0

I've read through some of the posts concerning this problem on this site and various others, i have the same problem and have done everything up to the HijackThis to heres my log for it. Help would be greatly appreciated :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:24 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\VundoFix.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\ddccc.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll
O2 - BHO: (no name) - {E1759A31-E627-4758-9562-6899DF36C9C2} - C:\WINDOWS\system32\vtutqol.dll (file missing)
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\pmnmkkl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\xgrxgpgi.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 9435 bytes

3
Contributors
35
Replies
36
Views
9 Years
Discussion Span
Last Post by MoralTerror
0

Hi and welcome to the Daniweb forums :).

Please download ComboFix by sUBs from HERE or HERE

  • Save it to your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields)
  • Click on your START button and choose Run. Then copy/paste the entire content of the following quotebox (Including the "" marks and the Symbols) into the run box.

    "%userprofile%\desktop\ComboFix.exe" /KillAll

  • Click OK and this will start ComboFix.
  • When finished, it will produce a log. Please save that log to a Notepad File and include it in your next reply along with a fresh HJT log.

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

* Re-enable all the programs that were disabled prior to the running of ComboFix.

* Post the following logs/Reports:


  • ComboFix.txt
  • Fresh HijackThis log run after all the other tools have performed their cleanup.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Attachments th_RunBox_KillAll.jpg 10.4 KB
0

Ok here are both logs, Combofix first and Hijackthis second.

ComboFix 08-02-17.2 - Joe 2008-02-17 10:46:48.2 - NTFSx86
Running from: C:\Documents and Settings\Joe\desktop\ComboFix.exe
Command switches used :: /KillAll

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 10:45 7,790 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 15:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.

<pre>
-c--a-w            61,440 2008-01-11 01:25:38  C:\DELL\bldbubg .exe
----a-w            57,344 2008-01-11 01:25:40  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-11 22:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 15:56:38 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 10:54:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 11:05:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 16:05:49
ComboFix2.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 8739 bytes

0

You bump after 2 hours ?? Thanks, you just got me out of bed.
Did you really have to run combofix twice? I wish I had a dollar for every person who failed to follow instructions. It makes it harder for the helper :(.

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

RENV::
-c--a-w 61,440 2008-01-11 01:25:38 C:\DELL\bldbubg .exe
----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe
----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====================

Go into msconfig and enable all startups, apply the settings and ok out. Do not reboot. Do the hijackthis scan after doing that.
Go back into msconfig and change back to how it was and apply the settings and ok out.

====================

Don't bother bumping 'cos I am off to work and will not be home for another 12 hours.

0

Hey sorry for bumping and waking you up :-O this problem has just been annoying me for quite awhile and im anxious to get it fixed. but thank you so much for all the help you have provided so far. Here's the 2 logs you asked for.

ComboFix 08-02-17.2 - Joe 2008-02-17 15:12:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.297 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-17 14:59 9,506 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 20:19 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.

<pre>
----a-w            57,344 2008-01-11 01:25:40  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]
S3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 20:21:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 15:19:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-17 15:30:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 20:30:19
ComboFix2.txt 2008-02-17 16:05:54
ComboFix3.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20, on 2008-02-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 8768 bytes

0

A. Please RUN HijackThis

  1. Click the SCAN button to produce a log.
  2. Place a check mark beside each one of the following items:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)

    O2 - BHO: (no name) - {85594F16-82D4-D770-D545-FA1DF64740E6} - C:\WINDOWS\system32\cdbwufmd.dll (file missing)
    O2 - BHO: (no name) - {95AEAB16-6382-300E-D826-3BE671F50894} - C:\WINDOWS\system32\ndsioc.dll (file missing)
    O2 - BHO: {2a73dddb-2507-51aa-adf4-d8d35a365f5c} - {c5f563a5-3d8d-4fda-aa15-7052bddd37a2} - C:\WINDOWS\system32\uefhmbhl.dll (file missing)
    O2 - BHO: (no name) - {EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB} - C:\WINDOWS\system32\ddccc.dll (file missing)
    O2 - BHO: (no name) - {F53C2057-5043-4E19-97E8-11B918C1958A} - C:\WINDOWS\system32\mlljj.dll (file missing)

    O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
    O4 - HKLM\..\Run: [sysmtd32] C:\WINDOWS\system32\sysmtd32.exe
    O4 - HKLM\..\Run: [300e90f6] rundll32.exe "C:\WINDOWS\system32\juehpgae.dll",b
    O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
    O4 - HKCU\..\Run: [Ajcfo] "C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe"

    O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

    O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll (file missing)
    O20 - Winlogon Notify: pmnmkkl - pmnmkkl.dll (file missing)
    O20 - Winlogon Notify: vtutqol - vtutqol.dll (file missing)
    O20 - Winlogon Notify: zavhuwbp - zavhuwbp.dll (file missing)

  3. Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

B. 1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
C:\WINDOWS\system32\juehpgae.dll
C:\WINDOWS\system32\sysmtd32.exe
Folder::
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk

RENV::
----a-w 57,344 2008-01-11 01:25:40 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w 67,160 2008-01-12 02:49:12 C:\Program Files\AIM\aim .exe
----a-w 50,760 2008-01-11 01:25:38 C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w 124,520 2008-01-11 01:25:50 C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w 110,592 2008-01-11 01:25:38 C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w 67,184 2008-01-11 01:25:50 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 204,800 2008-01-11 01:25:28 C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w 270,336 2008-01-11 01:25:38 C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w 221,184 2008-01-11 01:25:27 C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w 267,048 2008-01-11 01:26:13 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 217,088 2008-01-11 01:26:01 C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w 286,720 2008-01-11 01:26:03 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:28 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:29 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:31 C:\Program Files\QuickTime\QTTask .exe
----a-w 286,720 2008-01-12 05:27:32 C:\Program Files\QuickTime\QTTask .exe
----a-w 120,640 2008-01-11 01:25:51 C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w 28,672 2008-01-11 01:25:27 C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w 114,688 2008-01-11 01:26:03 C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w 155,648 2008-01-11 01:26:07 C:\WINDOWS\SYSTEM32\igfxtray .exe

