Solved Taskbar changes,Internet connection not showing

[Resolved] Taskbar changes,Internet connection not showing

My desktop computer has started performing extremely oddly. Firstly the taskbar started to chnage from the Windows XP (blue) to the old windows 98 (grey) one. The icon displying my wireless internet connections has disappeared from the taskbar. Internet explorer will not open. The computer often stalls or stops working. I am using my laptop to post this and cannot download from the internet onto my desktop. I have downloaded a new version of Trend Micro internet security to my laptop and copied it to my desktop by USB. This seems to have helped but the problems persist.

Any advice would be great.

 

sorry here are the logs:

DDS:

DDS (Ver_09-02-01.01) - NTFSx86
Run by David Haggar at 21:09:01.53 on 07/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.485 [GMT 1:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Broadband 2091\Help\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Documents and Settings\David Haggar\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Dit] Dit.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe "
mRun: [PCMService] "c:\program files\home cinema\powercinema\PCMService.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Motive SmartBridge] c:\progra~1\btbroa~1\help\smartb~1\BTHelpNotifier.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [RavAV] c:\windows\RavMonE.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [nar] c:\windows\nar.vbs
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll "
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe "
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\bt broadband 2091\help\bin\matcli.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.115.28,85.255.112.130
TCP: {2DB20322-3D56-4A0E-8F09-EB5EB4960DB2} = 85.255.115.28,85.255.112.130
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-9-1 188416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-6 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-6 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-4 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-6 677128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-8-3 62976]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1272000]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-3-4 334352]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]
S3 ldiskl;ldiskl;c:\docume~1\davidh~1\locals~1\temp\ldiskl.sys [2005-9-6 15872]

=============== Created Last 30 ================

2009-03-07 13:46 7,474 a--shr-- C:\nar.vbs
2009-03-07 13:27 88 a--shr-- C:\Autorun.inf
2009-03-06 23:41 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-06 23:41 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-03-06 23:41 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-06 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-03-06 23:40 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 23:22 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-03-04 23:22 1,195,448 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-04 23:22 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-04 23:22 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-04 23:22 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-04 23:22 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys

==================== Find3M ====================

2009-03-07 21:02 17,408 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-03-07 13:35 40,938 a------- c:\docume~1\davidh~1\applic~1\wklnhst.dat
2009-02-03 17:49 3,584 a------- c:\documents and settings\david haggar\netcache.dat
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\DV5NHJ1J.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\TBJV937D.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\SFXR5VV7.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\KJ1BVPBN.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\ITRH3BZR.DAT
2008-12-21 00:15 826,368 a------- c:\windows\system32\wininet.dll
2006-11-13 23:07 252,008 ac------ c:\docume~1\davidh~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-19 22:55 7,474 a--shr-- c:\windows\Nar.vbs
2006-08-28 17:59 8,192 a--sh--- c:\windows\o2cLicStore.bin
2005-02-09 15:13 8 -c-shr-- c:\windows\system32\14E4D0A500.sys
2005-02-09 15:13 5,224 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:09:31.31 ===============


Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 01/04/2005 11:08:43
System Uptime: 03/07/2009 20:59:21 (-2831 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-7091
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 478 | 3192/200mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 478 | 3192/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 49.826 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 66.849 GiB free.
E: is FIXED (FAT32) - 6 GiB total, 1.359 GiB free.
F: is FIXED (NTFS) - 149 GiB total, 38.51 GiB free.
G: is CDROM ()
H: is CDROM ()
J: is Removable
K: is Removable
L: is Removable
M: is CDROM (CDFS)
N: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine III Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_091C1462&REV_8B\4&10A6A55&0&30F0
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine III Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3106&SUBSYS_091C1462&REV_8B\4&10A6A55&0&30F0
Service: FETNDISB

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: MAC Bridge Miniport
Device ID: ROOT\MS_BRIDGEMP\0000
Manufacturer: Microsoft
Name: MAC Bridge Miniport
PNP Device ID: ROOT\MS_BRIDGEMP\0000
Service: BridgeMP

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth PAN Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: IVT Corporation
Name: Bluetooth PAN Network Adapter
PNP Device ID: ROOT\NET\0000
Service: BT

