Inactive [InActive] XP Malware

This PC has something on it that is causing it to try to send out tons of spam. It had antivirus 2008 which I cleaned using malwarebyte's antimalware. There was still a rootkit that could not be removed. The PC has Symantec antivirus but it was dated August 2007. I updated the virus definition files and now the PC is showing hundreds of warnings from symantec about e-mails trying to go out from the PC that are being blocked. I ran the hijack-this installer as instructed. Here is the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:35 AM, on 9/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RitzPix E-Z Print & Share.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O20 - Winlogon Notify: WinCtrl32 - WinCtrl32.dll (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10775 bytes

Any suggestions to help clean this up would be greatly appreciated!

 

Hi mcseadogs
Welcome to Windowsbbs

Please do this.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks
Geri

 

Report.txt 09/22/08

SDFix: Version 1.228
Run by Julie on Mon 09/22/2008 at 09:59 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\SBI53.sys - Rootkit Pandex/Cutwail - Runtime.sys

Name :
SBI53

Path :
\SystemRoot\System32\Drivers\Sbi53.sys

SBI53 - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\SYSTEM32\MSMAPI32.EXE - Deleted
C:\WINDOWS\SYSTEM32\REGER.EXE - Deleted
C:\WINDOWS\SYSTEM32\SMARTDRV.EXE - Deleted
C:\WINDOWS\SYSTEM32\USERS32.EXE - Deleted
C:\WINDOWS\SYSTEM32\WINSRV32.EXE - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt13.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt17.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt18.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt19.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1A.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1B.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1C.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1D.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1E.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1F.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt20.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt21.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt22.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt23.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt24.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt25.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt27.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt28.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt29.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2A.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2B.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2C.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2D.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2F.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt30.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt31.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt32.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt33.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt34.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt36.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt37.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt39.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt3B.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt3D.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt3E.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt40.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt41.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt42.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt43.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt44.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt45.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt46.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt47.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt49.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt4E.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt52.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt54.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt56.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt58.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt7D.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.ttB3.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.ttB5.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.ttBC.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.ttC5.tmp - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt13.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt16.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt17.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt18.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt19.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1A.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1B.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt1C.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt23.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt25.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt26.tmp.vbs - Deleted
C:\DOCUME~1\Julie\LOCALS~1\Temp\.tt2A.tmp.vbs - Deleted
C:\WINDOWS\system32\drivers\SBI53.sys - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-22 10:15:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\Common Files\\AOL\\1129345307\\ee\\AOLServiceHost.exe "= "C:\\Program Files\\Common Files\\AOL\\1129345307\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"C:\\Documents and Settings\\Julie\\Desktop\\incredimail_install.exe "= "C:\\Documents and Settings\\Julie\\Desktop\\incredimail_install.exe:*:Enabled:IncrediMail Installer "
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe "= "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "= "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "= "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe "= "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail "
"C:\\Program Files\\iTunes\\iTunes.exe "= "C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0 "
"C:\\Program Files\\Common Files\\AOL\\1129345307\\ee\\AOLServiceHost.exe "= "C:\\Program Files\\Common Files\\AOL\\1129345307\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Tue 19 Feb 2008 952 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys "
Sun 16 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Mon 18 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp "
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
Sat 21 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp "
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll "
Sat 1 Jul 2006 2,041 A.SH. --- "C:\Documents and Settings\Julie\Application Data\Roxio\Dragon\DiscInfoCache\PHILIPS__CDRW_DVD_SCB5265_TD15_300_DICV018_DRGV2050102.TMP "

Finished!

 

New Hijack this log 09/22/08

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:59 AM, on 9/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RitzPix E-Z Print & Share.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10614 bytes
Thanks again!

 

Hi
Still sending out spam?

Now please do this in the order given..

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.


Then please do this.

• Download RSIT by random/random and save it to your desktop.
• Double click RSIT.exe to start the tool and click Continue at the disclaimer.
• When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
• Please post the contents of the log.txt here in your next reply.

Please post the Combofix log and the log.txt from RSIT.

Thanks
Geri

 

Combo Fix Log 09/23/08

It appears that there is no spam going out at this time - originally the desktop quickly filled up with symantec e-mail alerts about the spam. Now this is no longer occuring. Looks like it was using a program called incredimail to send out.