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please re-enable all the programs that were disabled during the running of ComboFix then post the following reports/logs into your next reply:

  • Combofix.txt
  • A new HijackThis log.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

ComboFix 08-02-17.2 - Joe 2008-02-18 0:18:13.4 - NTFSx86

Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\juehpgae.dll
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\system32\sysmtd32.exe
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-18 00:01 12,293 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 05:25 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 01:26 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-11 01:26 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-07 14:37 3,059,200 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 13:07 18,432 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

<pre>
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"="C:\WINDOWS\system32\??erinit.exe" [2004-08-04 02:56 24576]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"I/O Controllers"="svcnet.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"q76g3EW"="p2pxpph(3).exe" []
"Preview AdService"="C:\Program Files\Preview AdService\PrevAdServ.exe" [ ]
"pqx"="C:\WINDOWS\pqx.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"g396di86"="C:\WINDOWS\system32\g396di86.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-18 05:28:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 00:26:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 0:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 05:37:09
ComboFix2.txt 2008-02-17 20:30:24
ComboFix3.txt 2008-02-17 16:05:54
ComboFix4.txt 2008-02-17 04:15:26
.
2008-02-14 21:16:39 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:56, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [q76g3EW] p2pxpph(3).exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [pqx] C:\WINDOWS\pqx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g396di86] C:\WINDOWS\system32\g396di86.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Tkgtp] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 7784 bytes

0

My apologies. My Internet went down for a while :(.

==

Can you do the following;

Click Start > Run and type

C:\qoobox\ComboFix4.txt


Post the contents of ComboFix4.txt

==

Go here and do a scan and post back the results here please.

0

ComboFix 08-02-17.2 - Joe 2008-02-16 22:57:50.1 - NTFSx86
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Starware
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafe.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\cursorcafeA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\games.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\gamesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\moviesA.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\recipes_over.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Joe\Application Data\ASKS~1
C:\Documents and Settings\Joe\Application Data\FNTS~1
C:\Documents and Settings\Joe\Application Data\ICROSO~1.NET
C:\Documents and Settings\Joe\Application Data\PPATCH~1
C:\Documents and Settings\Joe\Application Data\STEM~1
C:\Documents and Settings\Joe\Application Data\YSTEM3~1
C:\Program Files\asks~1
C:\Program Files\Common Files\stem~1
C:\Program Files\Common Files\Yazzle1560OinUninstaller.exe
C:\Program Files\curity~1
C:\Program Files\inetget2
C:\Program Files\kernel
C:\Program Files\kernel\kernel.exe
C:\Program Files\MyWay
C:\Program Files\Router
C:\Program Files\Temporary
C:\Temp\isgTi19
C:\WINDOWS\b122.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1
C:\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\sstem3~1
C:\WINDOWS\system32\appatc~1
C:\WINDOWS\system32\asembl~1
C:\WINDOWS\SYSTEM32\cbtkxhfa.ini
C:\WINDOWS\SYSTEM32\cccdd.ini
C:\WINDOWS\SYSTEM32\cccdd.ini2
C:\WINDOWS\SYSTEM32\eagpheuj.ini
C:\WINDOWS\SYSTEM32\jjllm.ini
C:\WINDOWS\SYSTEM32\jjllm.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\SYSTEM32\ootynvak.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\SYSTEM32\qkumdjnn.ini
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\wcptr.exe
C:\WINDOWS\system32\zavhuwbp.dllbox

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-16 14:11 . 2008-02-16 14:56 <DIR> d----c--- C:\VundoFix Backups
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-16 23:11 6,567 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-07 06:55 . 2008-02-07 06:55 <DIR> d-------- C:\Program Files\Drmupgds
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP
2008-01-20 10:56 . 2008-01-20 10:56 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 04:06 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2006-03-06 12:56 567,958 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak1
2006-03-07 12:57 569,769 --sha-w C:\WINDOWS\SYSTEM32\qtutv.bak2
2006-03-07 20:25 572,447 --sha-w C:\WINDOWS\SYSTEM32\qtutv.ini2
2006-07-31 07:02 1,270,079 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak1
2006-07-31 20:18 1,097,190 --sha-w C:\WINDOWS\SYSTEM32\vyadd.bak2
2006-08-01 18:06 1,104,698 --sha-w C:\WINDOWS\SYSTEM32\vyadd.ini2
2005-07-29 21:24 472 --sha-r C:\WINDOWS\V2FsdGVyIEJyYWluZXJk\pZIPx3pVKHLVsq5RtrL4.vbs
.