==== System Restore Points ===================

RP466: 02/12/2008 14:30:19 - System Checkpoint
RP467: 03/12/2008 16:19:46 - System Checkpoint
RP468: 04/12/2008 17:00:24 - System Checkpoint
RP469: 05/12/2008 17:48:14 - System Checkpoint
RP470: 07/12/2008 11:47:23 - System Checkpoint
RP471: 08/12/2008 16:20:09 - System Checkpoint
RP472: 09/12/2008 18:22:10 - System Checkpoint
RP473: 10/12/2008 21:32:04 - System Checkpoint
RP474: 11/12/2008 21:35:12 - System Checkpoint
RP475: 12/12/2008 21:47:42 - System Checkpoint
RP476: 13/12/2008 17:09:19 - Software Distribution Service 3.0
RP477: 15/12/2008 00:23:38 - System Checkpoint
RP478: 16/12/2008 03:03:21 - System Checkpoint
RP479: 17/12/2008 12:49:22 - System Checkpoint
RP480: 18/12/2008 11:14:35 - Software Distribution Service 3.0
RP481: 25/01/2009 20:23:53 - System Checkpoint
RP482: 26/01/2009 16:47:01 - Software Distribution Service 3.0
RP483: 27/01/2009 19:12:30 - System Checkpoint
RP484: 28/01/2009 23:22:26 - System Checkpoint
RP485: 30/01/2009 16:50:17 - System Checkpoint
RP486: 31/01/2009 18:44:20 - System Checkpoint
RP487: 01/02/2009 19:41:36 - System Checkpoint
RP488: 02/02/2009 04:11:28 - Software Distribution Service 3.0
RP489: 03/02/2009 04:31:37 - System Checkpoint
RP490: 04/02/2009 16:06:32 - System Checkpoint
RP491: 05/02/2009 19:34:10 - System Checkpoint
RP492: 07/02/2009 18:56:02 - System Checkpoint
RP493: 08/02/2009 20:04:59 - System Checkpoint
RP494: 09/02/2009 22:06:15 - System Checkpoint
RP495: 11/02/2009 00:57:29 - System Checkpoint
RP496: 12/02/2009 14:13:45 - System Checkpoint
RP497: 13/02/2009 16:55:28 - System Checkpoint
RP498: 14/02/2009 03:00:16 - Software Distribution Service 3.0
RP499: 15/02/2009 12:50:47 - System Checkpoint
RP500: 16/02/2009 19:52:55 - System Checkpoint
RP501: 17/02/2009 22:42:44 - System Checkpoint
RP502: 19/02/2009 13:18:16 - System Checkpoint
RP503: 20/02/2009 13:22:27 - System Checkpoint
RP504: 21/02/2009 13:35:44 - System Checkpoint
RP505: 25/02/2009 03:53:40 - System Checkpoint
RP506: 26/02/2009 12:26:47 - System Checkpoint
RP507: 26/02/2009 15:08:18 - Software Distribution Service 3.0
RP508: 02/03/2009 01:23:22 - System Checkpoint

==== Installed Programs ======================

1310
1310_Help
1310Tour
1310Trb
4oD
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0
AiO_Scan
AiOSoftware
AOL UK (Choose which version to remove)
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AudibleManager
AVI Joiner
BlueSoleil
Broadband Desktop Help
BT Yahoo! Applications
BufferChm
C-Media High Definition Audio Driver
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Copy
CorelDRAW ESSENTIALS
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
CreativeProjects
CreativeProjectsTemplates
Creatix V.92 Data Fax Modem
CueTour
Destinations
DeviceControl
Director
DocProc
DocumentViewer
DVD Decrypter (Remove Only)
eTrust Antivirus Registration
Family Tree Maker 2006
Fax
Football Manager 2007
GameShadow
Generic USB CardReader 2.0
Google Earth
Google Toolbar for Internet Explorer
GX25 Bluetooth-Handset Manager
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hollywood FX 5.5 Additional Effects
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPSystemDiagnostics
Information about your PC
InstantShare
J2SE Runtime Environment 5.0 Update 1
KeyStat
Kubex Software 3D Home Designer
Learn2 Player (Uninstall Only)
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
MediaShow 3.0
Memory-Map OS Edition 2004
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft AutoRoute 2005
Microsoft Digital Image Library 9 - Blocker
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Photo Premium 10
Microsoft Picture It! Library 10
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 6.2
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch® Jukebox
Nero Suite
OfficeForms
Overland
pc_honeys Screen Saver
Philips Digital Media Manager
PhotoGallery
Pinnacle Hollywood FX for Studio
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pinnacle Studio 9 Media Suite Components
PowerCinema 4.0
PowerDirector
PowerDVD
PowerProducer
PrintScreen
proDAD Heroglyph 1.0
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer Basic
RT2500 USB Wireless LAN Card
Scan
scenes Screen Saver
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shockwave
SkinsHP1
Smart Manager
SmartSound Quicktracks Plugin
strip Screen Saver
Studio 9
Studio 9 Content CD/DVD
Studio MediaSuite Recording
TrayApp
Trend Micro Internet Security
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
videon
Viewpoint Media Player
W83L518D
Warhammer Mark of Chaos
WaveLab Lite
WebFldrs XP
WebReg
WinAce Archiver
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Works Upgrade
X10 Hardware(TM)
Yahoo! Toolbar
YASA DVD Ripper v3.7 (build 045)
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

03/03/2009 21:00:32, error: DCOM [10005] - DCOM got error "%109" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
02/03/2009 00:47:46, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 001109DFAE29 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
04/03/2009 20:40:02, error: DCOM [10005] - DCOM got error "%230" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
04/03/2009 23:40:48, error: Dhcp [1002] - The IP address lease 192.168.1.109 for the Network Card with network address 001109DFAE29 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
07/03/2009 21:03:10, error: System Error [1003] - Error code 1000000a, parameter1 a85d1e30, parameter2 00000002, parameter3 00000000, parameter4 80510c85.

==== End Of File ===========================

 

Hi and welcome

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HJT log and start a new topic.

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.



**
You have two antivirus on the machine now.(Symantec/Norton and Trend Micro)

What ever steps we may attempt can be greatly hindered by having two not to mention the waste of resources.
Please make a decision which to keep and which to uninstall.



You'll have to transfer to the infected computer by means of Flash/USB drive.
Or previous method used.


Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.

Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing Yes and press Enter Notes

1. If you use SpywareBlaster and/or IE-SPYAD it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
2. As many of the variants of Smitfraud have begun invading the Hosts file, this tool will reset your Hosts file as a necessary precaution. You will also have to reset any specific modifications you may require such as Hosts MVPS.

Open the SmitfraudFix folder on your desktop and double-click smitfraudfix.cmd

NEXT**
Select option #5 - "Search and Clean DNS Hijack" by typing 5 and pressing "Enter" to delete the rogue settings.

Follow the prompts and reboot if asked to do so.




