDFix and save it to your Desktop.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • Open the SDFix folder and double click on RunThis.bat to start the script.
  • Type Y and press Enter to begin the script.
  • It will start cleaning your PC and then prompt you to press any key to Reboot.
  • Press any key to restart the PC.
  • Your system will take longer than normal to restart as the fixtool will be removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished.
  • Press any key to end the script and to load your desktop icons.
  • A text file should automatically open, so please copy the contents and post them here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#7 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 03:46 PM

I tried runinng SDFix but it won't run...should I go ahead and try to run ComboFix?

#8 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 03:56 PM

Yes, move on to combofix. But while downloading combofix rename it to combo-fix.exe (Note the difference). It is important that you rename it before actually downloading the file. If you already downloaded combofix delete that version and download a new version.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#9 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 04:34 PM

Ok I ran combo fix and my desktop no longer says that there is spyware on my computer and notepad was able to open. thank you for taking the time to help me and here is the log:ComboFix 08-06-15.4 - destiny cruz 2008-06-16 18:02:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.484 [GMT -4:00]
Running from: C:\Documents and Settings\destiny cruz\Desktop\combo-fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\salesmonitor
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\destiny cruz\Application Data\SpeedRunner
C:\Documents and Settings\destiny cruz\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\destiny cruz\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\destiny cruz\My Documents\CURITY~1
C:\Documents and Settings\destiny cruz\My Documents\DOBE~1
C:\Documents and Settings\destiny cruz\My Documents\SEMBLY~1
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\Common Files\winantispyware 2007
C:\Program Files\Common Files\winantispyware 2007\err.log
C:\Program Files\CPV
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dicer.gz
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\mainladupd.exe
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\pckrer.dat
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrModule\QdrModule16.exe
C:\Program Files\QdrModule\QdrModule17.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\bostrupd.exe
C:\Program Files\QdrPack\dictbs.gz
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\dictys.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\QdrPack\QdrPack17.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\RcvSystem
C:\Program Files\svhost
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WA6P
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\BM0f69e75e.xml
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\index.html
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\portsv.exe
C:\WINDOWS\promogif1.gif
C:\WINDOWS\promogif2.gif
C:\WINDOWS\promogif3.gif
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\5267\27140.dll
C:\WINDOWS\system32\aanfvkyu.ini
C:\WINDOWS\system32\adomdonn.ini
C:\WINDOWS\system32\afjqpcwi.ini
C:\WINDOWS\system32\afnmjfsy.ini
C:\WINDOWS\system32\agwcqeku.ini
C:\WINDOWS\system32\ahhwavjx.ini
C:\WINDOWS\system32\ahobacxm.ini
C:\WINDOWS\system32\alddrppr.ini
C:\WINDOWS\system32\alhcwqxi.exe
C:\WINDOWS\system32\amiujocf.ini
C:\WINDOWS\system32\aoaegomq.ini
C:\WINDOWS\system32\apntebbb.ini
C:\WINDOWS\system32\aqhlogdn.ini
C:\WINDOWS\system32\arjwwdps.dll
C:\WINDOWS\system32\awnkkjrf.ini
C:\WINDOWS\system32\aytwpyrf.exe
C:\WINDOWS\system32\bahdbkci.ini
C:\WINDOWS\system32\bblvsljt.ini
C:\WINDOWS\system32\bjipgymg.ini
C:\WINDOWS\system32\bjpgqfcg.ini
C:\WINDOWS\system32\bmkhmcmc.ini
C:\WINDOWS\system32\bnirjcer.exe
C:\WINDOWS\system32\bnlovlqf.dll
C:\WINDOWS\system32\boxmplse.ini
C:\WINDOWS\system32\btftrprj.ini
C:\WINDOWS\system32\btxjdqbt.ini
C:\WINDOWS\system32\bunvnabi.dll
C:\WINDOWS\system32\buovsace.dll
C:\WINDOWS\system32\ccjrbgbd.ini
C:\WINDOWS\system32\cdmeatpu.ini
C:\WINDOWS\system32\cfcvnqwx.ini
C:\WINDOWS\system32\cfsksubm.ini
C:\WINDOWS\system32\cipsrwai.ini
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\cnxvtjrw.exe
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\configs\w9b.exe