<pre>
-c--a-w            61,440 2008-01-11 01:25:38  C:\DELL\bldbubg .exe
----a-w            57,344 2008-01-11 01:25:40  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy .exe
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85594F16-82D4-D770-D545-FA1DF64740E6}]
C:\WINDOWS\system32\cdbwufmd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95AEAB16-6382-300E-D826-3BE671F50894}]
C:\WINDOWS\system32\ndsioc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5f563a5-3d8d-4fda-aa15-7052bddd37a2}]
C:\WINDOWS\system32\uefhmbhl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EF09D2D8-F92D-4B4D-BA44-0B4061C84DEB}]
C:\WINDOWS\system32\ddccc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F53C2057-5043-4E19-97E8-11B918C1958A}]
C:\WINDOWS\system32\mlljj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Ajcfo"="C:\Documents and Settings\Joe\Application Data\?icrosoft.NET\s?chost.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-11 22:25 61440]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"AOL Messenger"="aolmsngr.exe" []
"sysmtd32"="C:\WINDOWS\system32\sysmtd32.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-11 22:25 57344]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"300e90f6"="C:\WINDOWS\system32\juehpgae.dll" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"AOL Messenger"="aolmsngr.exe" []
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddayv]
C:\WINDOWS\system32\ddayv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkkl]
pmnmkkl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutqol]
vtutqol.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zavhuwbp]
zavhuwbp.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
C:\Program Files\AdTools Service\AdTools.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aida]
C:\Program Files\rdso\eetu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a--c--- 2004-03-15 01:04 122933 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\g396di86]
C:\WINDOWS\system32\g396di86.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-01-11 22:25 114688 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\I/O Controllers]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Messenger]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-01-11 22:25 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pqx]
C:\WINDOWS\pqx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
C:\Program Files\Preview AdService\PrevAdServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\q76g3EW]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tkgtp]
--a------ 2004-08-04 02:56 24576 C:\WINDOWS\system32\??erinit.exe

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-12 04:30:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-17 03:47:16 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-17 04:09:31 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-16 23:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
AOL Messenger = aolmsngr.exe?
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-16 23:15:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-17 04:15:20
.
2008-02-14 21:16:39 --- E O F ---

0

sorry about that i didnt see that part but im running it right now...its scanning Critical Areas? was that the right one to do? I'll get back to you when it's done.

0

KASPERSKY ONLINE SCANNER REPORT
2008-02-19 18:06
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 574000
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Joe\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 24253
Number of viruses found 3
Number of infected objects 3
Number of suspicious objects 0
Duration of the scan process 00:37:13

Infected Object Name Virus Name Last Action
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{633FD7EF-E04A-4494-8035-5A5934CD1D19}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.


not sure if this is what you wanted but this is what i got

0

sorry about that i didnt see that part but im running it right now...its scanning Critical Areas? was that the right one to do? I'll get back to you when it's done.

No. You need to have it scan My Computer :).

0

KASPERSKY ONLINE SCANNER REPORT
2008-02-20 18:32
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/02/2008
Kaspersky Anti-Virus database records: 574000
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 70319
Number of viruses found 44
Number of infected objects 389
Number of suspicious objects 0
Duration of the scan process 01:21:41