Please download Malwarebytes' Anti-Malware to your desktop

Additional Link

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location.
* You can also access the log by doing the following:

o Click on the Malwarebytes' Anti-Malware icon to launch the program.
o Click on the Logs tab.
o Click on the log at the bottom of those listed to highlight it.
o Click Open.

Tutorial if needed
http://thespykiller.co.uk/index.php/topic,5946.0.html

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



In your next reply post:
Smitfraud C:rapport.txt
Malwarebytes' Anti-Malware log
New DDS log

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Thanks.

I think I have now fully uninstalled the Norton programmes, so only Trend Micro should be left. I have carried out the instructions from the prvious thread. However, when Malwarebytes' Anti-Malware programme started my desktop would not connect to the internet to allow it to update.

Here are the logs:

SmitFraudFix v2.401

Scan done at 13:13:05.73, 10/03/2009
Run from C:\Documents and Settings\David Haggar\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: RT2500 USB Wireless LAN Card - Trend Micro Common Firewall Miniport
DNS Server Search Order: 85.255.115.28
DNS Server Search Order: 85.255.112.130

Description: RT2500 USB Wireless LAN Card - Trend Micro Common Firewall Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F0A5D041-D040-4F79-A690-EC0B095CDE61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F0A5D041-D040-4F79-A690-EC0B095CDE61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.28,85.255.112.130

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: RT2500 USB Wireless LAN Card - Trend Micro Common Firewall Miniport
DNS Server Search Order: 85.255.115.28
DNS Server Search Order: 85.255.112.130

Description: RT2500 USB Wireless LAN Card - Trend Micro Common Firewall Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F0A5D041-D040-4F79-A690-EC0B095CDE61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2DB20322-3D56-4A0E-8F09-EB5EB4960DB2}: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CS3\Services\Tcpip\..\{F0A5D041-D040-4F79-A690-EC0B095CDE61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.115.28,85.255.112.130
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.115.28,85.255.112.130

 

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

10/03/2009 13:41:22
mbam-log-2009-03-10 (13-41-22).txt

Scan type: Quick Scan
Objects scanned: 114399
Time elapsed: 17 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2db20322-3d56-4a0e-8f09-eb5eb4960db2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{2db20322-3d56-4a0e-8f09-eb5eb4960db2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{2db20322-3d56-4a0e-8f09-eb5eb4960db2}\NameServer (Trojan.DNSChanger) -> Data: 85.255.115.28,85.255.112.130 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-0-4-44-100017549-100001306-100004389-6914.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxqjbiydft.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxklvcvoaw.sys (Trojan.Agent) -> Quarantined and deleted successfully.

 

DDS (Ver_09-02-01.01) - NTFSx86
Run by David Haggar at 13:41:51.07 on 10/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1023.325 [GMT 1:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BTBROA~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Broadband 2091\Help\bin\mpbtn.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\David Haggar\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: BT Yahoo! Sidebar: {51085e3d-a958-42a2-a6be-a6a9b0baf276} - c:\program files\yahoo!\browser\ysidebarIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] c:\progra~1\yahoo!\messen~1\ypager.exe -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Dit] Dit.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe "
mRun: [PCMService] "c:\program files\home cinema\powercinema\PCMService.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Motive SmartBridge] c:\progra~1\btbroa~1\help\smartb~1\BTHelpNotifier.exe
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [RavAV] c:\windows\RavMonE.exe
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [nar] c:\windows\nar.vbs
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe "
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\broadb~1.lnk - c:\program files\bt broadband 2091\help\bin\matcli.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-9-1 188416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-6 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-6 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-4 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-6 677128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-8-3 62976]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1272000]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-10 38496]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-3-4 334352]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]
S3 ldiskl;ldiskl;c:\docume~1\davidh~1\locals~1\temp\ldiskl.sys [2005-9-6 15872]

=============== Created Last 30 ================

2009-03-10 13:22 <DIR> --d----- c:\docume~1\davidh~1\applic~1\Malwarebytes
2009-03-10 13:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-10 13:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 13:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 13:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-07 13:46 7,474 a--shr-- C:\nar.vbs
2009-03-07 13:27 88 a--shr-- C:\Autorun.inf
2009-03-06 23:41 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-06 23:41 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-03-06 23:41 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-06 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-03-06 23:40 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 23:22 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-03-04 23:22 1,195,448 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-04 23:22 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-04 23:22 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-04 23:22 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-04 23:22 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys

==================== Find3M ====================

2009-03-10 13:21 17,408 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-03-07 13:35 40,938 a------- c:\docume~1\davidh~1\applic~1\wklnhst.dat
2009-02-03 17:49 3,584 a------- c:\documents and settings\david haggar\netcache.dat
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\DV5NHJ1J.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\TBJV937D.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\SFXR5VV7.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\KJ1BVPBN.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\ITRH3BZR.DAT
2008-12-21 00:15 826,368 a------- c:\windows\system32\wininet.dll
2006-11-13 23:07 252,008 ac------ c:\docume~1\davidh~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-19 22:55 7,474 a--shr-- c:\windows\Nar.vbs
2006-08-28 17:59 8,192 a--sh--- c:\windows\o2cLicStore.bin
2005-02-09 15:13 8 -c-shr-- c:\windows\system32\14E4D0A500.sys
2005-02-09 15:13 5,224 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:42:17.98 ===============

 

Welcome back

Still have no internet?
Have you rebooted the machine to see if you can connect?

If no connection, Download the tools needed to a flash/USB drive or other removable media, and transfer them to the infected computer.


Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3





--------------------------------------------------------------------
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
(Click on this link to see a list of programs that should be disabled.)
http://www.bleepingcomputer.com/forums/topic114351.html


Double click on Combo-Fix.exe & follow the prompts.

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

No Validation is Required.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.



** Please Note:
At times ComboFix may appear to stall, please be patient.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Please only run the tool once, ty.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

You may need several replies to post the requested logs, otherwise they might get cut off.

 

Hi,

Once Malwarebytes' Anti-Malware programme had fully run and the machine had been rebooted the system is back to normal. It now appears to me that the system is fully fixed and functioning properly.

Should I still carry out the action in the last thread, posted by Juliet two days ago?

If not then many thanks for all your help. I have been extremely impressed by all you have been able to do to help.

Kindest Regards,

David Haggar

 

Hello David,
Glad the machine has improved.

Yes..please continue and we'll call it a good check up.

 

Here is the combofix log, no HijackThis log was created.




ComboFix 09-03-10.03 - David Haggar 2009-03-12 23:26:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.443 [GMT 1:00]
Running from: c:\documents and settings\David Haggar\Desktop\cleanerone.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\docume~1\DAVIDH~1\LOCALS~1\Temp\tmp2.tmp
c:\windows\system32\Bank.dll
c:\windows\system32\gaopdxcounter
D:\Autorun.inf
d:\recycler\S-0-4-44-100017549-100001306-100004389-6914.com
E:\Autorun.inf
e:\recycler\S-0-4-44-100017549-100001306-100004389-6914.com
F:\Autorun.inf
f:\recycler\S-0-4-44-100017549-100001306-100004389-6914.com

.
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.

2009-03-12 21:51 . 2009-03-12 21:51 <DIR> d-------- c:\windows\LastGood.Tmp
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\scripting
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\en
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\bits
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\l2schemas
2009-03-12 21:43 . 2009-03-12 21:48 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-12 21:34 . 2009-03-12 21:34 <DIR> d-------- c:\windows\EHome
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\documents and settings\David Haggar\Application Data\Malwarebytes
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 13:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 13:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-07 13:46 . 2009-03-10 13:43 7,474 -rahs---- C:\nar.vbs
2009-03-06 23:41 . 2009-03-12 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-06 23:41 . 2009-03-04 23:22 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-06 23:41 . 2009-03-04 23:22 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-03-06 23:41 . 2009-03-04 23:22 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-06 23:40 . 2009-03-06 23:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 23:22 . 2008-11-27 02:39 1,195,384 --a------ c:\windows\system32\drivers\vsapint.sys
2009-03-04 23:22 . 2009-03-04 23:22 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-03-04 23:22 . 2009-03-04 23:22 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-03-04 23:22 . 2008-11-27 02:42 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-04 23:22 . 2009-03-04 23:22 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-04 23:22 . 2008-11-27 02:42 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 21:03 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-03-12 20:21 --------- d-----w c:\program files\Yahoo!
2009-03-12 20:18 --------- d-----w c:\program files\Common Files\Scanner
2009-03-12 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-09 00:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-07 12:35 40,938 ----a-w c:\documents and settings\David Haggar\Application Data\wklnhst.dat
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 16:49 3,584 ----a-w c:\documents and settings\David Haggar\netcache.dat
2009-01-30 14:35 --------- d-----w c:\program files\WinAce
2009-01-25 20:59 --------- d-----w c:\program files\Google
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-26 14:24 10,080 ----a-w c:\documents and settings\Jenny\Application Data\wklnhst.dat
2007-04-29 17:25 252,008 ----a-w c:\documents and settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2006-11-13 22:07 252,008 -c--a-w c:\documents and settings\David Haggar\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 16:59 8,192 --sha-w c:\windows\o2cLicStore.bin
2005-02-09 14:13 8 -csh--r c:\windows\system32\14E4D0A500.sys
2005-02-09 14:13 5,224 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 68856]
"OE "= "c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck "= "c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl "= "c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService "= "c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-12 26112]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-04 970808]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-10-08 c:\windows\AGRSMMSG.exe]
"Dit "= "Dit.exe" [2004-07-20 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"OE "= "c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-01-12 22:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
--a------ 2004-07-30 15:10 1123840 c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Status]
--a------ 2005-01-25 12:03 411648 c:\progra~1\Medion Tools\KeyStat\KeyStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AOL 9.0\\AOL.exe "=
"c:\\Program Files\\AOL 9.0\\WAOL.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe "=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 2:50:02 PM 188416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/6/2009 11:41:54 PM 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/6/2009 11:42:10 PM 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/4/2009 11:22:31 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/6/2009 11:42:12 PM 677128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2/9/2005 2:22:39 PM 802048]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [8/3/2004 11:10:34 AM 62976]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/20/2005 3:05:59 PM 1272000]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/4/2009 11:22:31 PM 334352]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2/9/2005 2:50:02 PM 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2/9/2005 2:47:53 PM 17408]
S3 ldiskl;ldiskl;\??\c:\docume~1\DAVIDH~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\DAVIDH~1\LOCALS~1\Temp\ldiskl.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75aee59-bcae-11dd-82e3-001109dfae29}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe nar.vbs
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 23:31:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"cd042efbbd7f7af1647644e76e06692b "=hex:c8,28,51,af,b0,29,a3,98,e8,f8,f0,d4,38,
57,71,89,c8,28,51,af,b0,29,a3,98,26,39,3a,8a,74,8f,bf,de,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"bca643cdc5c2726b20d2ecedcc62c59b "=hex:71,3b,04,66,8b,46,0d,96,57,2a,1a,f2,c7,
a3,6f,b9,71,3b,04,66,8b,46,0d,96,33,fa,38,9c,a4,21,1d,42,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2c81e34222e8052573023a60d06dd016 "=hex:25,da,ec,7e,55,20,c9,26,9a,fd,6a,8c,8d,
49,1d,b3,25,da,ec,7e,55,20,c9,26,33,60,87,a7,9e,3e,b5,d3,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"2582ae41fb52324423be06337561aa48 "=hex:3e,1e,9e,e0,57,5a,93,61,1b,4e,0b,16,f7,
57,af,3b,3e,1e,9e,e0,57,5a,93,61,49,d6,13,60,59,a6,0e,34,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"caaeda5fd7a9ed7697d9686d4b818472 "=hex:cd,44,cd,b9,a6,33,6c,cd,ca,2c,64,59,f3,
51,94,f2,cd,44,cd,b9,a6,33,6c,cd,54,d1,01,7d,e8,4c,b1,ad,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"a4a1bcf2cc2b8bc3716b74b2b4522f5d "=hex:b0,18,ed,a7,3f,8d,37,a4,a6,62,15,e1,42,
60,24,79,b0,18,ed,a7,3f,8d,37,a4,e1,32,f8,d1,45,86,bf,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"4d370831d2c43cd13623e232fed27b7b "=hex:fb,a7,78,e6,12,2f,9a,ea,62,60,8a,d6,07,
c7,d9,45,31,77,e1,ba,b1,f8,68,02,bf,c3,9a,19,1d,94,a5,af,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1d68fe701cdea33e477eb204b76f993d "=hex:aa,52,c6,00,84,3c,26,64,65,89,ff,0c,f8,
58,e8,f1,83,6c,56,8b,a0,85,96,ab,ae,ba,02,84,8f,b1,b3,c6,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"1fac81b91d8e3c5aa4b0a51804d844a3 "=hex:51,fa,6e,91,28,9e,14,cc,e7,93,d2,80,f9,
c8,0e,d0,51,fa,6e,91,28,9e,14,cc,4a,ea,2c,37,69,5b,0e,82,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"f5f62a6129303efb32fbe080bb27835b "=hex:3d,ce,ea,26,2d,45,aa,78,b5,fe,2b,cf,24,
ab,c4,13,b1,cd,45,5a,a8,c4,f8,b9,4e,0c,a8,78,39,f8,f6,6b,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"fd4e2e1a3940b94dceb5a6a021f2e3c6 "=hex:2a,b7,cc,b5,b9,7f,41,e7,66,5a,92,eb,65,
45,85,10,e3,0e,66,d5,eb,bc,2f,6b,d1,b3,c3,5a,de,b0,e1,b0,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel "= "Apartment "
@= "c:\\WINDOWS\\system32\\OLE32.DLL "
"8a8aec57dd6508a385616fbc86791ec2 "=hex:fa,ea,66,7f,d4,3b,6b,70,df,07,b6,49,3d,
1e,46,33,fa,ea,66,7f,d4,3b,6b,70,42,1c,9b,79,6f,01,0a,26,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-12 23:34:03
ComboFix-quarantined-files.txt 2009-03-12 22:33:58