C:\WINDOWS\system32\cpapownh.ini
C:\WINDOWS\system32\cqlrbfbt.ini
C:\WINDOWS\system32\cqxchuqx.ini
C:\WINDOWS\system32\crruuybg.dll
C:\WINDOWS\system32\cssapyjl.dll
C:\WINDOWS\system32\cvhineqk.dll
C:\WINDOWS\system32\cwhdpbqt.ini
C:\WINDOWS\system32\cxxcdjof.ini
C:\WINDOWS\system32\cyoaqrxh.ini
C:\WINDOWS\system32\dciqqolv.ini
C:\WINDOWS\system32\deeswchx.dll
C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak2
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini2
C:\WINDOWS\system32\dfhkj.tmp
C:\WINDOWS\system32\djnkwbjd.ini
C:\WINDOWS\system32\dnbnyegw.ini
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\dpdownnx.ini
C:\WINDOWS\system32\dporkdpy.ini
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\dvnfkajw.dll
C:\WINDOWS\system32\dxbjhdtu.exe
C:\WINDOWS\system32\dyduqvsp.ini
C:\WINDOWS\system32\dyxbyqga.dll
C:\WINDOWS\system32\eevyyydw.ini
C:\WINDOWS\system32\ehnbhnwr.ini
C:\WINDOWS\system32\eiumncpb.ini
C:\WINDOWS\system32\emhhltkf.ini
C:\WINDOWS\system32\emsbpmfx.dll
C:\WINDOWS\system32\enyepnjq.ini
C:\WINDOWS\system32\epmmlraj.ini
C:\WINDOWS\system32\esekfqds.ini
C:\WINDOWS\system32\exwwfxmh.ini
C:\WINDOWS\system32\exxhqjxa.ini
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\f10WtR
C:\WINDOWS\system32\f10WtR\f10WtR1099.exe
C:\WINDOWS\system32\faaqpmej.ini
C:\WINDOWS\system32\ffkdbygh.dll
C:\WINDOWS\system32\fgeehdvw.ini
C:\WINDOWS\system32\fgmakddq.ini
C:\WINDOWS\system32\filaebej.exe
C:\WINDOWS\system32\flqpauqn.ini
C:\WINDOWS\system32\fmmgyukx.ini
C:\WINDOWS\system32\fokwlvke.ini
C:\WINDOWS\system32\fpmcxcuu.exe
C:\WINDOWS\system32\fqeqmfbk.ini
C:\WINDOWS\system32\fsmbfera.ini
C:\WINDOWS\system32\fwlxcudf.ini
C:\WINDOWS\system32\fwngtajx.ini
C:\WINDOWS\system32\ganbkpdx.ini
C:\WINDOWS\system32\gbaypunl.ini
C:\WINDOWS\system32\gfrwiagj.ini
C:\WINDOWS\system32\ggpfbklc.ini
C:\WINDOWS\system32\giapnukk.ini
C:\WINDOWS\system32\glyxlfym.ini
C:\WINDOWS\system32\gmygpijb.dll
C:\WINDOWS\system32\gnytfhay.ini
C:\WINDOWS\system32\grnrbayl.ini
C:\WINDOWS\system32\gslbxiiy.ini
C:\WINDOWS\system32\gstskiqv.ini
C:\WINDOWS\system32\gwiergof.dll
C:\WINDOWS\system32\hdvxxjgt.ini
C:\WINDOWS\system32\hesvlxtt.ini
C:\WINDOWS\system32\hmreahrh.ini
C:\WINDOWS\system32\hmsknlji.ini
C:\WINDOWS\system32\hsdtaxtr.ini
C:\WINDOWS\system32\hwbvuejo.ini
C:\WINDOWS\system32\iakmrsqy.ini
C:\WINDOWS\system32\idutmvme.dll
C:\WINDOWS\system32\iexyijwj.ini
C:\WINDOWS\system32\ifedoalf.ini
C:\WINDOWS\system32\igaddlij.exe
C:\WINDOWS\system32\igiqpste.ini
C:\WINDOWS\system32\ihrmedni.ini
C:\WINDOWS\system32\ilyncnyw.ini
C:\WINDOWS\system32\injsqxdw.ini
C:\WINDOWS\system32\itrtfgyi.ini
C:\WINDOWS\system32\ivqfcdtn.ini
C:\WINDOWS\system32\japsrksk.ini
C:\WINDOWS\system32\jdqnyymv.ini
C:\WINDOWS\system32\jfbyfwas.ini
C:\WINDOWS\system32\jipxggif.ini
C:\WINDOWS\system32\jkeduaqh.ini
C:\WINDOWS\system32\jorkjdit.ini
C:\WINDOWS\system32\jtquemlq.exe
C:\WINDOWS\system32\juqitibo.dll
C:\WINDOWS\system32\kareqdxw.ini
C:\WINDOWS\system32\kddrxyxv.exe
C:\WINDOWS\system32\kloppqnj.ini
C:\WINDOWS\system32\kmqahgpb.dll
C:\WINDOWS\system32\knopsrmv.ini
C:\WINDOWS\system32\knucryah.dll
C:\WINDOWS\system32\koaiehpc.ini
C:\WINDOWS\system32\kpnbesaj.ini
C:\WINDOWS\system32\kpqfaxyh.ini
C:\WINDOWS\system32\kqanqvmu.dll
C:\WINDOWS\system32\kqxqovnl.ini
C:\WINDOWS\system32\krbrtxpp.ini
C:\WINDOWS\system32\krfkmiok.ini
C:\WINDOWS\system32\krlwarpn.ini
C:\WINDOWS\system32\kwiejjvx.ini
C:\WINDOWS\system32\kxijawah.ini
C:\WINDOWS\system32\lallqwbn.ini
C:\WINDOWS\system32\lbsoxloe.ini
C:\WINDOWS\system32\lfmorrlb.ini
C:\WINDOWS\system32\ljxoodej.ini
C:\WINDOWS\system32\lkgqyjfm.ini
C:\WINDOWS\system32\lnfuwouf.ini
C:\WINDOWS\system32\lqpkjunv.ini
C:\WINDOWS\system32\lqxquhaf.ini
C:\WINDOWS\system32\lsjtwpjy.dll
C:\WINDOWS\system32\lt.res
C:\WINDOWS\system32\ltcwvrso.exe
C:\WINDOWS\system32\lvhsupfp.ini
C:\WINDOWS\system32\mbkcjhae.ini
C:\WINDOWS\system32\mbqxinfq.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mcxdptsn.dll
C:\WINDOWS\system32\mksewgoa.dll
C:\WINDOWS\system32\mnmpsihp.ini
C:\WINDOWS\system32\mpvdpvpf.ini
C:\WINDOWS\system32\mrqxopdo.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\muknjjky.dll
C:\WINDOWS\system32\mvbmgfhd.ini
C:\WINDOWS\system32\mvqunjqd.ini
C:\WINDOWS\system32\mxxaitrb.ini
C:\WINDOWS\system32\naepfvfc.ini
C:\WINDOWS\system32\ndecbcbr.ini
C:\WINDOWS\system32\ndphhbko.ini
C:\WINDOWS\system32\ndqlyvpv.ini
C:\WINDOWS\system32\ngywrwkb.ini
C:\WINDOWS\system32\nhtxdbhn.dll
C:\WINDOWS\system32\njtqdbio.ini
C:\WINDOWS\system32\nktkabhn.ini