Here's the combofix log:
ComboFix 08-09-20.05 - Julie 2008-09-23 9:03:55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.217 [GMT -4:00]
Running from: D:\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Dax\Cookies\dax@2o7[1].txt
C:\Documents and Settings\Dax\Cookies\dax@ad.m5prod[1].txt
C:\Documents and Settings\Dax\Cookies\dax@ads.pointroll[2].txt
C:\Documents and Settings\Dax\Cookies\dax@advertising[2].txt
C:\Documents and Settings\Dax\Cookies\dax@bluestreak[1].txt
C:\Documents and Settings\Dax\Cookies\dax@cs.sexcounter[2].txt
C:\Documents and Settings\Dax\Cookies\dax@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Dax\Cookies\dax@insightexpressai[1].txt
C:\Documents and Settings\Dax\Cookies\dax@myspace[2].txt
C:\Documents and Settings\Dax\Cookies\dax@spamblockerutility[2].txt
C:\Documents and Settings\Dax\Cookies\dax@track.bestbuy[1].txt
C:\Documents and Settings\Dax\Cookies\dax@trafficmp[2].txt
C:\Documents and Settings\Julie\Cookies\julie@2o7[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ad.m5prod[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ad.yieldmanager[2].txt
C:\Documents and Settings\Julie\Cookies\julie@ads.pointroll[1].txt
C:\Documents and Settings\Julie\Cookies\julie@advertising[1].txt
C:\Documents and Settings\Julie\Cookies\julie@bluestreak[1].txt
C:\Documents and Settings\Julie\Cookies\julie@cubics[1].txt
C:\Documents and Settings\Julie\Cookies\julie@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Julie\Cookies\julie@fastclick[1].txt
C:\Documents and Settings\Julie\Cookies\julie@insightexpressai[1].txt
C:\Documents and Settings\Julie\Cookies\julie@media6degrees[2].txt
C:\Documents and Settings\Julie\Cookies\julie@my.clearchannelradio[2].txt
C:\Documents and Settings\Julie\Cookies\julie@myspace[2].txt
C:\Documents and Settings\Julie\Cookies\julie@questionmarket[2].txt
C:\Documents and Settings\Julie\Cookies\julie@social.bidsystem[2].txt
C:\Documents and Settings\Julie\Cookies\julie@spamblockerutility[2].txt
C:\Documents and Settings\Julie\Cookies\julie@specificclick[2].txt
C:\Documents and Settings\Julie\Cookies\julie@trafficmp[1].txt
C:\Program Files\Antispyware Soldier
C:\Program Files\Antispyware Soldier\antispysoldier.url
C:\Program Files\Antispyware Soldier\interface\English.lng
C:\Program Files\Antispyware Soldier\sounds\crit.wav
C:\Program Files\Antispyware Soldier\unins000.dat
C:\Program Files\License_Manager
C:\Program Files\SoftwareOnline
C:\WINDOWS\system32\_000009_.tmp.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\rlxf.dll
C:\WINDOWS\system32\winbl32.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-23 to 2008-09-23 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-09-22 09:55 . 2008-09-22 09:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 09:51 . 2008-09-22 10:18 <DIR> d-------- C:\SDFix
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 09:09 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 09:09 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Thinstall
2008-09-14 15:35 . 2008-09-18 10:30 <DIR> d-------- C:\Program Files\vtyzpoc
2008-09-14 15:35 . 2008-09-18 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\glstevgp
2008-09-06 20:54 . 2008-09-07 10:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 08:23 . 2008-09-05 08:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 08:23 . 2008-09-05 08:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-01 12:02 . 2008-09-01 12:02 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Nikon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-23 12:59 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-14 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-01 16:02 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-27 20:57 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-25 14:46 --------- d-----w C:\Program Files\Napster
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 22:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2006-05-02 21:26 49,465 -c--a-w C:\Program Files\moviepass Terms.html
2008-02-19 22:21 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SecretSmileys "= "C:\PROGRA~1\SECRET~1\ss.exe" [2004-09-24 20480]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [X]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-30 26112]
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-26 36864]
"Lexmark X83 Button Monitor "= "C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager "= "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 126976]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"FLMOFFICE4DMOUSE "= "C:\Program Files\Browser Mouse\mouse32a.exe" [2006-07-01 356352]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"BellSouthAlertManager.exe "= "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"TomTomHOME.exe "= "C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 378784]
"NapsterShell "= "C:\Program Files\Napster\napster.exe" [2007-12-10 323216]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]

C:\Documents and Settings\Julie\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe [2007-03-27 57396]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-02 815104]
RitzPix E-Z Print & Share.lnk - C:\WINDOWS\Installer\{56FB9BA2-BB0F-41E8-B55F-CC93A1A404A6}\Icon020A87392.ico [2006-01-04 64512]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-07-22 819200]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm28.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr85.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb32.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta52.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2003-07-16 467002]
R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2003-08-20 118840]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 36188]
S2 NVJNLTBW;NVJNLTBW;C:\WINDOWS\system32\nvjnltbw.cbq [ ]
S3 Winsb32;Winsb32;C:\WINDOWS\System32\drivers\Winsb32.sys [ ]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/
O8 -: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: &Search
O9 -: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 -: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-23 09:07:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVJNLTBW]
"ImagePath "= "\??\C:\WINDOWS\system32\nvjnltbw.cbq "
.
Completion time: 2008-09-23 9:10:10
ComboFix-quarantined-files.txt 2008-09-23 13:09:35

Pre-Run: 23,512,899,584 bytes free
Post-Run: 23,839,621,120 bytes free

207 --- E O F --- 2008-09-10 13:35:30

 