Infected Object Name Virus Name Last Action
C:\d3301012839f3d1b6f75e6d8\$shtdwn$.req Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\Eula.txt Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spcustom.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spmsg.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\spuninst.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\common\update.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\sysmain.sdb Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\KB824141.cat Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\update.inf Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\update\update.ver Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\user32.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp1\win32k.sys Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\spmsg.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\spuninst.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\eula.txt Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\KB824141.cat Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\spcustom.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.exe Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.inf Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\update\update.ver Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\user32.dll Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\sp2\win32k.sys Object is locked skipped
C:\d3301012839f3d1b6f75e6d8\xpsp1hfm.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f855871738f6d01033cc34126549a7_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce389825b659e3a42a3efa93cc41e364_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02092008-223834.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00BC0005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0000.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0001.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0003.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0004.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0005.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0006.VBN Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0007.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0008.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C0009.VBN Infected: Trojan-Downloader.Win32.VB.cgu skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\080C000C.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08400006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08740009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040000.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040001.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040002.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040004.VBN Infected: Trojan-Downloader.Win32.VB.chy skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040005.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09040006.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000B.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000C.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000D.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0904000E.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180000.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180001.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180002.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180003.VBN Infected: not-virus:Hoax.Win32.Renos.aun skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180004.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180005.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN/mrofinu.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180006.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN/mrofinu.exe Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180007.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000C.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000D.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000E.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918000F.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180010.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180011.VBN Infected: Trojan-Downloader.Win32.Agent.idv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180012.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180013.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180015.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180016.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180017.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001A.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001B.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001D.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001E.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0918001F.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180020.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09180021.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300002.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300003.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300004.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300005.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300006.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300007.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300008.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300009.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000A.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000C.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000D.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000E.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0930000F.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300010.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300011.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300012.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300013.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300014.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300015.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09300016.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80000.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80002.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80003.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80004.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09E80005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0001.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0003.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0005.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0007.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0008.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C0009.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000A.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000B.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000C.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A6C000D.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B8C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B980000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA40000.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BA40001.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BC40000.VBN Infected: Trojan-Spy.Win32.VBStat.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BF40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C040000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C0C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB80000.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CB80001.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40001.VBN Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD80000.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.ba skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN/b151.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440004.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN/b151.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D440005.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000A.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000B.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000C.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D44000D.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DB40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80002.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80004.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80006.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80007.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80008.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80009.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000A.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000B.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000C.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000D.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD8000E.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80010.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DD80012.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0000.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0001.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0002.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0003.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0004.VBN Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0005.VBN Infected: Backdoor.Win32.Agent.dbm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C000F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0010.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0011.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0012.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0013.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0015.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0016.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E1C0017.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700002.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700003.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700004.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700005.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700006.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700007.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700008.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700009.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70000F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700010.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700011.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700012.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700013.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700014.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700015.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700016.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700017.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700018.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700019.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001B.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001C.VBN Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001D.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70001F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700020.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700021.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700022.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700023.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700024.VBN Infected: Trojan-Downloader.Win32.Delf.dlk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700025.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700026.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700027.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700028.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700029.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70002F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700030.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700031.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700032.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700033.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700034.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700035.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700036.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700037.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700038.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700039.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70003F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700040.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700041.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700042.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700043.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700044.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700045.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700046.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700047.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700048.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700049.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004B.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004D.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004E.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70004F.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700050.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700051.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700052.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700053.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700054.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700055.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700056.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700057.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700058.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700059.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005A.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005B.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005C.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70005F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700060.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700061.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700062.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700063.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700064.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700065.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700066.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700067.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700068.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700069.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006A.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.gl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006B.VBN Infected: Trojan-Downloader.Win32.PurityScan.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006C.VBN Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006D.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006E.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E70006F.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700070.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700071.VBN Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700072.VBN Infected: Trojan-Downloader.Win32.Agent.gdi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700073.VBN Infected: Trojan-Downloader.Win32.Delf.dlk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700074.VBN Infected: Trojan-Downloader.Win32.Agent.ezc skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700075.VBN Infected: Trojan-Downloader.Win32.Agent.fjn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700076.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700077.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700078.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E700079.VBN Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80000.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EE80001.VBN Infected: Trojan-Downloader.Java.OpenStream.y skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F000000.VBN Infected: Trojan.Win32.Agent.ny skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380000.VBN Infected: Trojan-Downloader.Win32.Agent.iug skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F380004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FC40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FD00001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0000.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0001.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0002.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0003.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0004.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0005.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0006.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0007.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0008.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC0009.VBN Infected: Trojan.Win32.Crypt.t skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC000A.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FDC000B.VBN Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00002.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00003.VBN Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00004.VBN Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00005.VBN Infected: Trojan.Win32.Zapchast.dt skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00007.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FF00008.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\137C0001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\AlbumArt_{79D3A434-2D93-4194-AD18-F79744B5CF43}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\joey.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\kaylin.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\NONAME.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Search Results.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Send To Playlist.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArtSmall.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{08115859-E625-4BCD-83A8-57E01873B42F}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Large.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\AlbumArt_{EFFDEB51-C913-4EE1-8B2A-C80112057955}_Small.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Folder.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- 4 and 5 star rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Have not heard recently.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to late at night.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to on Weekdays.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- Listen to on Weekends.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- One Audio CD worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Favorites -- One Data CD-R worth.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks -- yet to be played.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks -- yet to be rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Fresh tracks.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\High bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Low bitrate media in my library.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks I dislike.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks I have not rated.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\001A45A5\Music tracks with content protection.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\01_Music_auto_rated_at_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\02_Music_added_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\03_Music_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\04_Music_played_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\05_Pictures_taken_in_the_last_month.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\06_Pictures_rated_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\07_TV_recorded_in_the_last_week.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\08_Video_rated_at_4_or_5_stars.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\09_Music_played_the_most.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\10_All_Music.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\11_All_Pictures.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0029460A\12_All_Video.wpl Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\PhotoShoot.mpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Photoshoot.mpg.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 1.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 1.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 2.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 2.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 3.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 3.scn Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 4.avi Object is locked skipped
C:\Documents and Settings\All Users\Documents\Pinnacle Studio\Captured Video\Video 4.scn Object is locked skipped
C:\Documents and Settings\Joe\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\cert8.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\history.dat Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\key3.db Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\parent.lock Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Mozilla\Firefox\Profiles\w0ogmrhf.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Joe\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 17:21:03 GMT]/maryteen.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx/[From marco@comcast.net][Date Fri, 29 Oct 2004 19:29:37 GMT]/pic45.scr Infected: Backdoor.Win32.Loony.m skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx/[From zkcghq@midsouth.rr.com][Date Thu, 23 Dec 2004 01:12:50 GMT]/MasterbatingSis9.scr Infected: Backdoor.Win32.Hackarmy.gen skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Downloads\JEOPARDY!_Setup-dm[1].exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\Program Files\Drmupgds\Drmupgds.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1560OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\Program Files\kernel\kernel.exe.vir Infected: Trojan-Downloader.Win32.Adload.pn skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.i skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP11\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gsda.dll Infected: not-a-virus:Downloader.Win32.SpyGame skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

0

Open notepad and copy/paste the text in the codebox below into it:

regedit /a look2.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons" 
start notepad look2.txt

Save this as look.bat Choose to "Save type as - All Files"
It should look like this: http://i230.photobucket.com/albums/e...or/tsf/bat.gif
Double click on look.bat & allow it to run

=================

Did you run any scanners or anti malware tools before posting here?
Do you still have the red 'X' icon?

=================

Get rid of all these emails;

C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx/[From mickyletts@yahoo.com][Date Wed, 28 Dec 2005 17:21:03 GMT]/maryteen.wmv Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.bainaries.pictures.erotica.lolita.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx/[From marco@comcast.net][Date Fri, 29 Oct 2004 19:29:37 GMT]/pic45.scr Infected: Backdoor.Win32.Loony.m skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.binaries.erotica.pictures.cheerleaders.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx/[From zkcghq@midsouth.rr.com][Date Thu, 23 Dec 2004 01:12:50 GMT]/MasterbatingSis9.scr Infected: Backdoor.Win32.Hackarmy.gen skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\alt.sex.masterbation.pictures.female.teen.dbx Mail MS Outlook 5: infected

================

1. Please open Notepad

  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2

Folder::
C:\Program Files\Drmupgds
C:\VundoFix Backups
C:\WINDOWS\V2FsdGVyIEJyYWluZXJk

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt
  • A new HijackThis log.

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

No i dont recall running any other things and the red X is still there. Did you want the Look2 text? if so im posting it at the bottom.

ComboFix 08-02-17.2 - Joe 2008-02-21 9:56:56.5 - NTFSx86

Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini
C:\WINDOWS\SYSTEM32\qtutv.bak1
C:\WINDOWS\SYSTEM32\qtutv.bak2
C:\WINDOWS\SYSTEM32\qtutv.ini2
C:\WINDOWS\SYSTEM32\vyadd.bak1
C:\WINDOWS\SYSTEM32\vyadd.bak2
C:\WINDOWS\SYSTEM32\vyadd.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Downloads\JEOPARDY!_Setup-dm[1].exe
C:\Program Files\Drmupgds
C:\Program Files\Drmupgds\Drmupgds.exe
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\WINDOWS\Downloaded Program Files\gsda.dll
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\WINDOWS\SYSTEM32\8mqq5l1p.ini

.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.