C:\WINDOWS\system32\nofvkcrh.ini
C:\WINDOWS\system32\nprawlrk.dll
C:\WINDOWS\system32\ntrhvxae.ini
C:\WINDOWS\system32\nxibmctx.ini
C:\WINDOWS\system32\nxyetwaa.exe
C:\WINDOWS\system32\oeumjhcq.exe
C:\WINDOWS\system32\ogfgorbq.ini
C:\WINDOWS\system32\oigmfqmx.ini
C:\WINDOWS\system32\okfouipl.dll
C:\WINDOWS\system32\olhnrsmw.ini
C:\WINDOWS\system32\omhdyemu.ini
C:\WINDOWS\system32\omtnuwmv.ini
C:\WINDOWS\system32\orjcbptk.ini
C:\WINDOWS\system32\oufsgrxi.ini
C:\WINDOWS\system32\ovbajgft.ini
C:\WINDOWS\system32\oxsddrhh.ini
C:\WINDOWS\system32\paapdvec.ini
C:\WINDOWS\system32\pfpgtreb.ini
C:\WINDOWS\system32\pijuixqe.ini
C:\WINDOWS\system32\pjiraqaw.exe
C:\WINDOWS\system32\plvfkfxm.ini
C:\WINDOWS\system32\pmlufvlj.ini
C:\WINDOWS\system32\pnrjxvcj.ini
C:\WINDOWS\system32\pvlqygce.ini
C:\WINDOWS\system32\pwoofcsn.ini
C:\WINDOWS\system32\pwvqjenk.ini
C:\WINDOWS\system32\qcupnnaw.ini
C:\WINDOWS\system32\qgjajnwl.ini
C:\WINDOWS\system32\qhwbthpx.dll
C:\WINDOWS\system32\qilxwwqr.dll
C:\WINDOWS\system32\qovkdpus.dll
C:\WINDOWS\system32\qpdluudb.ini
C:\WINDOWS\system32\qplphxlk.dll
C:\WINDOWS\system32\qwbpgiqq.dll
C:\WINDOWS\system32\rbeuwwhx.ini
C:\WINDOWS\system32\rbmoacid.ini
C:\WINDOWS\system32\rdmfnduk.dll
C:\WINDOWS\system32\rerhfttp.ini
C:\WINDOWS\system32\rhpipeqx.ini
C:\WINDOWS\system32\rngatngn.ini
C:\WINDOWS\system32\roldhcub.ini
C:\WINDOWS\system32\rolougme.dll
C:\WINDOWS\system32\rqpibxpl.ini
C:\WINDOWS\system32\rrevjncx.ini
C:\WINDOWS\system32\rrhdidkx.ini
C:\WINDOWS\system32\ruoctatk.ini
C:\WINDOWS\system32\rutuqqrl.ini
C:\WINDOWS\system32\rwdnhwkp.ini
C:\WINDOWS\system32\sbkjldan.dll
C:\WINDOWS\system32\seooncsy.ini
C:\WINDOWS\system32\seyhnddh.ini
C:\WINDOWS\system32\sfleukby.exe
C:\WINDOWS\system32\sft.res
C:\WINDOWS\system32\shfbergy.ini
C:\WINDOWS\system32\siauxtln.ini
C:\WINDOWS\system32\sjmjvcic.dll
C:\WINDOWS\system32\sks~1
C:\WINDOWS\system32\sks~1\??sks\
C:\WINDOWS\system32\sks~1\rundll32.exe
C:\WINDOWS\system32\soxqibip.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\sumymobr.ini
C:\WINDOWS\system32\svkraidl.ini
C:\WINDOWS\system32\tacjypoc.ini
C:\WINDOWS\system32\tchpnbwe.ini
C:\WINDOWS\system32\tempchk
C:\WINDOWS\system32\tempchk\w86.exe
C:\WINDOWS\system32\tfxdmrtl.ini
C:\WINDOWS\system32\thioanbj.ini
C:\WINDOWS\system32\ticfevtj.ini
C:\WINDOWS\system32\tmehubcs.ini
C:\WINDOWS\system32\tnncjtdq.ini
C:\WINDOWS\system32\tnpqronx.ini
C:\WINDOWS\system32\toanutlg.ini
C:\WINDOWS\system32\ttwgcjvf.ini
C:\WINDOWS\system32\tupiykkt.ini
C:\WINDOWS\system32\tusdtkds.ini
C:\WINDOWS\system32\tuulwlwe.ini
C:\WINDOWS\system32\twfcvqfn.dll
C:\WINDOWS\system32\twlekxem.ini
C:\WINDOWS\system32\ucsibjrq.ini
C:\WINDOWS\system32\ufaosdce.dll
C:\WINDOWS\system32\uguvwdhe.ini
C:\WINDOWS\system32\uibxwkfj.ini
C:\WINDOWS\system32\ujqynwqs.ini
C:\WINDOWS\system32\ukybsvha.ini
C:\WINDOWS\system32\ulpieyhv.ini
C:\WINDOWS\system32\upqtwpen.exe
C:\WINDOWS\system32\uptaemdc.dll
C:\WINDOWS\system32\uqpepwjb.ini
C:\WINDOWS\system32\urayyify.exe
C:\WINDOWS\system32\urtfsbot.ini
C:\WINDOWS\system32\V1
C:\WINDOWS\system32\vcminanc.ini
C:\WINDOWS\system32\vewqptcc.ini
C:\WINDOWS\system32\vfigbgub.ini
C:\WINDOWS\system32\vlanenff.ini
C:\WINDOWS\system32\vnjreffl.exe
C:\WINDOWS\system32\vntvckeb.ini
C:\WINDOWS\system32\voubvolx.ini
C:\WINDOWS\system32\vqsvkkad.ini
C:\WINDOWS\system32\vuvyeool.ini
C:\WINDOWS\system32\vvwagffb.ini
C:\WINDOWS\system32\wdlvsrpr.ini
C:\WINDOWS\system32\wectawpu.ini
C:\WINDOWS\system32\weinacgh.ini
C:\WINDOWS\system32\wgtgabxe.ini
C:\WINDOWS\system32\whoshvhc.ini
C:\WINDOWS\system32\wijvbglg.ini
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\system32\wuilehfv.dll
C:\WINDOWS\system32\xapombrh.ini
C:\WINDOWS\system32\xhxgskrq.ini
C:\WINDOWS\system32\xiybbgob.ini
C:\WINDOWS\system32\xjfgtuib.ini
C:\WINDOWS\system32\xjughbjl.ini
C:\WINDOWS\system32\xnhgndeq.ini
C:\WINDOWS\system32\xqtbgawt.ini
C:\WINDOWS\system32\xrixlwpa.exe
C:\WINDOWS\system32\xsqgyluf.ini
C:\WINDOWS\system32\xvdgtthr.ini
C:\WINDOWS\system32\xxjxrmte.ini
C:\WINDOWS\system32\xxlcopmt.ini
C:\WINDOWS\system32\xxliqojn.exe
C:\WINDOWS\system32\xypycwci.dll
C:\WINDOWS\system32\xyvrhofu.ini
C:\WINDOWS\system32\yeflrqrl.ini
C:\WINDOWS\system32\ytnfpdjw.ini
C:\WINDOWS\system32\yvifrauh.ini
C:\WINDOWS\system32\Z1
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe
C:\WINDOWS\wintst32.tmp
C:\xcrashdump.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_VSPF
-------\Legacy_VSPF_HK
-------\Service_MsSecurity1.209.4
-------\Legacy_PlugPlayRPC
-------\Service_PlugPlayRPC