RSIT log 09/23/08

And the RSIT log:
Logfile of random's system information tool 1.02 (written by random/random)
Run by Julie at 2008-09-23 09:13:03
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 23 GB (60%) free of 38 GB
Total RAM: 503 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:06 AM, on 9/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RitzPix E-Z Print & Share.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9740 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee SecurityCenter.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB5J5K81-Dax).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"UpdateManager "=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"RealTray "=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-09-30 26112]
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-06-26 36864]
"Lexmark X83 Button Monitor "=C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe [2001-10-18 40960]
"Lexmark X83 Button Manager "=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe [2001-06-14 53248]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2005-02-15 155648]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2005-02-15 126976]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"Dell Wireless Manager UI "=C:\WINDOWS\system32\WLTRAY []
"Dell QuickSet "=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]
"Apoint "=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"FLMOFFICE4DMOUSE "=C:\Program Files\Browser Mouse\mouse32a.exe [2006-07-01 356352]
"SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"SetDefPrt "=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"ControlCenter2.0 "=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"BellSouthAlertManager.exe "=C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe [2006-01-10 1896448]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"TomTomHOME.exe "=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2007-10-31 378784]
"NapsterShell "=C:\Program Files\Napster\napster.exe [2007-12-10 323216]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SecretSmileys "=C:\PROGRA~1\SECRET~1\ss.exe [2004-09-24 20480]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
RitzPix E-Z Print & Share.lnk - C:\WINDOWS\Installer\{56FB9BA2-BB0F-41E8-B55F-CC93A1A404A6}\Icon020A87392.ico
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Documents and Settings\Julie\Start Menu\Programs\Startup
NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-15 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr85.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb32.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta52.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wingm28.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winkr85.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winsb32.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Winta52.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=145
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun "=
"NoDriveTypeAutoRun "=
"NoDrives "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\IncrediMail\bin\IMApp.exe "= "C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\IncMail.exe "= "C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\ImpCnt.exe "= "C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\ImLc.exe "= "C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"C:\Program Files\Common Files\AOL\1129345307\ee\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1129345307\ee\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 1 months======

2100-02-24 15:15:04 ----AC---- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09:06 ----AC---- C:\WINDOWS\system32\LXASUSCI.INI
2008-09-23 09:13:03 ----D---- C:\rsit
2008-09-23 09:10:15 ----D---- C:\WINDOWS\temp
2008-09-23 09:10:11 ----A---- C:\ComboFix.txt
2008-09-23 09:03:26 ----D---- C:\WINDOWS\erdnt
2008-09-23 09:02:53 ----D---- C:\QooBox
2008-09-23 09:02:51 ----A---- C:\WINDOWS\zip.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\VFind.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\SWSC.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\swreg.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\sed.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\grep.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 09:55:17 ----D---- C:\WINDOWS\ERUNT
2008-09-22 09:51:07 ----D---- C:\SDFix
2008-09-18 11:42:14 ----D---- C:\Program Files\Trend Micro
2008-09-18 09:09:55 ----D---- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-18 09:09:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 09:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 18:11:37 ----D---- C:\Documents and Settings\Julie\Application Data\Thinstall
2008-09-14 15:35:11 ----D---- C:\Program Files\vtyzpoc
2008-09-14 15:35:02 ----D---- C:\Documents and Settings\All Users\Application Data\glstevgp
2008-09-10 09:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 09:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-06 20:54:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-01 12:02:17 ----D---- C:\Documents and Settings\Julie\Application Data\Nikon

======List of files/folders modified in the last 1 months======

2008-09-23 09:10:17 ----D---- C:\WINDOWS\system32
2008-09-23 09:10:15 ----D---- C:\WINDOWS
2008-09-23 09:08:24 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-23 09:07:42 ----A---- C:\WINDOWS\system.ini
2008-09-23 09:06:45 ----RD---- C:\Program Files
2008-09-23 09:05:56 ----D---- C:\WINDOWS\system32\drivers
2008-09-23 09:05:55 ----D---- C:\WINDOWS\AppPatch
2008-09-23 09:05:55 ----D---- C:\Program Files\Common Files
2008-09-23 09:02:45 ----D---- C:\WINDOWS\Prefetch
2008-09-23 08:59:42 ----D---- C:\Program Files\Symantec AntiVirus
2008-09-22 10:19:29 ----A---- C:\WINDOWS\ACMonitor_X83.ini
2008-09-22 10:09:31 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-09-22 10:07:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-09-22 09:51:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-18 10:28:19 ----D---- C:\Program Files\Internet Explorer
2008-09-17 15:20:10 ----SHD---- C:\System Volume Information
2008-09-17 15:20:10 ----D---- C:\WINDOWS\system32\Restore
2008-09-15 21:21:56 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-14 17:11:56 ----D---- C:\WINDOWS\system32\wbem
2008-09-14 17:09:24 ----D---- C:\WINDOWS\system32\config
2008-09-14 17:08:53 ----D---- C:\WINDOWS\Registration
2008-09-14 15:50:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-14 15:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-12 16:36:45 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-10 09:35:30 ----HD---- C:\WINDOWS\inf
2008-09-10 09:35:28 ----D---- C:\WINDOWS\WinSxS
2008-09-10 09:34:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 09:33:45 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 10:34:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-28 15:43:26 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-08-28 15:16:55 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-23 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-09-30 8552]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2003-07-16 467002]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-06 369024]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-01-31 44928]
R3 catchme;catchme; \??\C:\DOCUME~1\Julie\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2002-09-13 138916]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 36188]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-15 804317]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080917.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080917.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S2 NVJNLTBW;NVJNLTBW; \??\C:\WINDOWS\system32\nvjnltbw.cbq []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Winsb32;Winsb32; \??\C:\WINDOWS\System32\drivers\Winsb32.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe [2003-08-20 28726]
R2 IreIKE;SafeNet IKE Service; C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe [2003-08-20 299058]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-04 356352]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-06 65536]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

 

Hi

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into *the * "File to upload & scan "box on the top of the page: one at a time
  
  • C:\PROGRA~1\SECRET~1\run.exe
• Click on the submit button
  
• Please post the results in your next reply.