2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 16:22 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-02-19 16:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-19 16:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-19 16:22 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-02-19 16:22 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-02-19 16:22 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-02-19 16:22 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-02-19 16:22 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-02-19 16:22 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:12 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-19 16:54 14,867 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 15:04 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:27 --------- d-----w C:\Program Files\AIM
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 01:26 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray .exe
2008-01-11 01:26 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd .exe
2008-01-11 01:26 --------- d-----w C:\Program Files\QuickTime
2008-01-11 01:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry .exe
2008-01-11 01:24 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-11 01:24 --------- d-----w C:\Program Files\iTunes
2008-01-11 01:24 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-01-11 01:24 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

<pre>
----a-w            67,160 2008-01-12 02:49:12  C:\Program Files\AIM\aim .exe
----a-w            50,760 2008-01-11 01:25:38  C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
----a-w           124,520 2008-01-11 01:25:50  C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
----a-w           110,592 2008-01-11 01:25:38  C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
----a-w            67,184 2008-01-11 01:25:50  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           204,800 2008-01-11 01:25:28  C:\Program Files\Dell\Media Experience\PCMService .exe
----a-w           270,336 2008-01-11 01:25:38  C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
----a-w           221,184 2008-01-11 01:25:27  C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
----a-w           267,048 2008-01-11 01:26:13  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           217,088 2008-01-11 01:26:01  C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w           286,720 2008-01-11 01:26:03  C:\Program Files\QuickTime\QTTask     .exe
----a-w           286,720 2008-01-12 05:27:28  C:\Program Files\QuickTime\QTTask    .exe
----a-w           286,720 2008-01-12 05:27:29  C:\Program Files\QuickTime\QTTask   .exe
----a-w           286,720 2008-01-12 05:27:31  C:\Program Files\QuickTime\QTTask  .exe
----a-w           286,720 2008-01-12 05:27:32  C:\Program Files\QuickTime\QTTask .exe
----a-w           120,640 2008-01-11 01:25:51  C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w            28,672 2008-01-11 01:25:27  C:\WINDOWS\SYSTEM32\DSentry .exe
----a-w           114,688 2008-01-11 01:26:03  C:\WINDOWS\SYSTEM32\hkcmd .exe
----a-w           155,648 2008-01-11 01:26:07  C:\WINDOWS\SYSTEM32\igfxtray .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"="C:\WINDOWS\system32\??erinit.exe" [2004-08-04 02:56 24576]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"I/O Controllers"="svcnet.exe" []
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2008-01-11 22:25 120640]
"URLLSTCK.exe"="C:\Program Files\Norton Internet Security\UrlLstCk.exe" [ ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [2008-01-10 20:26 286720]
"q76g3EW"="p2pxpph(3).exe" []
"Preview AdService"="C:\Program Files\Preview AdService\PrevAdServ.exe" [ ]
"pqx"="C:\WINDOWS\pqx.exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"g396di86"="C:\WINDOWS\system32\g396di86.exe" [ ]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-11 22:25 67184]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"AdTools Service"="C:\Program Files\AdTools Service\AdTools.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]
"AceGain LiveUpdate"="C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DP1112;DP1112;C:\WINDOWS\system32\Drivers\DP.sys []
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 04:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-21 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-21 15:07:07 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 10:03:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-21 10:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 15:13:36
ComboFix2.txt 2008-02-18 05:37:20
ComboFix3.txt 2008-02-17 20:30:24
ComboFix4.txt 2008-02-17 16:05:54
ComboFix5.txt 2008-02-17 04:15:26
.
2008-02-20 08:01:52 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17, on 2008-02-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [q76g3EW] p2pxpph(3).exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [pqx] C:\WINDOWS\pqx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [g396di86] C:\WINDOWS\system32\g396di86.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Tkgtp] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 8847 bytes


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\c\DefaultIcon]
@="%SystemRoot%\\system32\\shell32.dll,131"

0

Hi Serakus

I'm afraid crunchie has fallen ill and he has asked me to continue with your fix until he is feeling better.

@crunchie get well soon

Please use Symantec's guide to remove the Norton Quarantine files.

---------------------------------------

Some of your programs have been infected with a file infector, while the necessary repairs have been done it may be wise to uninstall/reinstall your Norton AntiVirus to ensure full functionality.

---------------------------------------

Scan with HijackThis and check the following entries (If they still exist)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

Remember to close all other windows and click Fix Checked

---------------------------------------

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:



RenV::
C:\Program Files\QuickTime\QTTask .exe
File::
C:\WINDOWS\system32\??erinit.exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Symantec AntiVirus\VPTray .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
C:\Program Files\Microsoft IntelliPoint\point32 .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
C:\Program Files\AIM\aim .exe
Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tkgtp"=-
Router"=-
"I/O Controllers"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"URLLSTCK.exe"=-
"q76g3EW"=-
"Preview AdService"=-
"pqx"=-
"g396di86"=-
"AdTools Service"=-
"AceGain LiveUpdate"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons]
Driver::
DP1112
"Viewpoint Manager Service"



Save this asCFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at"C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------
Please go to the following link ESET Online Scanner Link
Tick the box YES, I accept the Terms Of Use
Click the Start button
Now click the Install button
Click Start

The scanner engine will initialise and update
Do Not tick the box Remove found threats
Click the Scan button

The scan will now run, please be patient
When the scan finishes click the Details tab
Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

