tbones454

Members
  • Content Count

    5
  • Joined

  • Last visited

Posts posted by tbones454


  1. Log of scan:

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Sunday, December 02, 2007 12:01:17 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 2/12/2007

    Kaspersky Anti-Virus database records: 470147

    -------------------------------------------------------------------------------

     

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

     

    Scan Target - My Computer:

    C:\

    D:\

     

    Scan Statistics:

    Total number of scanned objects: 45776

    Number of viruses found: 11

    Number of infected objects: 56

    Number of suspicious objects: 0

    Duration of the scan process: 13:24:53

     

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\pcc_S-1-5-21-1303002512-519456083-2392934083-500.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Trend Micro\PC-cillin\log\TmPfw_S-1-5-21-1303002512-519456083-2392934083-500.log Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\TEA\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071118-230635-874.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-221150-593.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-221150-779.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222314-429.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222315-561.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222354-277.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071119-222355-922.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-211923-293.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-211923-845.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-213340-876.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071123-213340-989.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071126-185528-325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071126-185528-470.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-213950-675.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-213950-999.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-215746-228.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-215746-495.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-581.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-624.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221217-802.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221921-862.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-221921-883.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-222300-131.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\Documents and Settings\TEA\Desktop\backups\backup-20071129-222300-400.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Documents and Settings\TEA\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\Documents and Settings\TEA\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped

    C:\Documents and Settings\TEA\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\History\History.IE5\MSHist012007120120071202\index.dat Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Temp\hpodvd09.log Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Temp\Perflib_Perfdata_2dc.dat Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Temp\Perflib_Perfdata_cfc.dat Object is locked skipped

    C:\Documents and Settings\TEA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx/[From Mark DiRezze <[email protected]>][Date Tue, 14 Aug 2001 09:36:33 -0700 (PDT)]/UNNAMED/CFGWIZ32.EXE Infected: Email-Worm.Win32.Magistr.a skipped

    C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx/[From Mark DiRezze <[email protected]>][Date Tue, 14 Aug 2001 09:36:33 -0700 (PDT)]/UNNAMED Infected: Email-Worm.Win32.Magistr.a skipped

    C:\Documents and Settings\TEA\My Documents\Old HP\Todd\Email\AMANA.dbx Mail MS Outlook 5: infected - 2 skipped

    C:\Documents and Settings\TEA\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\TEA\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

    C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp NSIS: infected - 1 skipped

    C:\Program Files\Trend Micro\Internet Security 14\Quarantine\61F.tmp CryptFF.b: infected - 1 skipped

    C:\qoobox\Quarantine\C\Program Files\QdrPack\QdrPack9.exe.vir Infected: not-a-virus:AdWare.Win32.Agent.vu skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\ivdpkbub.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\oktjcbwc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\vjjgvwln.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\vlvmdkeg.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip/cbxyxww.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip/vjjgvwln.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\qoobox\Quarantine\catchme2007-12-01_194819.34.zip ZIP: infected - 2 skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006365.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aza skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006457.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006499.exe RarSFX: infected - 2 skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP24\A0006520.dll Infected: not-a-virus:AdWare.Win32.AdBand.e skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP25\A0006602.exe Infected: not-a-virus:AdWare.Win32.Agent.vu skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006696.exe Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006697.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006699.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006703.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.apn skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006705.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\A0006709.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP28\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt Object is locked skipped

    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{6DE51A34-DA31-468C-9F51-0E2BEC5E774B}.crmlog Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    C:\_OTMoveIt\MovedFiles\Program Files\QdrModule\QdrModule9.exe Infected: not-a-virus:AdWare.Win32.Agent.vv skipped

     

    Scan process completed.

    Log of HJT

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 12:02:12 PM, on 12/2/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    C:\WINDOWS\system32\svchost.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    C:\Program Files\Microsoft Office\Office\OSA.EXE

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\TEA\Desktop\HijackThis.exe

     

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

     

    --

    End of file - 4558 bytes


  2. Dear Noahdfear here are the logs. How did you know C:\Windows\System32\ivvdkbub.exe file was infected?

     

    Thanks a million.