Highlight and copy the contents of the code box below and paste it into a blank Notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\System32\drivers\Winsb32.sys
C:\WINDOWS\system32\nvjnltbw.cbq

Folder::
C:\Program Files\vtyzpoc
C:\Documents and Settings\All Users\Application Data\glstevgp

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm28.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr85.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb32.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta52.sys]
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVJNLTBW]

Driver::
Winsb32
NVJNLTBW 

Please post the Combofix log and the Jotti results.

Thanks
Geri

 

Jotti's Scan results

Scanner results
Scan taken on 24 Sep 2008 13:37:32 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

 

Combofix Hung?

Hi,
I started the combofix this morning using the cfscript as instructed above.
It has now been running for about 5 hours. Can I cancel this and start over? I think I may have experienced this issue on another PC some time ago.
Thanks again.

 

Hi
Yes you can cancel it.

Please delete it and download the newer version and then try the CFScript again.
You can use the same link I posted above.

Thanks
Geri

 

Combo Fix 092608

Geri,
Combofix still hangs up with the cfscript.txt file. I ran it without the script and here is the log:
ComboFix 08-09-25.03 - Julie 2008-09-26 9:14:35.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.162 [GMT -4:00]
Running from: C:\Documents and Settings\Julie\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-26 to 2008-09-26 )))))))))))))))))))))))))))))))
.

2100-02-24 15:15 . 2001-04-02 17:30 821 --a--c--- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09 . 2001-02-16 16:37 62 --a--c--- C:\WINDOWS\system32\LXASUSCI.INI
2008-09-23 09:13 . 2008-09-23 09:13 <DIR> d-------- C:\rsit
2008-09-22 09:55 . 2008-09-22 09:55 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-22 09:51 . 2008-09-22 10:18 <DIR> d-------- C:\SDFix
2008-09-18 11:42 . 2008-09-18 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-18 09:09 . 2008-09-18 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-18 09:09 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-18 09:09 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-14 18:11 . 2008-09-14 18:11 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Thinstall
2008-09-14 15:35 . 2008-09-18 10:30 <DIR> d-------- C:\Program Files\vtyzpoc
2008-09-14 15:35 . 2008-09-18 10:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\glstevgp
2008-09-06 20:54 . 2008-09-07 10:33 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-05 08:23 . 2008-09-05 08:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-05 08:23 . 2008-09-05 08:23 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-01 12:02 . 2008-09-01 12:02 <DIR> d-------- C:\Documents and Settings\Julie\Application Data\Nikon

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 13:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-09-14 19:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 19:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-01 16:02 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-07-27 20:57 --------- d-----w C:\Program Files\Common Files\AnswerWorks 4.0
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2006-05-02 21:26 49,465 -c--a-w C:\Program Files\moviepass Terms.html
2008-02-19 22:21 952 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"SecretSmileys "= "C:\PROGRA~1\SECRET~1\ss.exe" [2004-09-24 20480]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI "= "C:\WINDOWS\system32\WLTRAY" [X]
"iTunesHelper "= "C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 278528]
"UpdateManager "= "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SunJavaUpdateSched "= "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-09-30 26112]
"PrinTray "= "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-06-26 36864]
"Lexmark X83 Button Monitor "= "C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe" [2001-10-18 40960]
"Lexmark X83 Button Manager "= "C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe" [2001-06-14 53248]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-02-15 126976]
"DVDLauncher "= "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"dla "= "C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"Dell QuickSet "= "C:\Program Files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"Apoint "= "C:\Program Files\Apoint\Apoint.exe" [2004-09-13 155648]
"Adobe Photo Downloader "= "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"FLMOFFICE4DMOUSE "= "C:\Program Files\Browser Mouse\mouse32a.exe" [2006-07-01 356352]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
"BellSouthAlertManager.exe "= "C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe" [2006-01-10 1896448]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"vptray "= "C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 124128]
"TomTomHOME.exe "= "C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 378784]
"NapsterShell "= "C:\Program Files\Napster\napster.exe" [2007-12-10 323216]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-10-19 286720]

C:\Documents and Settings\Julie\Start Menu\Programs\Startup\
NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe [2007-03-27 57396]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-10-02 815104]
RitzPix E-Z Print & Share.lnk - C:\WINDOWS\Installer\{56FB9BA2-BB0F-41E8-B55F-CC93A1A404A6}\Icon020A87392.ico [2006-01-04 64512]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-07-22 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"C:\\Program Files\\Messenger\\msmsgs.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe "=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe "=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe "=
"C:\\Program Files\\IncrediMail\\bin\\ImLc.exe "=
"C:\\Program Files\\iTunes\\iTunes.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=

R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys [2003-07-16 467002]
R2 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2003-08-20 118840]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 36188]
S3 Winsb32;Winsb32;C:\WINDOWS\System32\drivers\Winsb32.sys [ ]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/
O8 -: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 -: &Search
O9 -: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 -: {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-26 09:18:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-26 9:20:35
ComboFix-quarantined-files.txt 2008-09-26 13:20:01
ComboFix2.txt 2008-09-25 17:51:13
ComboFix3.txt 2008-09-23 13:10:11

Pre-Run: 23,896,428,544 bytes free
Post-Run: 23,884,021,760 bytes free

145 --- E O F --- 2008-09-10 13:35:30

 

Hi
Ok please do this.