---------------------------------------
Required Logs

c:\ComboFix.txt
%ProgramFiles%\EsetOnlineScanner\log.txt
new HijackThis log <<< taken after the online scan

Please also provide an update on system behaviour

Attachments CFScript.gif 27.09 KB
0

lost track of the combofix log the first time so i ran it again, sorry it that made things harder :X but thanks for the help


ComboFix 08-02-17.2 - Joe 2008-02-23 19:55:42.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.189 [GMT -5:00]
Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Joe\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Program Files\AIM\aim .exe
C:\Program Files\Common Files\AOL\1124400053\ee\AOLSoftware .exe
C:\Program Files\Common Files\AOL\IPHSend\IPHSend .exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr .exe
C:\Program Files\Dell\Media Experience\PCMService .exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Microsoft IntelliPoint\point32 .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\QuickTime\QTTask .exe
C:\Program Files\Symantec AntiVirus\VPTray .exe
C:\WINDOWS\SYSTEM32\DSentry .exe
C:\WINDOWS\SYSTEM32\hkcmd .exe
C:\WINDOWS\SYSTEM32\igfxtray .exe
.

((((((((((((((((((((((((( Files Created from 2008-01-24 to 2008-02-24 )))))))))))))))))))))))))))))))
.

2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 16:22 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-02-19 16:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-19 16:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-19 16:22 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-02-19 16:22 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-02-19 16:22 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-02-19 16:22 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-02-19 16:22 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-02-19 16:22 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-23 12:14 17,013 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 16:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-23 16:59 --------- d-----w C:\Program Files\QuickTime
2008-02-23 16:59 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-23 16:59 --------- d-----w C:\Program Files\iTunes
2008-02-23 16:59 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-02-23 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-23 16:59 --------- d-----w C:\Program Files\AIM
2008-02-23 16:45 --------- d-----w C:\Program Files\Symantec
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-19 23:01 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 01:07 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-12-07 01:07 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-12-07 01:07 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-12-07 01:07 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-12-07 01:07 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Router"="C:\Program Files\Router\Router.exe" [ ]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask .exe" [ ]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-19 04:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-23 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-23 17:07:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 19:59:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 20:00:50
ComboFix-quarantined-files.txt 2008-02-24 01:00:16
ComboFix2.txt 2008-02-23 17:11:42
ComboFix3.txt 2008-02-21 15:13:41
ComboFix4.txt 2008-02-18 05:37:20
ComboFix5.txt 2008-02-17 20:30:24
.
2008-02-20 08:01:52 --- E O F ---


# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2898 (20080223)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=ffd5718a86cd0949acbd8e94dd525ad1
# end=finished
# remove_checked=false
# unwanted_checked=false
# utc_time=2008-02-24 02:06:35
# local_time=2008-02-23 09:06:35 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=202534
# found=3
# scan_time=2804
C:\QooBox\Quarantine\C\Program Files\kernel\kernel.exe.vir probably a variant of Win32/TrojanDownloader.Adload trojan 45CC09A9CB8E638D4D6C664626DB323C
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\gsda.dll.vir Win32/TrojanDownloader.SpyGame.A trojan 5EE65B9EC52620265673154EA2B9E5DD
C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\USYP_0001_N76M2004NetInstaller.exe.vir a variant of Win32/Adware.WinFixer application 3B0670B768E9F517694BA24E5223D7EB

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:12, on 2008-02-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 6792 bytes

0

Hi Serakus

Scan with HijackThis and check the following entries (If they still exist) (make sure not to miss any)

O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe

Remember to close all other windows and click Fix Checked

--------------------------------------------

Open notepad and copy/paste the text in the quotebox below into it:



@echo off
dir /S /C C:\Qoobox\Quarantine\C\Program Files\QuickTime >> C:\peek.txt
start notepad C:\peek.txt


Save this as"peek.bat" (with the quotes ""). It should look like this


Double-click look.bat to run it and post the resulting peek.txt

--------------------------------------------

Please post peek.txt along with a new HijackThis log and an update on system behaviour.

Attachments bat.gif 1.82 KB
0

oki did the peek bat thing, only problem is when i click to run it, i get an empty notepad and also the Red X is gone from my harddrive

0

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:00, on 2008-02-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\AOL\1124400053\ee\aolsoftware.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [ICQ Messenger] ICQLite.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\RunServices: [ICQ Messenger] ICQLite.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://24.123.151.50:8081/VatDec.cab
O16 - DPF: {226ACC34-3194-40E2-9AE8-834FCFE9E80D} (CPlayFirstmsiControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-mystery-of-shark-island/MysteryOfSharkIslandWeb.1.0.0.8.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.8.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: (no name) - http://www.thefirst4.com/images/algonquin_cup.jpg

--
End of file - 6647 bytes

0

Hi Serakus

Sorry about that there was a slight syntax error in the peek.bat. Please run it again using the code below.

Open notepad and copy/paste the text in the quotebox below into it:

@echo off
delete C:\peek.txt
dir /S /C "C:\Qoobox\Quarantine\C\Program Files\QuickTime" >> C:\peek.txt
start notepad C:\peek.txt

Save this as "peek.bat" (with the quotes ""). It should look like this [ATTACH]5228[/ATTACH]

Double-click look.bat to run it and post the resulting peek.txt

--------------------------------------------

Please post the new peek.txt

0

Volume in drive C has no label.
Volume Serial Number is 300E-9059

Directory of C:\Qoobox\Quarantine\C\Program Files\QuickTime

2008-02-23 11:59 <DIR> .
2008-02-23 11:59 <DIR> ..
2008-01-12 00:27 286,720 QTTask .exe.vir
2008-01-12 00:27 286,720 QTTask .exe.vir
2008-01-12 00:27 286,720 QTTask .exe.vir
2008-01-12 00:27 286,720 QTTask .exe.vir
4 File(s) 1,146,880 bytes

Total Files Listed:
4 File(s) 1,146,880 bytes
2 Dir(s) 48,358,752,256 bytes free

0

Hi Serakus

Please attach C:\peek.txt the forum software interferes with it's format. To attach a file click on the PaperClip icon then using the new window browse to the file and click upload. When you return to the post composition page place the cursor in the text box then click the PaperClip again and select the file you just uploaded.