     

     

    Combo Fix Log:

    ComboFix 07-11-19.4C - TEA 2007-12-01 19:41:56.2 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.322 [GMT -6:00]

    Running from: C:\Documents and Settings\TEA\Desktop\ComboFix.exe

    Command switches used :: C:\Documents and Settings\TEA\Desktop\CFScript.txt

    * Created a new restore point

     

    FILE

    C:\WINDOWS\system32\aqqgqxvp.dll

    C:\WINDOWS\system32\cbxyxww.dll

    C:\WINDOWS\system32\cwbcjtko.ini

    C:\WINDOWS\system32\efhkj.ini2

    C:\WINDOWS\system32\ivdpkbub.exe

    C:\WINDOWS\system32\oktjcbwc.dll

    C:\WINDOWS\system32\ppqss.ini

    C:\WINDOWS\system32\ppqss.ini2

    C:\WINDOWS\system32\qttss.ini2

    C:\WINDOWS\system32\rrqss.ini2

    C:\WINDOWS\system32\ssqpp.dll

    C:\WINDOWS\system32\tmp.reg

    C:\WINDOWS\system32\vjjgvwln.dll

    C:\WINDOWS\system32\vlvmdkeg.dll

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk

    C:\Documents and Settings\TEA\Desktop\Live Safety Center.lnk

    C:\Documents and Settings\TEA\Desktop\Online Security Guide.lnk

    C:\Documents and Settings\TEA\Favorites\Online Security Guide.lnk

    C:\Program Files\QdrDrive

    C:\Program Files\QdrDrive\qdrloader.exe

    C:\WINDOWS\system32\aqqgqxvp.dll

    C:\WINDOWS\system32\cbxyxww.dll

    C:\WINDOWS\system32\cwbcjtko.ini

    C:\WINDOWS\system32\efhkj.ini2

    C:\WINDOWS\system32\ivdpkbub.exe

    C:\WINDOWS\system32\oktjcbwc.dll

    C:\WINDOWS\system32\ppqss.ini

    C:\WINDOWS\system32\ppqss.ini2

    C:\WINDOWS\system32\qttss.ini2

    C:\WINDOWS\system32\rrqss.ini2

    C:\WINDOWS\system32\ssqpp.dll

    C:\WINDOWS\system32\tmp.reg

    C:\WINDOWS\system32\vjjgvwln.dll

    C:\WINDOWS\system32\vjjgvwln.dllbox

    C:\WINDOWS\system32\vlvmdkeg.dll

     

    .

    ((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))

    .

     

    2007-11-19 21:10 <DIR> d-------- C:\Program Files\Adware Away

    2007-11-18 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-11-18 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor

    2007-11-18 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\PC Tools

    2007-11-18 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

    2007-11-18 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2007-11-18 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2007-11-18 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2007-11-18 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2007-11-18 16:14 <DIR> d-------- C:\WINDOWS\SendTo