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\WINDOWS\System32\drivers\Winsb32.sys
  C:\WINDOWS\system32\nvjnltbw.cbq
  C:\Program Files\vtyzpoc
  C:\Documents and Settings\All Users\Application Data\glstevgp
  

• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now this.

Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Code:

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm28.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr85.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb32.sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta52.sys]
[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVJNLTBW]

Please post the OTMoveIt2 log and a new RSIT log.

Thanks
Geri

 

OTMoveIt Log 09/30/08

File/Folder C:\WINDOWS\System32\drivers\Winsb32.sys not found.
File/Folder C:\WINDOWS\system32\nvjnltbw.cbq not found.
C:\Program Files\vtyzpoc moved successfully.
C:\Documents and Settings\All Users\Application Data\glstevgp moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09302008_084302

I followed the steps to run the fix.reg and get the error: cannot import c:\desktop\fix.reg: the specified file is not a registry script. You can onlhy import binary registry files from within the registry editor. I verified that I followed your instructions precisely. Any suggestions?

 

Rsit Log 09/30/08

Logfile of random's system information tool 1.04 (written by random/random)
Run by Julie at 2008-09-30 08:51:43
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 23 GB (60%) free of 38 GB
Total RAM: 503 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:53 AM, on 9/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\PROGRA~1\SECRET~1\run.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Julie\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Julie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe "
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SecretSmileys] C:\PROGRA~1\SECRET~1\ss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RitzPix E-Z Print & Share.lnk = ?
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra 'Tools' menuitem: Noble Poker - {B723B1B8-9788-4684-ADA7-D1DB02E1D516} - C:\Program Files\Noble Poker\casino.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10025 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McAfee SecurityCenter.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (DB5J5K81-Dax).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-12-06 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655}
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll [2005-08-02 524288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper "=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"UpdateManager "=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-07 110592]
"SunJavaUpdateSched "=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2003-11-19 32881]
"RealTray "=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-09-30 26112]
"PrinTray "=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe [2002-06-26 36864]
"Lexmark X83 Button Monitor "=C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe [2001-10-18 40960]
"Lexmark X83 Button Manager "=C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe [2001-06-14 53248]
"IgfxTray "=C:\WINDOWS\system32\igfxtray.exe [2005-02-15 155648]
"HotKeysCmds "=C:\WINDOWS\system32\hkcmd.exe [2005-02-15 126976]
"DVDLauncher "=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-26 53248]
"dla "=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"Dell Wireless Manager UI "=C:\WINDOWS\system32\WLTRAY []
"Dell QuickSet "=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]
"Apoint "=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-07 57344]
"FLMOFFICE4DMOUSE "=C:\Program Files\Browser Mouse\mouse32a.exe [2006-07-01 356352]
"SSBkgdUpdate "=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-10-14 155648]
"PaperPort PTD "=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2004-04-14 57393]
"IndexSearch "=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2004-04-14 40960]
"SetDefPrt "=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe [2004-05-25 49152]
"ControlCenter2.0 "=C:\Program Files\Brother\ControlCenter2\brctrcen.exe [2004-07-20 851968]
"BellSouthAlertManager.exe "=C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe [2006-01-10 1896448]
"ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray "=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"TomTomHOME.exe "=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2007-10-31 378784]
"NapsterShell "=C:\Program Files\Napster\napster.exe [2007-12-10 323216]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"SecretSmileys "=C:\PROGRA~1\SECRET~1\ss.exe [2004-09-24 20480]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
RitzPix E-Z Print & Share.lnk - C:\WINDOWS\Installer\{56FB9BA2-BB0F-41E8-B55F-CC93A1A404A6}\Icon020A87392.ico
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Documents and Settings\Julie\Start Menu\Programs\Startup
NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-15 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\IncrediMail\bin\IMApp.exe "= "C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\IncMail.exe "= "C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\ImpCnt.exe "= "C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail "
"C:\Program Files\IncrediMail\bin\ImLc.exe "= "C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail "
"C:\Program Files\iTunes\iTunes.exe "= "C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 "
"C:\Program Files\Common Files\AOL\1129345307\ee\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1129345307\ee\AOLServiceHost.exe:*:Enabled:AOL Services "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 1 months======