((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.

2008-06-16 17:37 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-16 17:36 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-16 17:35 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-06-16 17:34 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-16 17:33 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-16 17:32 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-06-16 17:31 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-16 17:30 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-16 17:29 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-16 17:28 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-06-16 17:27 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-06-16 17:26 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-06-16 17:25 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-06-16 17:24 . 2001-08-17 13:28 797,500 --a------ C:\WINDOWS\system32\dllcache\ltsmt.sys
2008-06-16 17:23 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-16 17:22 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\system32\dllcache\iconf32.dll
2008-06-16 17:21 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-06-16 17:20 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-06-16 17:19 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-16 17:18 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-06-16 17:17 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-16 17:16 . 2001-08-17 22:36 419,357 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-06-16 17:15 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-06-16 17:14 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-16 17:13 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-16 16:37 . 2008-06-15 20:08 1,438,178 --a------ C:\SDFix.exe
2008-06-15 21:08 . 2008-06-15 21:56 1,384 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-15 20:46 . 2008-06-15 20:46 <DIR> d-------- C:\Documents and Settings\Administrator
2008-06-15 10:46 . 2008-06-15 10:46 <DIR> d-------- C:\Program Files\GetPack
2008-06-11 23:25 . 2008-06-15 21:25 <DIR> d-------- C:\Program Files\altcmd
2008-06-11 13:26 . 2008-06-11 13:26 <DIR> d-------- C:\Program Files\iCheck
2008-06-11 13:26 . 2008-06-15 10:46 <DIR> d-------- C:\Program Files\GetModule
2008-06-04 20:06 . 2008-06-04 20:06 37,952 --a------ C:\WINDOWS\system32\iagvwyyu.exe
2008-06-03 12:31 . 2008-06-03 12:31 37,952 --a------ C:\WINDOWS\system32\dxtixdmm.exe
2008-06-03 12:31 . 2008-06-16 11:23 24,640 --a------ C:\WINDOWS\system32\__c00ED5C6.dat
2008-06-03 12:30 . 2008-06-16 18:12 <DIR> d-------- C:\WINDOWS\system32\5267
2008-06-02 20:11 . 2008-06-02 20:11 2,609,424 ---hs---- C:\WINDOWS\system32\kfuqvxck.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:41 --------- d-----w C:\Documents and Settings\destiny cruz\Application Data\Neopets Toolbar
2008-04-28 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 00:45 --------- d-----w C:\Program Files\Windows Defender
2008-04-28 00:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-27 23:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-27 18:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Neopets Toolbar
2006-07-24 18:47 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
2007-12-04 00:56 56 -csh--r C:\WINDOWS\system32\2B398B6839.sys
2007-11-21 23:02 88 -csh--r C:\WINDOWS\system32\39688B392B.sys
2007-12-04 00:56 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\ZGVzdGlueSBjcnV6\t3pWx35Rym13wBpd.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]
C:\Program Files\altcmd\altcmd32.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 20:55 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-09-26 20:34 169984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommnmk]
qommnmk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00ED5C6]
C:\WINDOWS\system32\__c00ED5C6.dat 2008-06-16 11:23 24640 C:\WINDOWS\system32\__c00ED5C6.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^destiny cruz^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^destiny cruz^Start Menu^Programs^Startup^Think-Adz.lnk]
path=C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\Think-Adz.lnk
backup=C:\WINDOWS\pss\Think-Adz.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c5ad4c2]
C:\WINDOWS\system32\uptaemdc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F6F9241.exe]
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F6F9241.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F8E0C4.exe]
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F8E0C4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f69e75e]
C:\WINDOWS\system32\ufaosdce.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
-----c--- 2005-02-23 16:57 57344 C:\Program Files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
-----c--- 2006-08-07 11:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
C:\Program Files\Common Files\WinAntiVirus Pro 2006\dc6_startupmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 15:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 04:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
C:\WINDOWS\system32\owinqmdt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule18]
--a------ 2008-06-09 17:40 351744 C:\Program Files\GetModule\GetModule18.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack18]
--a------ 2008-06-10 05:08 350208 C:\Program Files\GetPack\GetPack18.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-07-24 14:52 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1168795182\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-18 13:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-03-04 11:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-12-13 03:41 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-12-13 03:45 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-12-13 03:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 15:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a--c--- 2005-12-28 12:56 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a--c--- 2005-12-28 12:55 667718 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\ie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niwopib]
C:\Program Files\Messenger\niwopib22011.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a--c--- 2006-04-11 20:39 176201 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oneuikfg]
C:\Documents and Settings\destiny cruz\My Documents\??sembly\l?gonui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 15:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2005-08-30 10:30 823362 C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule15]
C:\Program Files\QdrModule\QdrModule15.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack15]
C:\Program Files\QdrPack\QdrPack15.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu77.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
C:\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
C:\WINDOWS\system32\SKS~1\rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
--a------ 2008-04-28 16:12 35328 C:\Documents and Settings\destiny cruz\Application Data\Microsoft\Windows\mrmcu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
C:\Documents and Settings\destiny cruz\Application Data\SpeedRunner\SpeedRunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svconr]
C:\Program Files\Svconr\Svconr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
C:\WINDOWS\svhost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-09 20:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 12:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
C:\WINDOWS\system32\nsuykpgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
C:\Program Files\Web Buying\v1.8.1\webbuying.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
C:\Program Files\WinPop\winpop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yrcxnyo]
C:\Documents and Settings\destiny cruz\My Documents\??curity\m?hta.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{AD-D4-46-6D-ZN}]
C:\windows\system32\lpdsrngr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\1168795182\\ee\\aolsoftware.exe"=

S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSPMUSBX.sys [2004-07-26 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 14:36:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-16 22:25:33 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 18:23:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\__c00ED5C6.dat
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\pccguide.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-06-16 18:26:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-16 22:26:47

Pre-Run: 42,457,051,136 bytes free
Post-Run: 42,223,017,984 bytes free

713 --- E O F --- 2008-05-09 11:31:26

#10 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 05:25 PM

Please try running SDFix again, and post that log along with a new HijackThis log. Very infected computer here...
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi

    Advertisements

Register to Remove


#11 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 06:09 PM

Here is the SDFix and the Hijack This logs:

SDFix: Version 1.193
Run by destiny cruz on Mon 06/16/2008 at 19:54

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


Checking Files :

Trojan Files Found:

C:\BRO63.TMP - Deleted
C:\DOCUME~1\DESTIN~1\APPLIC~1\MICROS~1\WINDOWS\MRMCU.EXE - Deleted
C:\Program Files\GetModule\dicik.gz - Deleted
C:\Program Files\GetModule\GetModule18.exe - Deleted
C:\Program Files\GetModule\kwdik.gz - Deleted
C:\Program Files\GetPack\dictame.gz - Deleted
C:\Program Files\GetPack\GetPack18.exe - Deleted
C:\Program Files\GetPack\trgtame.gz - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted



Folder C:\Program Files\GetModule - Removed
Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-16 20:00:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000007a
"TracesSuccessful"=dword:00000005

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Common Files\\AOL\\1168795182\\ee\\aolsoftware.exe"="C:\\Program Files\\Common Files\\AOL\\1168795182\\ee\\aolsoftware.exe:*:Enabled:AOL Shared Components"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 1 Sep 2004 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Wed 1 Sep 2004 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Wed 1 Sep 2004 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 3 Dec 2007 56 ..SHR --- "C:\WINDOWS\system32\2B398B6839.sys"
Wed 21 Nov 2007 88 ..SHR --- "C:\WINDOWS\system32\39688B392B.sys"
Mon 2 Jun 2008 2,609,424 ..SH. --- "C:\WINDOWS\system32\kfuqvxck.tmp"
Mon 3 Dec 2007 4,704 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 30 Jul 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 4 Dec 2007 71,376 A.SH. --- "C:\Program Files\Trend Micro\Internet Security 12\Quarantine\938.tmp"
Mon 3 Dec 2007 71,376 A.SH. --- "C:\Program Files\Trend Micro\Internet Security 12\Quarantine\939.tmp"
Tue 4 Dec 2007 71,376 A.SH. --- "C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93A.tmp"
Mon 13 Aug 2007 72,906 A.SHR --- "C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93B.tmp"
Mon 3 Dec 2007 71,376 A.SH. --- "C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93C.tmp"
Mon 16 Jun 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12a516f59ccedd32ae28471e3e750899\BIT4.tmp"
Tue 6 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT1C8.tmp"
Mon 24 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Mon 24 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Mon 24 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 28 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 20:08:10, on 6/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1168795182\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0352B5-1F42-4A46-9F66-92BA5ABBD0CC}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: qommnmk - qommnmk.dll (file missing)
O20 - Winlogon Notify: __c00ED5C6 - C:\WINDOWS\system32\__c00ED5C6.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#12 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 16 June 2008 - 09:10 PM