Pre-Run: 52,400,480,256 bytes free
Post-Run: 54,247,702,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
269 --- E O F --- 2009-03-12 20:58:22

 

Welcome back

FW: Norton Internet Worm Protection *disabled* <Are you running two Firewalls?
************

Download Flash_Disinfector.exe by sUBs from >here<
or from
http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe


and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.



Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:
Save this as "CFScript.txt " including quotes and change the "Save as type" to "All Files" and place it on your desktop.

Code:

RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]

File:: 
C:\nar.vbs

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75aee59-bcae-11dd-82e3-001109dfae29}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



NEXT**
Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



NEXT**
Please download ATF Cleaner by Atribune From Here and save it to your Desktop.
Follow the instructions for the browser you use.
Read the instructions about the cookies. Delete what you do not need.

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache
The rest are optional - if you want to remove the lot, check "Select All ".
Finally click Empty Selected. When you get the "Done Cleaning " message, click OK.
If you use the Firefox or Opera browsers, you can use this program
as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.
========================

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.
The below scan can take up to an hour or longer, please be patient.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.


Using Internet Explorer, visit http://www.kaspersky.com/service?chapter=161739400

Other available links
Kaspersky Online Scanner or from here
http://www.kaspersky.com/virusscanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition
  files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run. (At times it may appear to stall)
  * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Once the scan is complete, click on View scan report To obtain the report:

Click on: Save Report As
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:
Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in
your reply.

Animated tutorial
http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif

(Note.. for Internet Explorer 7 users:
If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
Or use Firefox with IE-Tab plugin
https://addons.mozilla.org/en-US/firefox/addon/1419


In your next reply post:
ComboFix.txt
Kaspersky log
New HJT log taken after the above scans have run


You may need several replies to post the requested logs, otherwise they might get cut off.



How's your computer now?

 

ComboFix 09-03-12.01 - David Haggar 2009-03-13 17:19:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.473 [GMT 1:00]
Running from: c:\documents and settings\David Haggar\Desktop\cleanerone.exe
Command switches used :: c:\documents and settings\David Haggar\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*
* Created a new restore point

FILE ::
C:\nar.vbs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\nar.vbs

.
((((((((((((((((((((((((( Files Created from 2009-02-13 to 2009-03-13 )))))))))))))))))))))))))))))))
.