2100-02-24 15:15:04 ----AC---- C:\WINDOWS\Lexmark_ICM.ini
2100-02-16 17:09:06 ----AC---- C:\WINDOWS\system32\LXASUSCI.INI
2008-09-30 08:42:37 ----D---- C:\_OTMoveIt
2008-09-26 09:20:39 ----D---- C:\WINDOWS\temp
2008-09-26 09:20:36 ----A---- C:\ComboFix.txt
2008-09-23 09:13:03 ----D---- C:\rsit
2008-09-23 09:03:26 ----D---- C:\WINDOWS\erdnt
2008-09-23 09:02:53 ----D---- C:\QooBox
2008-09-23 09:02:51 ----A---- C:\WINDOWS\zip.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\VFind.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\SWSC.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\swreg.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\sed.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\grep.exe
2008-09-23 09:02:51 ----A---- C:\WINDOWS\fdsv.exe
2008-09-22 09:55:17 ----D---- C:\WINDOWS\ERUNT
2008-09-22 09:51:07 ----D---- C:\SDFix
2008-09-18 11:42:14 ----D---- C:\Program Files\Trend Micro
2008-09-18 09:09:55 ----D---- C:\Documents and Settings\Julie\Application Data\Malwarebytes
2008-09-18 09:09:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-18 09:09:50 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-14 18:11:37 ----D---- C:\Documents and Settings\Julie\Application Data\Thinstall
2008-09-10 09:35:26 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 09:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-06 20:54:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-01 12:02:17 ----D---- C:\Documents and Settings\Julie\Application Data\Nikon

======List of files/folders modified in the last 1 months======

2008-09-30 08:51:49 ----D---- C:\WINDOWS\Prefetch
2008-09-30 08:43:02 ----RD---- C:\Program Files
2008-09-30 08:39:25 ----D---- C:\WINDOWS
2008-09-30 08:39:00 ----A---- C:\WINDOWS\ACMonitor_X83.ini
2008-09-30 08:37:42 ----D---- C:\Program Files\Symantec AntiVirus
2008-09-30 08:37:36 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2008-09-26 10:14:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-26 09:20:41 ----D---- C:\WINDOWS\system32
2008-09-26 09:19:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-26 09:18:07 ----A---- C:\WINDOWS\system.ini
2008-09-26 09:17:30 ----D---- C:\WINDOWS\system32\drivers
2008-09-26 09:17:29 ----D---- C:\WINDOWS\AppPatch
2008-09-26 09:17:29 ----D---- C:\Program Files\Common Files
2008-09-22 10:07:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-09-18 10:28:19 ----D---- C:\Program Files\Internet Explorer
2008-09-17 15:20:10 ----SHD---- C:\System Volume Information
2008-09-17 15:20:10 ----D---- C:\WINDOWS\system32\Restore
2008-09-15 21:21:56 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-14 17:11:56 ----D---- C:\WINDOWS\system32\wbem
2008-09-14 17:09:24 ----D---- C:\WINDOWS\system32\config
2008-09-14 17:08:53 ----D---- C:\WINDOWS\Registration
2008-09-14 15:50:55 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-14 15:50:55 ----D---- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-09-12 16:36:45 ----D---- C:\WINDOWS\system32\FxsTmp
2008-09-10 09:35:30 ----HD---- C:\WINDOWS\inf
2008-09-10 09:35:28 ----D---- C:\WINDOWS\WinSxS
2008-09-10 09:34:06 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-10 09:33:45 ----A---- C:\WINDOWS\imsins.BAK
2008-09-07 10:34:40 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-23 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-09-30 8552]
R2 Crypto;Crypto; C:\WINDOWS\system32\drivers\Crypto.sys [2003-07-16 467002]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 IPSECDRV;SafeNet IPSec Plugin; \??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2004-12-06 369024]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-01-31 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2002-09-13 138916]
R3 DniVap;SafeNet WAN Miniport (VA); C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 36188]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-15 804317]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080917.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080917.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\System32\Drivers\BrScnUsb.sys [2003-12-19 15263]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Julie\LOCALS~1\Temp\catchme.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Winsb32;Winsb32; \??\C:\WINDOWS\System32\drivers\Winsb32.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 brmfrmps;Brother Popup Suspend service for Resource manager; C:\WINDOWS\system32\Brmfrmps.exe [2003-05-05 65536]
R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 IPSECMON;SafeNet Monitor Service; C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe [2003-08-20 28726]
R2 IreIKE;SafeNet IKE Service; C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe [2003-08-20 299058]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-04 356352]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-06 65536]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

 

Hi

OK sorry about that, my fault.

Open “Notepad” Copy the contents of the code box below to the blank Notepad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the “File name” type in: fix.reg
In the “Save As Type” select: All Files
Once saved, Go to your desktop double click “fix.reg file” and let it merge with the registry.

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingm28.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkr85.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsb32.sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta52.sys]

[-HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVJNLTBW]

Now lets get a on line scan.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Now this.

Please do an online scan with Kaspersky WebScanner

Click on “Accept” If your pop –up blocker blocks any windows from opening.

Click Run on the window that opens.
Windows Vista users you must open the web browser using the Run as Administrator command.

• The program will launch and then begin downloading the latest definition files:
• Under Scan on the left side.Click on My Computer
• This will start the program and scan your system.
• Click the “Scan Report” On the left side.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
• Save the text file to your desktop.
• Copy and paste that information in your next post.