0

<a href="/images/attachments/1/peek.txt">peek.txt</a>

Attachments
Volume in drive C has no label.
 Volume Serial Number is 300E-9059

 Directory of C:\Qoobox\Quarantine\C\Program Files\QuickTime

2008-02-23  11:59    <DIR>          .
2008-02-23  11:59    <DIR>          ..
2008-01-12  00:27           286,720 QTTask    .exe.vir
2008-01-12  00:27           286,720 QTTask   .exe.vir
2008-01-12  00:27           286,720 QTTask  .exe.vir
2008-01-12  00:27           286,720 QTTask .exe.vir
               4 File(s)      1,146,880 bytes

     Total Files Listed:
               4 File(s)      1,146,880 bytes
               2 Dir(s)  48,358,752,256 bytes free
0

Hi Serakus

Open notepad and copy/paste the text in the quotebox below into it:



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe



Save this as"fix.reg" (with the quotes ""). It should look like this


Double click on fix.reg then select 'Yes' to allow it to merge into the registry. You can delete fix.reg afterwards.

--------------------------------------------------

Run a new scan with ComboFix by double-clicking ComboFix.exe and post the resultingC:\ComboFix.txt

--------------------------------------------------

How is the computer running now?

Attachments REG.jpg 1.66 KB
0

ComboFix 08-02-17.2 - Joe 2008-02-26 19:21:29.8 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.246 [GMT -5:00]Running from: C:\Documents and Settings\Joe\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-23 20:12 . 2008-02-23 20:17 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-19 16:52 . 2008-02-19 16:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-19 16:22 . 2007-12-06 21:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-02-19 16:22 . 2007-06-30 22:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-02-19 16:22 . 2007-06-30 22:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-02-19 16:22 . 2007-12-06 21:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-02-19 16:22 . 2007-12-06 21:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-02-19 16:22 . 2007-12-06 21:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-02-19 16:22 . 2007-12-06 21:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-02-19 16:22 . 2007-12-06 21:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-02-19 16:22 . 2007-12-06 06:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-02-16 22:47 . 2008-02-16 22:47 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\ErrorKiller
2008-02-16 22:46 . 2008-02-16 22:51 <DIR> d-------- C:\Program Files\ErrorKiller
2008-02-11 19:17 . 2008-02-11 19:17 <DIR> d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-02-11 19:11 . 2008-02-11 19:12 <DIR> d-------- C:\Program Files\AIM6
2008-02-11 19:11 . 2008-02-11 19:14 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-11 18:30 . 2004-08-04 03:56 116,224 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwiadr.dll
2008-02-11 18:30 . 2001-08-17 22:37 99,865 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xlog.exe
2008-02-11 18:30 . 2001-08-17 22:37 27,648 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxftplt.exe
2008-02-11 18:30 . 2001-08-17 22:36 23,040 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxwbtmp.dll
2008-02-11 18:30 . 2001-08-17 22:36 17,408 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxscnui.dll
2008-02-11 18:30 . 2001-08-17 12:11 16,970 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xem336n5.sys
2008-02-11 18:30 . 2004-08-04 03:56 8,192 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\wshirda.dll
2008-02-11 18:30 . 2001-08-17 22:37 4,608 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\xrxflnch.exe
2008-02-11 18:28 . 2001-08-17 22:36 525,568 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\tridxp.dll
2008-02-11 18:27 . 2001-08-17 22:36 495,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\sblfx.dll
2008-02-11 18:26 . 2001-08-17 13:28 899,146 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\r2mdkxga.sys
2008-02-11 18:25 . 2001-08-17 14:05 351,616 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ovcodek2.sys
2008-02-11 18:24 . 2002-08-29 05:00 1,875,968 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\msir3jp.lex
2008-02-11 18:23 . 2002-08-29 05:00 1,158,818 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\korwbrkr.lex
2008-02-11 18:22 . 2002-08-29 05:00 471,102 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\imskdic.dll
2008-02-11 18:21 . 2002-08-29 05:00 13,463,552 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\hwxjpn.dll
2008-02-11 18:20 . 2001-08-17 14:56 1,733,120 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\g400d.dll
2008-02-11 18:19 . 2001-08-17 13:28 634,134 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\el656ct5.sys
2008-02-11 18:18 . 2001-08-17 12:20 334,208 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\ds1wdm.sys
2008-02-11 18:18 . 2004-08-04 01:58 207,360 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4.sys
2008-02-11 18:18 . 2001-08-17 12:11 29,696 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dm9pci5.sys
2008-02-11 18:18 . 2001-08-17 12:12 28,062 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dp83820.sys
2008-02-11 18:18 . 2001-08-17 13:47 23,808 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4usb.sys
2008-02-11 18:18 . 2004-08-04 03:56 20,992 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dshowext.ax
2008-02-11 18:18 . 2001-08-17 13:47 12,928 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4prt.sys
2008-02-11 18:18 . 2001-08-17 13:47 8,704 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\dot4scan.sys
2008-02-11 18:16 . 2002-08-29 05:00 1,677,824 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\chsbrkr.dll
2008-02-11 18:15 . 2001-08-17 13:28 871,388 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\bcmdm.sys
2008-02-11 18:14 . 2001-08-17 14:56 66,048 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\s3legacy.dll
2008-02-11 09:40 . 2008-02-11 09:40 2,715,648 --a------ C:\WINDOWS\SYSTEM32\OnlineScanner.ocx
2008-02-11 09:39 . 2008-02-11 09:39 253,952 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerDLLA.dll