2009-03-13 16:04 . 2009-03-13 16:04 <DIR> d-------- c:\windows\LastGood
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\scripting
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\en
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\system32\bits
2009-03-12 21:47 . 2009-03-12 21:47 <DIR> d-------- c:\windows\l2schemas
2009-03-12 21:43 . 2009-03-12 21:48 <DIR> d-------- c:\windows\ServicePackFiles
2009-03-12 21:34 . 2009-03-12 21:34 <DIR> d-------- c:\windows\EHome
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\documents and settings\David Haggar\Application Data\Malwarebytes
2009-03-10 13:22 . 2009-03-10 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 13:22 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 13:22 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-06 23:41 . 2009-03-12 23:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trend Micro
2009-03-06 23:41 . 2009-03-04 23:22 144,912 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-03-06 23:41 . 2009-03-04 23:22 50,192 --a------ c:\windows\system32\drivers\tmactmon.sys
2009-03-06 23:41 . 2009-03-04 23:22 49,680 --a------ c:\windows\system32\drivers\tmevtmgr.sys
2009-03-06 23:40 . 2009-03-06 23:41 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 23:22 . 2008-11-27 02:39 1,195,384 --a------ c:\windows\system32\drivers\vsapint.sys
2009-03-04 23:22 . 2009-03-04 23:22 661,808 --a------ c:\windows\system32\UfWSC.cpl
2009-03-04 23:22 . 2009-03-04 23:22 334,352 --a------ c:\windows\system32\drivers\TM_CFW.sys
2009-03-04 23:22 . 2008-11-27 02:42 205,328 --a------ c:\windows\system32\drivers\tmxpflt.sys
2009-03-04 23:22 . 2009-03-04 23:22 80,400 --a------ c:\windows\system32\drivers\tmtdi.sys
2009-03-04 23:22 . 2008-11-27 02:42 36,368 --a------ c:\windows\system32\drivers\tmpreflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 21:03 17,408 ----a-w c:\windows\system32\drivers\USBCRFT.SYS
2009-03-12 20:21 --------- d-----w c:\program files\Yahoo!
2009-03-12 20:18 --------- d-----w c:\program files\Common Files\Scanner
2009-03-12 20:15 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2009-03-09 00:44 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-09 00:44 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-07 12:35 40,938 ----a-w c:\documents and settings\David Haggar\Application Data\wklnhst.dat
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-03 16:49 3,584 ----a-w c:\documents and settings\David Haggar\netcache.dat
2009-01-30 14:35 --------- d-----w c:\program files\WinAce
2009-01-25 20:59 --------- d-----w c:\program files\Google
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-01-26 14:24 10,080 ----a-w c:\documents and settings\Jenny\Application Data\wklnhst.dat
2007-04-29 17:25 252,008 ----a-w c:\documents and settings\Jenny\Application Data\GDIPFONTCACHEV1.DAT
2006-11-13 22:07 252,008 -c--a-w c:\documents and settings\David Haggar\Application Data\GDIPFONTCACHEV1.DAT
2006-08-28 16:59 8,192 --sha-w c:\windows\o2cLicStore.bin
2005-02-09 14:13 8 -csh--r c:\windows\system32\14E4D0A500.sys
2005-02-09 14:13 5,224 -csha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-03-12_23.32.44.12 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 68856]
"OE "= "c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"PinnacleDriverCheck "= "c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"HP Component Manager "= "c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"RemoteControl "= "c:\program files\Home Cinema\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"PCMService "= "c:\program files\Home Cinema\PowerCinema\PCMService.exe" [2005-02-04 118926]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RealTray "= "c:\program files\Real\RealPlayer\RealPlay.exe" [2005-04-12 26112]
"UfSeAgnt.exe "= "c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-04 970808]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-10-08 c:\windows\AGRSMMSG.exe]
"Dit "= "Dit.exe" [2004-07-20 c:\windows\Dit.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"OE "= "c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420 "= vdrcodec.dll
"VIDC.MJPG "= Pvmjpg21.dll
"VIDC.PIM1 "= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-01-12 22:05 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-12 13:38 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IW_Drop_Icon]
--a------ 2004-07-30 15:10 1123840 c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Status]
--a------ 2005-01-25 12:03 411648 c:\progra~1\Medion Tools\KeyStat\KeyStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"AntiVirusOverride "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AOL 9.0\\AOL.exe "=
"c:\\Program Files\\AOL 9.0\\WAOL.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe "=
"c:\\Program Files\\Home Cinema\\PowerCinema\\PowerCinema.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"%windir%\\system32\\sessmgr.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP "= 3389:TCPxpsp2res.dll,-22009

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [9/1/2004 2:50:02 PM 188416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/6/2009 11:41:54 PM 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [3/6/2009 11:42:10 PM 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [3/4/2009 11:22:31 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/6/2009 11:42:12 PM 677128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2/9/2005 2:22:39 PM 802048]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [8/3/2004 11:10:34 AM 62976]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [1/20/2005 3:05:59 PM 1272000]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [3/4/2009 11:22:31 PM 334352]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2/9/2005 2:50:02 PM 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2/9/2005 2:47:53 PM 17408]
S3 ldiskl;ldiskl;\??\c:\docume~1\DAVIDH~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\DAVIDH~1\LOCALS~1\Temp\ldiskl.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-13 17:22:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-13 17:25:08
ComboFix-quarantined-files.txt 2009-03-13 16:25:03
ComboFix2.txt 2009-03-12 22:34:05

Pre-Run: 54,327,418,880 bytes free
Post-Run: 54,320,447,488 bytes free

Current=3 Default=3 Failed=2 LastKnownGood=1 Sets=1,2,3,4
183 --- E O F --- 2009-03-12 20:58:22

 

Hi David


That log looks better.