1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\iagvwyyu.exe
C:\WINDOWS\system32\dxtixdmm.exe
C:\WINDOWS\system32\__c00ED5C6.dat
C:\WINDOWS\system32\kfuqvxck.tmp
C:\WINDOWS\system32\__c00ED5C6.dat
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\Think-Adz.lnk
C:\WINDOWS\system32\uptaemdc.dll
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F6F9241.exe
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F8E0C4.exe
C:\WINDOWS\system32\ufaosdce.dll
C:\WINDOWS\system32\owinqmdt.exe
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\ie.exe
C:\Program Files\Messenger\niwopib22011.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\nsuykpgf.dll
C:\windows\system32\lpdsrngr.exe

Folder::
C:\WINDOWS\system32\5267
C:\Program Files\altcmd 
C:\Program Files\Common Files\WinAntiVirus Pro 2006
C:\Documents and Settings\destiny cruz\My Documents\??sembly
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Program Files\Svconr
C:\Program Files\Web Buying
C:\Program Files\WinPop
C:\Documents and Settings\destiny cruz\My Documents\??curity

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32131238-5434-4234-4234-432432423432}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qommnmk]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c00ED5C6]
[-HKLM\~\startupfolder\C:^Documents and Settings^destiny cruz^Start Menu^Programs^Startup^TA_Start.lnk]
[-HKLM\~\startupfolder\C:^Documents and Settings^destiny cruz^Start Menu^Programs^Startup^Think-Adz.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0c5ad4c2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F6F9241.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A00F8E0C4.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM0f69e75e]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DC6_check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ERS_check]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExploreUpdSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetModule18]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GetPack18]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\niwopib]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Oneuikfg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule15]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack15]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SfKg6wIP]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedRunner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Svconr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svhost]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uwas7cw]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebBuying]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yrcxnyo]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{AD-D4-46-6D-ZN}]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#13 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 16 June 2008 - 10:27 PM

Ok I did what you asked and here are the log reports:
ComboFix 08-06-15.4 - destiny cruz 2008-06-17 0:09:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.529 [GMT -4:00]
Running from: C:\Documents and Settings\destiny cruz\Desktop\combo-fix.exe
Command switches used :: C:\Documents and Settings\destiny cruz\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F6F9241.exe
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\_A00F8E0C4.exe
C:\DOCUME~1\DESTIN~1\LOCALS~1\Temp\ie.exe
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\TA_Start.lnk
C:\Documents and Settings\destiny cruz\Start Menu\Programs\Startup\Think-Adz.lnk
C:\Program Files\Messenger\niwopib22011.exe
C:\WINDOWS\retadpu77.exe
C:\WINDOWS\svhost.exe
C:\WINDOWS\system32\__c00ED5C6.dat
C:\WINDOWS\system32\dxtixdmm.exe
C:\WINDOWS\system32\iagvwyyu.exe
C:\WINDOWS\system32\kfuqvxck.tmp
C:\windows\system32\lpdsrngr.exe
C:\WINDOWS\system32\nsuykpgf.dll
C:\WINDOWS\system32\owinqmdt.exe
C:\WINDOWS\system32\ufaosdce.dll
C:\WINDOWS\system32\uptaemdc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\destiny cruz\err.log
C:\Documents and Settings\destiny cruz\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\destiny cruz\Local Settings\Temporary Internet Files\CPV.stt
C:\Program Files\altcmd
C:\Program Files\altcmd\altcmd.inf
C:\Program Files\altcmd\uninstall.bat
C:\WINDOWS\system32\5267
C:\WINDOWS\system32\5267\~!11684p.spt
C:\WINDOWS\system32\dxtixdmm.exe
C:\WINDOWS\system32\iagvwyyu.exe
C:\WINDOWS\system32\kfuqvxck.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-17 to 2008-06-17 )))))))))))))))))))))))))))))))
.

2008-06-16 19:50 . 2008-06-16 19:50 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-16 19:39 . 2008-06-16 20:03 <DIR> d-------- C:\SDFix
2008-06-16 18:27 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-16 17:38 . 2001-08-17 13:28 765,884 --a------ C:\WINDOWS\system32\dllcache\usrti.sys
2008-06-16 17:37 . 2001-08-17 13:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-06-16 17:36 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\system32\dllcache\tridxp.dll
2008-06-16 17:35 . 2001-08-17 14:56 172,768 --a------ C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-06-16 17:34 . 2001-08-17 12:18 285,760 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-06-16 17:33 . 2004-08-03 22:41 404,990 --a------ C:\WINDOWS\system32\dllcache\slntamr.sys
2008-06-16 17:32 . 2001-08-17 22:36 386,560 --a------ C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-06-16 17:31 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-06-16 17:30 . 2004-08-04 00:56 397,056 --a------ C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-06-16 17:29 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-06-16 17:28 . 2004-08-04 00:56 259,328 --a------ C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-06-16 17:27 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-06-16 17:26 . 2004-08-03 22:41 180,360 --a------ C:\WINDOWS\system32\dllcache\ntmtlfax.sys
2008-06-16 17:25 . 2004-08-04 00:56 1,737,856 --a------ C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-06-16 17:24 . 2001-08-17 13:28 797,500 --a------ C:\WINDOWS\system32\dllcache\ltsmt.sys
2008-06-16 17:23 . 2001-08-17 13:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-06-16 17:22 . 2001-08-17 22:36 372,824 --a------ C:\WINDOWS\system32\dllcache\iconf32.dll
2008-06-16 17:21 . 2004-08-03 22:41 1,041,536 --a------ C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-06-16 17:20 . 2001-08-17 22:36 324,608 --a------ C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-06-16 17:19 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-06-16 17:18 . 2001-08-17 12:17 629,952 --a------ C:\WINDOWS\system32\dllcache\eqn.sys
2008-06-16 17:17 . 2001-08-17 12:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-06-16 17:16 . 2001-08-17 22:36 419,357 --a------ C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-06-16 17:15 . 2001-08-17 12:13 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-06-16 17:14 . 2004-08-04 00:56 1,888,992 --a------ C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-06-16 17:13 . 2001-08-17 13:28 762,780 --a------ C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-06-16 16:37 . 2008-06-15 20:08 1,438,178 --a------ C:\SDFix.exe
2008-06-15 21:08 . 2008-06-15 21:56 1,384 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-15 20:46 . 2008-06-15 20:46 <DIR> d-------- C:\Documents and Settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-16 16:41 --------- d-----w C:\Documents and Settings\destiny cruz\Application Data\Neopets Toolbar
2008-05-13 17:35 100,928 ----a-w C:\WINDOWS\system32\kjclerkv.dll
2008-05-13 17:32 100,928 ----a-w C:\WINDOWS\system32\kexxfbcm.dll
2008-05-10 15:30 102,464 ----a-w C:\WINDOWS\system32\tojhrpni.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-28 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-28 00:45 --------- d-----w C:\Program Files\Windows Defender
2008-04-28 00:16 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-27 23:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-27 18:44 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Neopets Toolbar
2008-04-17 10:46 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-04-14 11:01 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2006-07-24 18:47 0 -c-ha-w C:\Documents and Settings\All Users\Application Data\gwseh.dat
2007-12-04 00:56 56 -csh--r C:\WINDOWS\system32\2B398B6839.sys
2007-11-21 23:02 88 -csh--r C:\WINDOWS\system32\39688B392B.sys
2007-12-04 00:56 4,704 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2005-07-29 20:24 472 --sha-r C:\WINDOWS\ZGVzdGlueSBjcnV6\t3pWx35Rym13wBpd.vbs
.