2008-02-11 09:39 . 2008-02-11 09:39 237,568 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerDLLW.dll
2008-02-10 21:41 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\SYSTEM32\d3dx9_26.dll
2008-02-10 21:12 . 2008-02-25 19:25 19,228 --a--c--- C:\logfile
2008-02-10 21:02 . 2008-02-10 21:02 <DIR> d-------- C:\Program Files\Disney
2008-02-09 22:38 . 2008-02-09 22:38 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-08 13:53 . 2008-02-08 13:53 110,592 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerLang.dll
2008-02-05 08:48 . 2008-02-05 08:48 77,824 --a------ C:\WINDOWS\SYSTEM32\OnlineScannerUninstaller.exe
2008-02-03 23:37 . 2008-02-03 23:37 <DIR> d-------- C:\Program Files\WinSCP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 16:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-23 16:59 --------- d-----w C:\Program Files\QuickTime
2008-02-23 16:59 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-02-23 16:59 --------- d-----w C:\Program Files\iTunes
2008-02-23 16:59 --------- d-----w C:\Program Files\Dell AIO Printer A920
2008-02-23 16:59 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-23 16:59 --------- d-----w C:\Program Files\AIM
2008-02-23 16:45 --------- d-----w C:\Program Files\Symantec
2008-02-12 00:12 --------- dc----w C:\Documents and Settings\All Users\Application Data\AOL
2008-02-12 00:06 --------- d-----w C:\Program Files\VideoLAN
2008-02-11 23:26 --------- d-----w C:\Documents and Settings\Joe\Application Data\Aim
2008-02-09 23:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 01:56 --------- d-----w C:\Documents and Settings\Joe\Application Data\AdobeUM
2008-01-27 05:31 --------- d-----w C:\Program Files\DivX
2008-01-20 15:56 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-20 15:55 348,160 ----a-w C:\WINDOWS\SYSTEM32\msvcr71.dll
2008-01-20 15:55 --------- d-----w C:\Program Files\Real
2008-01-20 15:55 --------- d-----w C:\Program Files\Common Files\Real
2008-01-15 23:19 --------- d-----w C:\Documents and Settings\Joe\Application Data\vlc
2008-01-12 03:25 28,672 ----a-w C:\WINDOWS\SYSTEM32\DSentry.exe
2008-01-12 03:25 155,648 ----a-w C:\WINDOWS\SYSTEM32\igfxtray.exe
2008-01-12 03:25 114,688 ----a-w C:\WINDOWS\SYSTEM32\hkcmd.exe
2008-01-11 05:53 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-08 03:37 --------- d-----w C:\Documents and Settings\Joe\Application Data\Apple Computer
2008-01-08 03:26 --------- d-----w C:\Program Files\Google
2008-01-08 03:21 --------- d-----w C:\Program Files\iPod
2008-01-08 01:58 --------- d-----w C:\Program Files\Full Tilt Poker
2008-01-08 01:55 --------- d-----w C:\Program Files\AIM+
2008-01-08 01:42 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 01:17 --------- d-----w C:\Program Files\Analog Devices
2007-12-19 23:01 347,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-08 15:51 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-07 01:07 474,112 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shlwapi.dll
2007-12-07 01:07 151,040 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdfview.dll
2007-12-07 01:07 1,494,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2007-12-07 01:07 1,054,208 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\danim.dll
2007-12-07 01:07 1,023,488 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\browseui.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\SYSTEM32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\SYSTEM32\libdivx.dll
2004-08-04 07:56 73,728 -csha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2008-01-11 22:25 110592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-20 10:55 185896]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2008-01-11 22:25 204800]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-11 22:25 267048]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2008-01-11 22:25 124520]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2008-01-11 22:25 221184]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2008-01-11 22:25 217088]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-01-11 22:25 155648]
"ICQ Messenger"="ICQLite.exe" []
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-01-11 22:25 114688]
"DVDSentry"="C:\WINDOWS\System32\DSentry.exe" [2008-01-11 22:25 28672]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 01:04 122933]
"Dell AIO Printer A920"="C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" [2008-01-11 22:25 270336]
"BuildBU"="c:\dell\bldbubg.exe" [2008-01-10 20:25 61440]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2008-01-10 20:25 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"ICQ Messenger"="ICQLite.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0\aoltray.exe [2004-06-30 03:33:04 36953]
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-06-21 22:56:14 282624]

R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 04:44]
S2 DVC150;DVC 150B;C:\WINDOWS\system32\Drivers\dvc150b.sys [2003-11-04 15:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 04:30:11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 18:16:18 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16
"2008-02-26 08:30:00 C:\WINDOWS\Tasks\ErrorKiller Scheduled Scan.job"
- C:\Program Files\ErrorKiller\ErrorKiller.ex
- C:\Program Files\ErrorKiller
"2008-02-26 07:17:54 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 19:26:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
ICQ Messenger = ICQLite.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 19:28:28
ComboFix-quarantined-files.txt 2008-02-27 00:27:36
ComboFix2.txt 2008-02-24 01:00:51
ComboFix3.txt 2008-02-23 17:11:42
ComboFix4.txt 2008-02-21 15:13:41
ComboFix5.txt 2008-02-18 05:37:20
.
2008-02-26 05:33:26 --- E O F ---


comps running alright. I play world of warcraft and it took a few days to download it again...which is odd but i guess it could be that im connected wirelessly? so im not too worried about that but otherwise yeah my comp is running fairly well

0

Hi Serakus

Click Start > Run and type

C:\Program Files\QuickTime\QTTask.exe

Did you recieve any errors?

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.