Were you able to run Kaspersky and get a log for me?

 

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, March 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, March 13, 2009 17:30:43
Records in database: 1896856
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\

Scan statistics:
Files scanned: 148406
Threat name: 15
Infected objects: 470
Suspicious objects: 0
Duration of the scan: 01:46:06


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\076047CB.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07C63DD3.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09186022.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E2F3255.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E30580A.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F8403C0.exe Infected: Email-Worm.Win32.Rays 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F8B57B8.exe Infected: IM-Worm.Win32.Sohanad.bm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\102426B9.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\108A1CC0.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12265D74.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135679D2.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17C327DE.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A1C0A99.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A4E00FF.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AB96A88.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AF70844.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B2C280A.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B362600.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B394FFC.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3C79F8.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3F23F5.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B6047D1.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C0A4F16.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C177708.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E7F1CEC.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EE379DA.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21416358.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21897F09.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\218D2906.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27490A08.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27AB14BE.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\320D7A17.tmp Infected: Trojan.Java.ClassLoader.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34711B68.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\357D4EFB.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\366D23D5.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378A68D2.tmp Infected: Trojan.Java.ClassLoader.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378A68D2.zip Infected: Exploit.Java.ByteVerify 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378A68D2.zip Infected: Trojan-Downloader.Java.OpenConnection.aa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378E12CF.zip Infected: Trojan.Java.ClassLoader.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378E12CF.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378E12CF.zip Infected: Trojan.Java.ClassLoader.Dummy.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\378E12CF.zip Infected: Trojan-Downloader.Java.OpenConnection.v 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\379E64BD.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38D14F6B.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398554A5.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39887EA2.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398B289E.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\398E529A.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39927C97.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F03E2F.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A01101D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A255DF5.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A2807F1.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3859DF.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3B03DC.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3F2DD8.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A76779B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A831F8D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A874989.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A94717B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AB83F53.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ABB6950.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC81141.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ACB3B3E.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D96262B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E575357.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E5A7D53.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E647B48.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E672545.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E9F6F08.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EA21904.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3ECE5274.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EF75CA7.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F015A9C.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F1B2A7F.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F217E78.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F527442.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F561E3E.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F59483B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FBE5DCB.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FDF01A8.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FE97F9D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FEF5396.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\404B6B31.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40F81C72.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\413050E8.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41FE5FD4.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\421E5F2F.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42275D24.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42315B19.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42480100.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\424B2AFD.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\424F54F9.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42527EF6.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\425528F2.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\425852EE.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\425C7CEB.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\425F26E7.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\426250E4.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42657AE0.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\426924DC.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\426F78D5.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42764CCE.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\427976CA.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\429D44A3.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42A3189C.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42A74298.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42C1127B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42CB1071.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42CE3A6D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43987DAA.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44A12E6B.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46987042.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\469B1A3E.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\469E443B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46A51833.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46A84230.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46AB6C2C.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46AF1629.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46B24025.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46B56A21.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46D60DFD.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46E335EF.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\46E65FEB.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47524975.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47557371.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\476C1958.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\476F4355.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47736D51.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4776174D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4779414A.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\477C6B46.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47833F3F.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47891338.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478D3D34.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47906731.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4793112D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47A70D17.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47B10B0D.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48201E92.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4823488F.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4826728B.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\48291C88.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C546C3.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C546C3.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C870BF.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49C870BF.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B427BFC.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4CC22FC3.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DF65792.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E4B1BB0.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56527AC0.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\585A1FC0.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58B73EED.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59D25EDF.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E336BE.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\637C31B9.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6FD836EA.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70411587.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73D154BA.tmp Infected: Trojan-Downloader.Java.OpenConnection.ao 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73D154BA.tmp Infected: Trojan.Java.ClassLoader.au 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\743E31D2.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B056576.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B6872E9.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BD15185.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7C3D18B7.exe Infected: Email-Worm.Win32.Rays.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E320A41.EXE Infected: Email-Worm.Win32.Rays.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\100.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\101.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\102.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\103.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\104.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\105.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\106.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\107.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\108.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\109.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\10F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\110.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\111.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\112.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\113.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\114.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\115.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\116.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\117.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\118.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\119.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\11F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\120.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\121.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\122.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\123.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\124.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\125.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\126.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\127.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\128.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\129.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\12F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\130.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\131.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\132.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\133.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\134.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\135.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\136.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\137.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\138.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\16.tmp Infected: Trojan.VBS.Starter.a 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\17.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\18.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\19.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1E8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\1F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\20.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\21.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\22.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\23.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\24.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\25.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\26.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\27.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\28.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\29.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\2F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\30.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\31.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\32.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\33.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\34.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\35.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\36.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\37.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\38.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\39.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\3F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\40.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\41.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\42.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\43.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\44.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\45.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\46.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\47.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\48.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\49.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\4F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\50.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\51.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\52.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\53.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\54.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\55.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\56.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\57.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\58.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\59.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\5F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\60.tmp Infected: Trojan-Downloader.Java.OpenStream.c 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\61.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\62.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\63.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\64.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\65.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\66.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\67.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\68.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\69.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\6F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\70.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\71.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\72.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\73.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\74.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\75.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\76.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\77.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\78.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\79.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\7F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\80.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\81.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\82.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\83.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\84.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\85.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\86.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\87.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\88.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\89.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\8F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\90.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\91.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\92.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\93.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\94.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\95.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\96.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\97.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\98.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\99.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9A.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9B.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9C.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9D.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9E.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\9F.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0120011.vbs Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0120012.vbs Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A0120014.vbs Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\A9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AD.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\AF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\B9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BD.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\BF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\C9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CD.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\CF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\D9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DD.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\DF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\E9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\EA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\EB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\EC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\ED.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\EE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\EF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F0.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F1.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F2.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F3.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F4.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F5.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F6.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F7.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F8.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\F9.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FA.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FB.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FC.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FD.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FE.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\FF.tmp Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\nar.vbs Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\NAR_9cc.VIR Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\NAR_d04.VIR Infected: Worm.Win32.AutoRun.nsf 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\NAR_d14.VIR Infected: Worm.Win32.AutoRun.nsf 1
C:\Qoobox\Quarantine\C\nar.vbs.vir Infected: Worm.Win32.AutoRun.nsf 1
E:\System Volume Information\_restore{B5CD121F-D197-4943-91FB-48C14AB76C9A}\RP508\A0120013.VBS Infected: Worm.Win32.AutoRun.nsf 1