((((((((((((((((((((((((((((( snapshot@2008-06-16_18.26.28.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-16 22:22:24 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-17 03:58:43 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-16 07:15:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-06-16 23:50:47 5,578,752 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-16 23:50:47 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-06-16 07:15:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-06-16 23:50:24 5,578,752 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-06-16 23:50:24 12,288 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 10:00:00 561,179 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25 554,008 ----a-w C:\WINDOWS\system32\dllcache\dao360.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2004-08-04 10:00:00 512,029 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\dllcache\msexch40.dll
- 2004-08-04 10:00:00 319,517 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2004-08-04 10:00:00 1,507,356 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\dllcache\msjet40.dll
- 2004-08-04 10:00:00 358,976 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2004-08-04 10:00:00 53,279 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\dllcache\msjter40.dll
- 2004-08-04 10:00:00 241,693 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2004-08-04 10:00:00 213,023 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\dllcache\msltus40.dll
- 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2004-08-04 10:00:00 421,919 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2004-08-04 10:00:00 315,423 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2004-08-04 10:00:00 552,989 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2004-08-04 10:00:00 258,077 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\dllcache\mstext40.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2004-08-04 10:00:00 831,519 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2004-08-04 10:00:00 614,429 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2004-08-04 10:00:00 348,189 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-05-29 20:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2004-08-04 10:00:00 512,029 -c--a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-04 10:00:00 319,517 -c--a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2004-08-04 10:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-04 10:00:00 358,976 -c--a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-04 10:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-04 10:00:00 241,693 -c--a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-04 10:00:00 213,023 -c--a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-04 10:00:00 348,189 -c--a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2004-08-04 10:00:00 421,919 -c--a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-04 10:00:00 315,423 -c--a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-04 10:00:00 552,989 -c--a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-04 10:00:00 258,077 -c--a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2004-08-04 10:00:00 831,519 -c--a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-04 10:00:00 614,429 ----a-w C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
- 2004-08-04 10:00:00 348,189 -c--a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-11-17 20:14:30 14,640 -c----w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-09 20:55 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BuildBU]
--a--c--- 2004-02-19 07:23 61440 c:\dell\bldbubg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSVolFE.exe]
-----c--- 2005-02-23 16:57 57344 C:\Program Files\Creative\Mixer\CTSVolFE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
-----c--- 2006-08-07 11:06 700416 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 15:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a--c--- 2005-05-15 03:04 332800 C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
--a--c--- 2005-09-08 06:20 122940 C:\WINDOWS\System32\DLA\DLACTRLW.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a--c--- 2005-10-05 04:12 94208 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a--c--- 2006-07-24 14:52 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 C:\Program Files\Common Files\AOL\1168795182\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-18 13:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-03-04 11:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a--c--- 2005-12-13 03:41 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a--c--- 2005-12-13 03:45 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a--c--- 2005-12-13 03:44 98304 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 15:45 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelWireless]
--a--c--- 2005-12-28 12:56 602182 C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
--a--c--- 2005-12-28 12:55 667718 C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-06-10 11:44 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-06-10 11:44 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a--c--- 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
-----c--- 2003-09-10 03:24 20480 C:\Program Files\NetWaiting\netWaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE_OEM]
--a--c--- 2006-04-11 20:39 176201 C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 15:25 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
--a------ 2005-08-30 10:30 823362 C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
-----c--- 2004-04-11 21:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a--c--- 2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
-ra------ 2003-10-14 11:22 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-06-09 20:55 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a--c--- 2006-03-08 12:48 761947 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 19:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Alerter"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\AOL\\1168795182\\ee\\aolsoftware.exe"=

S3 PRISM_USB;Linksys Wireless-B USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSPMUSBX.sys [2004-07-26 15:32]

.
Contents of the 'Scheduled Tasks' folder
"2008-06-11 14:36:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 04:01:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 00:11:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-17 0:12:47
ComboFix-quarantined-files.txt 2008-06-17 04:12:25
ComboFix2.txt 2008-06-16 22:26:50

Pre-Run: 41,918,152,704 bytes free
Post-Run: 41,908,207,616 bytes free

383 --- E O F --- 2008-06-17 01:47:13

Logfile of HijackThis v1.99.1
Scan saved at 00:14:23, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#14 IndiGenus

IndiGenus

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 5,251 posts
  • Interests:Computer Security, Music, Sports

Posted 17 June 2008 - 10:46 AM

Update Java Runtime:

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 6.
  • Go to the Sun Java Website
  • Click on the download button next to Java Runtime Environment (JRE) 6 Update 6
  • Check the circle next to I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click on the link Windows Offline Installation, Multi-language and save the downloaded file to your hard disk.
  • Go to Start => Control Panel => Add or Remove Programs
  • Uninstall all old versions of Java (Java 2 Runtime Environment, JRE or JSE)
  • Reboot your computer
  • Delete the folder C:\Program Files\Java if present
  • Install the new version by running the newly-downloaded file, and follow the on-screen instructions.
  • Reboot your computer

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use ATF Cleaner to remove temp files,
cookies, cache, ect...

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Please also post a new HJT log and let me know how it's running.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

Logs will be closed if you haven't replied within 5 days



Proud Graduate of TC/WTT Classroom



"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#15 dcruz

dcruz

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 17 June 2008 - 02:01 PM

My computer is running alot better now Thanks. I haven't got any new pop ups, the desktop is back, and I can now open Task Manager. There is still a red X for the c drive icon. The logs you told me to post are here:
Malwarebytes' Anti-Malware 1.17
Database version: 864

1:29:13 PM 6/17/2008
mbam-log-6-17-2008 (13-29-13).txt

Scan type: Quick Scan
Objects scanned: 40196
Time elapsed: 4 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\ExplorerWAS (Rogue.WinAntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Secondary_Page_URL (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Secondary Start Pages (Hijack.Homepage) -> Bad: (file://c:/windows/homepage.html ) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\b155.exe_old (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\b156.exe_old (Adware.Insider) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_Intl.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ClickToFindandFixErrors_US.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\destiny cruz\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\destiny cruz\Desktop\Click to Find and Fix Errors.url (Rogue.Link) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 17, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 17, 2008 17:29:50
Records in database: 876866
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 48735
Threat name: 103
Infected objects: 724
Suspicious objects: 0
Duration of the scan: 00:51:37