Please post the Kaspersky results.

Thanks
Geri

 

Kaspersky log 10-01-08

Sorry my last post didn't complete. Here's the log. The reg.fix ran fine this time.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, October 1, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, October 01, 2008 10:26:19
Records in database: 1279248
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 55491
Threat name: 34
Infected objects: 302
Suspicious objects: 0
Duration of the scan: 01:28:36


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00A00000.VBN Infected: Trojan-Clicker.Win32.Small.js 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00A80000.VBN Infected: Trojan-Downloader.Win32.VB.aeq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\010C0000.VBN Infected: Email-Worm.Win32.Banwarum.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03000000.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03000001.VBN Infected: Trojan-Downloader.Win32.Small.dji 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03000002.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140000.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140001.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03140002.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03440000.VBN Infected: Trojan-Downloader.Win32.Small.dsr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40000.VBN Infected: Trojan-Downloader.Win32.Mutant.bmr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\03E40001.VBN Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04640000.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80000.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80001.VBN Infected: Trojan-Downloader.Win32.Small.cjk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80002.VBN Infected: Trojan-Downloader.Win32.VB.afk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80003.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80004.VBN Infected: Email-Worm.Win32.Banwarum.f 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80005.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80006.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80007.VBN Infected: Trojan-Downloader.Win32.VB.aan 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80008.VBN Infected: Trojan-Downloader.Win32.VB.aeq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80009.VBN Infected: Trojan.Win32.Pakes.bed 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000A.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000C.VBN Infected: Packed.Win32.Tibs.ei 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000D.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000E.VBN Infected: Trojan-Downloader.Win32.Small.dbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8000F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80010.VBN Infected: Trojan-Proxy.Win32.Lager.dp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80011.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80012.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80013.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80014.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80015.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80016.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80017.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80018.VBN Infected: Trojan-Downloader.Win32.VB.afk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80019.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001B.VBN Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001C.VBN Infected: Trojan-Mailfinder.Win32.Agent.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001E.VBN Infected: Trojan-Downloader.Win32.Small.dji 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8001F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80020.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80021.VBN Infected: Trojan-Downloader.Win32.Small.dsr 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80022.VBN Infected: Email-Worm.Win32.Glowa.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80023.VBN Infected: Trojan-Downloader.Win32.Tibs.ir 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80024.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80025.VBN Infected: Trojan-Downloader.Win32.Tiny.et 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80026.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80027.VBN Infected: Packed.Win32.Tibs.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80028.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80029.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8002F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80030.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80031.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80032.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80033.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80034.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80035.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80036.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80037.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80038.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80039.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8003F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80040.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80041.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80042.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80043.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80044.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80045.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80046.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80047.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80048.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80049.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8004F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80050.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80051.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80052.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80053.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80054.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80055.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80056.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80057.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80058.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80059.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8005F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80060.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80061.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80062.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80063.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80064.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80065.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80066.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80067.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80068.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80069.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8006F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80070.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80071.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80072.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80073.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80074.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80075.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80076.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80077.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80078.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80079.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8007F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80080.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80081.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80082.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80083.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80084.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80085.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80086.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80087.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80088.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80089.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8008F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80090.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80091.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80092.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80093.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80094.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80095.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80096.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80097.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80098.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A80099.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009A.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009B.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009C.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009D.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009E.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A8009F.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A0.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A1.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A2.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A3.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A4.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A5.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A6.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A7.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A8.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800A9.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AA.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AB.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AC.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AD.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AE.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800AF.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B0.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B1.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B2.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B3.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B4.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B5.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B6.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B7.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B8.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800B9.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BA.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BB.VBN Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BC.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BD.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BE.VBN Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800BF.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C0.VBN Infected: Email-Worm.Win32.Mixor.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C1.VBN Infected: Trojan-Downloader.VBS.Small.co 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C2.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C3.VBN Infected: Email-Worm.Win32.Luder.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C4.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C5.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C6.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C7.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C8.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800C9.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CA.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CB.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CC.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CD.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CE.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800CF.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D0.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D1.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D2.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D3.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D4.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D5.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D6.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D7.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D8.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800D9.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DA.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DB.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DC.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DD.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DE.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800DF.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E0.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E1.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E2.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E3.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E4.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E5.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E6.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06A800E7.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80000.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80001.VBN Infected: Trojan-Proxy.Win32.Lager.dp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80002.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06B80003.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00000.VBN Infected: Trojan.Win32.Pakes.bed 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00001.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C00002.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D80000.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06D80001.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80000.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80001.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06F80002.VBN Infected: Trojan-Downloader.Win32.VB.afk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07280000.VBN Infected: Trojan-Downloader.Win32.Small.dkt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07280001.VBN Infected: Trojan-Downloader.Win32.Small.cjk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07280002.VBN Infected: Trojan-Downloader.Win32.VB.afk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07280003.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\07440000.VBN Infected: Trojan-Downloader.Win32.VB.aan 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340000.VBN Infected: Trojan-Downloader.Win32.Tibs.ir 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340001.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340002.VBN Infected: Trojan-Downloader.Win32.Tiny.et 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340003.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340004.VBN Infected: Packed.Win32.Tibs.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340005.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08340006.VBN Infected: Trojan-Downloader.Win32.VB.ajp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0BE00000.VBN Infected: Email-Worm.Win32.Glowa.g 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C480000.VBN Infected: Trojan-Downloader.Win32.Small.dbx 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D540000.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D780000.VBN Infected: Packed.Win32.Tibs.ei 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D780001.VBN Infected: Packed.Win32.Tibs 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E480000.VBN Infected: Trojan-Downloader.Win32.Small.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E480001.VBN Infected: Trojan-Proxy.Win32.Lager.aq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E480002.VBN Infected: Trojan-Mailfinder.Win32.Agent.g 1
C:\Documents and Settings\Dax\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-1dca4d2-1e14b0d9.zip Infected: Trojan.Java.ClassLoader.as 3
C:\Documents and Settings\Julie\Local Settings\Application Data\IM\Identities\{970D5AE9-2596-460D-9C71-FBD1201A6690}\Message Store\Attachments\Child-renting term seen as short.exe Infected: Email-Worm.Win32.Zhelatin.dam 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\SDFix\backups\backups.zip Infected: Backdoor.Win32.Frauder.eo 12
C:\SDFix\backups\catchme.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\WINDOWS\system32\Agent.dll Infected: Trojan.Win32.Agent.qg 1
C:\WINDOWS\system32\fwmgqmgd.exe Infected: Trojan-Downloader.Win32.VB.afr 1
C:\WINDOWS\system32\rlls(2).dll Infected: not-a-virus:AdWare.Win32.RK.v 1
C:\WINDOWS\system32\xwzqzspg.exe Infected: Packed.Win32.Tibs.a 1