The selected area was scanned.

 

Hi David, I think we posted at the same time.

Don't let the Kaspersky scan scare you it's actually not in that bad of shape.


C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine<--Delete the contents Inside this folder

C:\Program Files\Trend Micro\Internet Security\Quarantine<--Delete the contents...inside this folder also



Before we go to final clean up how's your computer now?

 

Kaspersky ran and identified some threats. Hera is also the new DDS/HJT log,

thanks so far,

David

DDS (Ver_09-02-01.01) - NTFSx86
Run by David Haggar at 19:55:37.78 on 13/03/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.527 [GMT 1:00]

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: Trend Micro Personal Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\Dit.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe
C:\Program Files\Home Cinema\PowerCinema\PCMService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\David Haggar\Local Settings\Temp\jkos-David Haggar\binaries\ScanningProcess.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\David Haggar\Desktop\Desktop Recovery Mar 09\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {51085E3D-A958-42A2-A6BE-A6A9B0BAF276} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Dit] Dit.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe "
mRun: [RemoteControl] "c:\program files\home cinema\powerdvd\PDVDServ.exe "
mRun: [PCMService] "c:\program files\home cinema\powercinema\PCMService.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2004-9-1 188416]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-6 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-6 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-4 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-6 677128]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2005-2-9 802048]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2004-8-3 62976]
R3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [2005-1-20 1272000]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-3-4 334352]
R3 wbscr;Winbond Smartcard Reader for I/O;c:\windows\system32\drivers\wbscr.sys [2005-2-9 19928]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2005-2-9 17408]
S3 ldiskl;ldiskl;\??\c:\docume~1\davidh~1\locals~1\temp\ldiskl.sys --> c:\docume~1\davidh~1\locals~1\temp\ldiskl.sys [?]

=============== Created Last 30 ================

2009-03-13 17:46 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-13 17:46 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-13 17:35 <DIR> --d----- c:\documents and settings\david haggar\.SunDownloadManager
2009-03-13 17:06 <DIR> a-dshr-- C:\autorun.inf
2009-03-12 23:24 <DIR> a-dshr-- C:\cmdcons
2009-03-12 23:21 161,792 a------- c:\windows\SWREG.exe
2009-03-12 23:21 98,816 a------- c:\windows\sed.exe
2009-03-12 21:47 <DIR> --d----- c:\windows\system32\scripting
2009-03-12 21:47 <DIR> --d----- c:\windows\l2schemas
2009-03-12 21:47 <DIR> --d----- c:\windows\system32\en
2009-03-12 21:47 <DIR> --d----- c:\windows\system32\bits
2009-03-12 21:43 <DIR> --d----- c:\windows\ServicePackFiles
2009-03-12 21:34 <DIR> --d----- c:\windows\EHome
2009-03-10 13:22 <DIR> --d----- c:\docume~1\davidh~1\applic~1\Malwarebytes
2009-03-10 13:22 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-10 13:22 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 13:22 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 13:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-06 23:41 144,912 a------- c:\windows\system32\drivers\tmcomm.sys
2009-03-06 23:41 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-03-06 23:41 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-03-06 23:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-03-06 23:40 <DIR> --d----- c:\program files\Trend Micro
2009-03-04 23:22 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-03-04 23:22 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2009-03-04 23:22 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-03-04 23:22 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-03-04 23:22 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-03-04 23:22 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys

==================== Find3M ====================

2009-03-12 22:03 17,408 a------- c:\windows\system32\drivers\USBCRFT.SYS
2009-03-12 21:50 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-07 13:35 40,938 a------- c:\docume~1\davidh~1\applic~1\wklnhst.dat
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-03 17:49 3,584 a------- c:\documents and settings\david haggar\netcache.dat
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\DV5NHJ1J.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\TBJV937D.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\SFXR5VV7.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\KJ1BVPBN.DAT
2009-02-02 04:12 2,678 a------- c:\windows\java\packages\data\ITRH3BZR.DAT
2008-12-21 00:15 826,368 a------- c:\windows\system32\wininet.dll
2006-11-13 23:07 252,008 ac------ c:\docume~1\davidh~1\applic~1\GDIPFONTCACHEV1.DAT
2006-08-28 17:59 8,192 a--sh--- c:\windows\o2cLicStore.bin
2005-02-09 15:13 8 -c-shr-- c:\windows\system32\14E4D0A500.sys
2005-02-09 15:13 5,224 ac-sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:56:34.37 ===============

 

Sorry, did you see this?

 

They have been deleted. The PC seemed quite a bit faster (not sure if it is meant too) before Kaspersky ran. But now it seems a bit slow and slugish.