File name / Threat name / Threats count
C:\Documents and Settings\destiny cruz\Desktop\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\America Online 9.0\download\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\112.tmp Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\174.tmp Infected: Exploit.Win32.IMG-WMF.u 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp Infected: Trojan-Downloader.Win32.Small.uzg 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F30.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\2F31.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\4D.tmp Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\80D.tmp Infected: Trojan-Downloader.Win32.Agent.ndt 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\814.tmp Infected: Trojan.Win32.BHO.ab 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\815.tmp Infected: not-a-virus:AdWare.Win32.Rond.e 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\816.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\817.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\818.tmp Infected: Trojan-Downloader.Win32.Small.buy 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\818.tmp Infected: not-a-virus:AdWare.Win32.Mostofate.u 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\819.tmp Infected: Trojan-Downloader.Win32.Agent.jih 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81A.tmp Infected: Trojan-Proxy.Win32.VB.x 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\81F.tmp Infected: Trojan.Win32.Monder.da 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\826.tmp Infected: Trojan.Win32.Agent.lkz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\827.tmp Infected: Rootkit.Win32.Agent.aii 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\828.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\829.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82A.tmp Infected: Trojan.Win32.Monder.cz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\82F.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\83.tmp Infected: Email-Worm.Win32.Zhelatin.zb 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\830.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\831.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\832.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\833.tmp Infected: Trojan.Win32.Monder.cy 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\834.tmp Infected: Trojan.Win32.BHO.ab 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\8E.tmp Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\935.tmp Infected: Trojan-Downloader.Win32.Small.ixu 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\936.tmp Infected: Trojan.Win32.DNSChanger.ckn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\937.tmp Infected: Trojan-Clicker.Win32.Delf.vr 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\938.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\939.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93A.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93B.tmp Infected: Trojan-Downloader.Win32.PurityScan.ev 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\93C.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\944.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.x 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\945.tmp Infected: not-a-virus:AdWare.Win32.TTC.c 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\946.tmp Infected: Trojan-Clicker.HTML.IFrame.dn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\947.tmp Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\948.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\949.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94E.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\94F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qri 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\950.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\951.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\952.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\953.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\954.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\955.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\956.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\957.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\958.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\959.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95A.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95B.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95D.tmp Infected: Trojan.Win32.Monder.cm 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\95F.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\960.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\961.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\962.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\963.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\964.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\965.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\966.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\967.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\968.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\969.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96A.tmp Infected: Trojan.Win32.Monder.cm 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96D.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.dnl 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\96F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\970.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\971.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\972.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\973.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\974.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\975.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\976.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\977.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\978.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\979.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97C.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\97F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\980.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\981.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\982.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\983.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\984.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\985.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\986.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\987.tmp Infected: Trojan.Win32.Monder.cm 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\988.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\989.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98E.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\98F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\990.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\991.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\992.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\993.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\994.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\995.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\996.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\997.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\998.tmp Infected: Trojan.Win32.Monder.cd 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\999.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99D.tmp Infected: Trojan.Win32.BHO.zh 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\99F.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A0.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A1.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A3.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A4.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A5.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A6.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A7.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A8.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9A9.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AA.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AB.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AC.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qri 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AD.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AE.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9AF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B1.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B3.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B4.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B5.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B6.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B7.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B8.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9B9.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BB.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BC.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BD.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BE.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9BF.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C1.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C2.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C3.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C4.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C5.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C6.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C7.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C8.tmp Infected: Trojan.Win32.Monder.z 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9C9.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.dnp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CA.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CB.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CC.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qvr 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CD.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CE.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9CF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D0.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D1.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D3.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D4.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D5.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D6.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D7.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D8.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9D9.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DB.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qvr 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DC.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DD.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DE.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9DF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E1.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E2.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E3.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E4.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E5.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E6.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E7.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E8.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9E9.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9EA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9EB.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9EC.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9ED.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9EE.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9EF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F0.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F1.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F2.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F3.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F4.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F5.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F6.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F7.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F8.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9F9.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FA.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FB.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FC.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FD.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FE.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\9FF.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A00.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A01.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A02.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A03.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A04.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A05.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A06.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A07.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A08.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A09.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0C.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A0F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A10.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A11.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A12.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A14.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1B.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1C.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A1F.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A20.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A21.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A22.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A23.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.ruc 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A24.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A25.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A26.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A27.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A28.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A29.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qup 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2C.tmp Infected: Trojan.Win32.BHO.hj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A2F.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A30.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A31.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A32.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A33.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A34.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A35.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.jp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A36.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A37.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A38.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A39.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3B.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3D.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3E.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A3F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A40.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A41.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A42.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A43.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A44.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A45.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A46.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A47.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A48.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A49.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4B.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A4F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A50.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A51.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A52.tmp Infected: Trojan.Win32.BHO.hj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A53.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A54.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A55.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A56.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A57.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A58.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A59.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5C.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A5F.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A60.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A61.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A62.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A63.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A64.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A65.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A66.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A67.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A68.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A69.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6A.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A6F.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A70.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A71.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A72.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A73.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A74.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A75.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A76.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A77.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A78.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A79.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7B.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7C.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A7F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A80.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A81.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A82.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A83.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.agh 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A84.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A85.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A86.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A87.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A88.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A89.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8B.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8D.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A8F.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A90.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A91.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A92.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A93.tmp Infected: Trojan.Win32.Monder.af 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A94.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A95.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qrq 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A96.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A97.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A98.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A99.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9A.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9C.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\A9F.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA1.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA3.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA4.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA5.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA6.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA7.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA8.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AA9.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAB.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAC.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAD.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAE.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AAF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB1.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB3.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB4.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB5.tmp Infected: Trojan.Win32.Monder.bv 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB6.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB7.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB8.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AB9.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABB.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABC.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABD.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABE.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ABF.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC0.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC1.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC2.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC3.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC4.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC5.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC6.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC7.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC8.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AC9.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACA.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACB.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACC.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACD.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACE.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ACF.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD0.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD1.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD2.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quv 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD3.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD4.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD5.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD6.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD7.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD8.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AD9.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADA.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADB.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADC.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADD.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADE.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\ADF.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE0.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE1.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE2.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE3.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE4.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE5.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE6.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE7.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE8.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AE9.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AEA.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AEB.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AEC.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AED.tmp Infected: Trojan.Win32.Monder.z 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AEE.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AEF.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF0.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF1.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF2.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF3.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.ec 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF4.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF5.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF6.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF7.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF8.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AF9.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFA.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFB.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFC.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFD.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFE.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\AFF.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B00.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B01.tmp Infected: Trojan.Win32.Monder.af 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B02.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B03.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B04.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B05.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B06.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B07.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B08.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B09.tmp Infected: Trojan.Win32.Monder.cv 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0B.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0E.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B0F.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B10.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B11.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B12.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B13.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B14.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B15.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B16.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B17.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B18.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B19.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1A.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1B.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B1F.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B20.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B21.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B22.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B23.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B24.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B25.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B26.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B27.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.din 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B28.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B29.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2C.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2D.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B2F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B30.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B31.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B32.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B33.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B34.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B35.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B36.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B37.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B38.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B39.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3B.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3C.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3E.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B3F.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B40.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B41.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B42.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B43.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B44.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B45.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B46.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B47.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B48.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B49.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4C.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B4F.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B50.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B51.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B52.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B53.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B54.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B55.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B56.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B57.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B58.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.bif 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B59.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5A.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5C.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5E.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B5F.tmp Infected: Trojan.Win32.BHO.rf 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B60.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qxr 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B61.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B62.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B63.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B64.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B65.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B66.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quv 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B67.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B68.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B69.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6A.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6B.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6D.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6E.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B6F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B70.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.quj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B71.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B72.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B73.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B74.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B75.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B76.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B77.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B78.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B79.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7A.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7B.tmp Infected: Trojan-Downloader.Win32.Agent.gwe 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7C.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7D.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7E.tmp Infected: Trojan.Win32.Obfuscated.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B7F.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B80.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.aps 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B81.tmp Infected: Trojan-Downloader.Win32.Tiny.id 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B82.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qrj 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B83.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B84.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B85.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B86.tmp Infected: Trojan.Win32.Agent.bck 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B87.tmp Infected: Trojan-Downloader.Win32.Agent.ezc 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B88.tmp Infected: not-a-virus:AdWare.Win32.Insider.c 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B89.tmp Infected: Trojan-Downloader.Win32.Agent.ofz 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8A.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.o 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8B.tmp Infected: not-a-virus:AdWare.Win32.Virtumonde.qrt 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8C.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8D.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8E.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B8F.tmp Infected: not-a-virus:AdWare.Win32.SuperJuan.kp 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B90.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B91.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B92.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B93.tmp Infected: Trojan.Win32.Monder.gen 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B94.tmp Infected: Trojan-Downloader.Win32.Small.eqn 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B95.tmp Infected: not-a-virus:AdWare.Win32.TTC.c 1
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D1.tmp Infected: Exploit.HTML.IESlice.d 1
C:\Program Files\Trend Micro\Internet Security 12\VSSA0BEN.009 Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.2006 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\mainladupd.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.y 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule16.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.ac 1
C:\QooBox\Quarantine\C\Program Files\QdrModule\QdrModule17.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.af 1
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack15.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.z 1
C:\QooBox\Quarantine\C\WINDOWS\default.htm.vir Infected: not-virus:Hoax.HTML.Secureinvites.b 1
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd 1
C:\QooBox\Quarantine\C\WINDOWS\portsv.exe.vir Infected: Trojan.Win32.Agent.qor 1
C:\QooBox\Quarantine\C\WINDOWS\system32\000070.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\000080.exe.vir Infected: not-a-virus:AdWare.Win32.AdBand.y 1
C:\QooBox\Quarantine\C\WINDOWS\system32\alhcwqxi.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\arjwwdps.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bnirjcer.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bnlovlqf.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\bunvnabi.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\buovsace.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cnxvtjrw.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\configs\w9b.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.co 1
C:\QooBox\Quarantine\C\WINDOWS\system32\crruuybg.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cssapyjl.dll.vir Infected: Trojan.Win32.Monder.mj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\cvhineqk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\deeswchx.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dvnfkajw.dll.vir Infected: Trojan.Win32.Monder.lh 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dxtixdmm.exe.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\dyxbyqga.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.tsg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\emsbpmfx.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.bfj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\f02WtR\f02WtR1065.exe.vir Infected: Trojan-Downloader.Win32.VB.awj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\f10WtR\f10WtR1099.exe.vir Infected: Trojan-Downloader.Win32.VB.awj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ffkdbygh.dll.vir Infected: Trojan.Win32.Monder.io 1
C:\QooBox\Quarantine\C\WINDOWS\system32\fpmcxcuu.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gmygpijb.dll.vir Infected: Trojan.Win32.Monder.dj 1
C:\QooBox\Quarantine\C\WINDOWS\system32\gwiergof.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\iagvwyyu.exe.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\idutmvme.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\igaddlij.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\juqitibo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.vln 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kmqahgpb.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\knucryah.dll.vir Infected: Trojan.Win32.Monder.dl 1
C:\QooBox\Quarantine\C\WINDOWS\system32\kqanqvmu.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lsjtwpjy.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ltcwvrso.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mcxdptsn.dll.vir Infected: Trojan.Win32.Monder.jy 1
C:\QooBox\Quarantine\C\WINDOWS\system32\mksewgoa.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\muknjjky.dll.vir Infected: Trojan.Win32.Monder.dk 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nhtxdbhn.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\nprawlrk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\oeumjhcq.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\okfouipl.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\pjiraqaw.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qhwbthpx.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qilxwwqr.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qovkdpus.dll.vir Infected: Trojan.Win32.Monder.di 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qplphxlk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\qwbpgiqq.dll.vir Infected: Trojan.Win32.Monder.eo 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rdmfnduk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\rolougme.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sbkjldan.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sfleukby.exe.vir Infected: Trojan.Win32.LowZones.gb 1
C:\QooBox\Quarantine\C\WINDOWS\system32\sjmjvcic.dll.vir Infected: Trojan.Win32.Monder.ix 1
C:\QooBox\Quarantine\C\WINDOWS\system32\SKS~1\rundll32.exe.vir Infected: Trojan-Downloader.Win32.Agent.kwg 1
C:\QooBox\Quarantine\C\WINDOWS\system32\soxqibip.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tempchk\w86.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.e 1
C:\QooBox\Quarantine\C\WINDOWS\system32\tempchk\w86.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 3
C:\QooBox\Quarantine\C\WINDOWS\system32\twfcvqfn.dll.vir Infected: Trojan.Win32.KillAV.rf 1
C:\QooBox\Quarantine\C\WINDOWS\system32\ufaosdce.dll.vir Infected: Trojan.Win32.Monder.mu 1
C:\QooBox\Quarantine\C\WINDOWS\system32\uptaemdc.dll.vir Infected: Trojan.Win32.Monder.mv 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wmsdkns.exe.vir Infected: not-virus:Hoax.Win32.Renos.bvd 1
C:\QooBox\Quarantine\C\WINDOWS\system32\wuilehfv.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xypycwci.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\winself.exe.vir Infected: Trojan.Win32.DNSChanger.cjd 1
C:\QooBox\Quarantine\catchme2008-06-16_182026.70.zip Infected: Rootkit.Win32.Agent.aii 1
C:\QooBox\Quarantine\catchme2008-06-16_182026.70.zip Infected: Trojan.Win32.Agent.gnw 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.Agent.qqn 1
C:\VundoFix Backups\kkonvaba.exe.bad Infected: Trojan.Win32.Agent.aoy 1
C:\VundoFix Backups\vkkiobqp.exe.bad Infected: Trojan.Win32.Agent.aoy 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R8EK0TT\update[1].upd Infected: Trojan.Win32.Agent.gnw 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R8EK0TT\update[2].upd Infected: Trojan.Win32.Agent.gnw 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R8EK0TT\update[3].upd Infected: Rootkit.Win32.Clbd.bj 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R8EK0TT\update[4].upd Infected: Rootkit.Win32.Clbd.bj 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0R8EK0TT\update[5].upd Infected: Rootkit.Win32.Clbd.bj 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\NXQBV2E0\update[1].upd Infected: Trojan-Downloader.Win32.Agent.qji 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TH3U0DSS\1[1].exe Infected: not-a-virus:FraudTool.Win32.AntiSpySpider.c 1
C:\WINDOWS\system32\kexxfbcm.dll Infected: Trojan.Win32.Monder.do 1
C:\WINDOWS\system32\kjclerkv.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\system32\tojhrpni.dll Infected: Trojan.Win32.Monder.gen 1

The selected area was scanned.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:56:55, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users