The selected area was scanned.

 

Hi
OK please delete everything inside your Symantec AntiVirus Corporate Edition 7.5 Quarantine Folder

Now do this.

• Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  C:\Documents and Settings\Julie\Local Settings\Application Data\IM\Identities\{970D5AE9-2596-460D-9C71-FBD1201A6690}\Message Store\Attachments\Child-renting term seen as short.exe
  C:\Documents and Settings\Dax\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-1dca4d2-1e14b0d9.zip
  C:\WINDOWS\system32\Agent.dll 
  C:\WINDOWS\system32\fwmgqmgd.exe
  C:\WINDOWS\system32\rlls(2).dll
  C:\WINDOWS\system32\xwzqzspg.exe

• Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move " window (under the light blue bar) and choose Paste.
  
• Return to OTMoveIt2, right click in the "Paste Custom List Of Files/Patterns To Move " window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Now run another Kaspersky scan and post the results along with the OTMoveIt2 log that was created.

Thanks
Geri

 

OT Move It log 100708

C:\Documents and Settings\Julie\Local Settings\Application Data\IM\Identities\{970D5AE9-2596-460D-9C71-FBD1201A6690}\Message Store\Attachments\Child-renting term seen as short.exe moved successfully.
C:\Documents and Settings\Dax\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-1dca4d2-1e14b0d9.zip moved successfully.
C:\WINDOWS\system32\Agent.dll NOT unregistered.
C:\WINDOWS\system32\Agent.dll moved successfully.
C:\WINDOWS\system32\fwmgqmgd.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\rlls(2).dll
C:\WINDOWS\system32\rlls(2).dll NOT unregistered.
C:\WINDOWS\system32\rlls(2).dll moved successfully.
File move failed. C:\WINDOWS\system32\xwzqzspg.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10072008_091039

Files moved on Reboot...
File C:\WINDOWS\system32\xwzqzspg.exe not found!

Before the reboot symantec caught the xwzqzspg.exe and deleted it.

 

Kaspersky log 10-07-08

I feel like we are getting close...Thank you again for your help.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, October 7, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, October 07, 2008 13:43:57
Records in database: 1297372
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 55733
Threat name: 8
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 01:23:31


File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\SDFix\backups\backups.zip Infected: Backdoor.Win32.Frauder.eo 12
C:\SDFix\backups\catchme.zip Infected: Trojan-Downloader.Win32.Mutant.aim 1
C:\_OTMoveIt\MovedFiles\10072008_091039\Documents and Settings\Dax\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-1dca4d2-1e14b0d9.zip Infected: Trojan.Java.ClassLoader.as 3
C:\_OTMoveIt\MovedFiles\10072008_091039\Documents and Settings\Julie\Local Settings\Application Data\IM\Identities\{970D5AE9-2596-460D-9C71-FBD1201A6690}\Message Store\Attachments\Child-renting term seen as short.exe Infected: Email-Worm.Win32.Zhelatin.dam 1
C:\_OTMoveIt\MovedFiles\10072008_091039\WINDOWS\system32\Agent.dll Infected: Trojan.Win32.Agent.qg 1
C:\_OTMoveIt\MovedFiles\10072008_091039\WINDOWS\system32\fwmgqmgd.exe Infected: Trojan-Downloader.Win32.VB.afr 1
C:\_OTMoveIt\MovedFiles\10072008_091039\WINDOWS\system32\rlls(2).dll Infected: not-a-virus:AdWare.Win32.RK.v 1

The selected area was scanned.