    2007-11-18 16:14 69,632 --a------ C:\WINDOWS\system32\system.mdw

    2007-11-18 16:12 <DIR> d-------- C:\WINDOWS\forms

    2007-11-18 16:12 <DIR> d-------- C:\Program Files\Windows Messaging

    2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\HP

    2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

    2007-11-17 17:59 <DIR> d-------- C:\Program Files\Common Files\HP

    2007-11-17 17:57 <DIR> d-------- C:\Program Files\Hewlett-Packard

    2007-11-17 17:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

    2007-11-17 17:52 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

    2007-11-17 17:52 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

    2007-11-17 17:51 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll

    2007-11-17 17:51 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll

    2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

    2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

    2007-11-17 17:47 <DIR> d-------- C:\Program Files\HP

    2007-11-17 17:47 306,688 --a------ C:\WINDOWS\IsUninst.exe

    2007-11-17 17:47 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

    2007-11-17 17:47 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

    2007-11-17 17:47 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

    2007-11-17 17:47 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

    2007-11-17 17:47 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

    2007-11-17 17:47 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

    2007-11-17 17:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

    2007-11-17 17:46 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

    2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

    2007-11-17 17:45 118,642 --a------ C:\WINDOWS\hpoins09.dat

    2007-11-17 17:40 <DIR> d--hs---- C:\WINDOWS\ftpcache

    2007-11-17 00:29 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys

    2007-11-17 00:29 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe

    2007-11-17 00:29 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll

    2007-11-17 00:27 <DIR> d-------- C:\Program Files\MSXML 4.0

    2007-11-17 00:19 23,040 --------- C:\WINDOWS\kb913800.exe

    2007-11-17 00:18 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll

    2007-11-17 00:16 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll

    2007-11-17 00:01 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

    2007-11-17 00:01 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

    2007-11-17 00:01 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

    2007-11-17 00:01 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

    2007-11-17 00:01 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

    2007-11-17 00:01 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

    2007-11-17 00:01 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

    2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield

    2007-11-16 23:44 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek

    2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI

    2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\InstallShield

    2007-11-16 23:44 <DIR> d--h----- C:\Documents and Settings\TEA\Application Data\Gtek

    2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\ATI

    2007-11-16 23:22 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Template

    2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Sonic

    2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Leadertech

    2007-11-16 23:03 140 --a------ C:\Documents and Settings\TEA\Application Data\wklnhst.dat

    2007-11-02 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI

    2007-11-02 09:12 <DIR> d-------- C:\Program Files\CyberLink

    2007-11-02 09:12 <DIR> d-------- C:\MDT

    2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

    2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

    2007-11-02 09:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

    2007-11-02 09:12 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

    2007-11-02 09:11 <DIR> d-------- C:\Program Files\Dell Support

    2007-11-02 09:11 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2007-11-02 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek

    2007-11-02 09:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek

    2007-11-02 09:11 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx

    2007-11-02 09:11 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF

    2007-11-02 09:09 <DIR> d-------- C:\Program Files\Microsoft Works

    2007-11-02 09:09 <DIR> d-------- C:\Program Files\illiminable

    2007-11-02 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO

    2007-11-02 09:08 <DIR> d-------- C:\Program Files\Google

    2007-11-02 09:08 <DIR> d-------- C:\Program Files\BAE

    2007-11-02 09:08 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat

    2007-11-02 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield

    2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\QuickTime

    2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\dla

    2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\occache

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\Viewpoint

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\Real

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\QuickTime

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\Learn2.com

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\Common Files\Real

    2007-11-02 09:06 <DIR> d-------- C:\Program Files\Common Files\Nullsoft

    2007-11-02 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint

    2007-11-02 09:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime

    2007-11-02 09:06 1,496,576 --a------ C:\WINDOWS\system32\shdocvw.bak

    2007-11-02 09:06 98,358 --a------ C:\WINDOWS\dla.exe

    2007-11-02 09:06 87,488 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys

    2007-11-02 09:06 86,016 --a------ C:\WINDOWS\unvise32qt.exe

    2007-11-02 09:06 61,498 --a------ C:\WINDOWS\system32\tfswapi.dll

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]

    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 17:35]

    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]

    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]

    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02]

    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-02 09:06]

     

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-02 08:59:42]

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11]

    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

     

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 07:21 155648]

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    @=""

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    @=""

     

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

    \Shell\AutoRun\command - E:\setup.exe

     

    .

    **************************************************************************

     

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-01 19:48:27

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    Completion time: 2007-12-01 19:49:24 - machine was rebooted

    C:\ComboFix2.txt ... 2007-12-01 10:12

    C:\ComboFix3.txt ... 2007-11-28 21:27

    .

    --- E O F ---

     

     

    Log of HJT

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 7:51:44 PM, on 12/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    C:\WINDOWS\system32\svchost.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\WINDOWS\Explorer.EXE

    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    C:\Program Files\Microsoft Office\Office\OSA.EXE

    C:\WINDOWS\system32\wuauclt.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Documents and Settings\TEA\Desktop\HijackThis.exe

     

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

     

    --

    End of file - 4683 bytes


  3. Noahdfear,

     

    Thanks for helping, I downloaded HJT & ComboFix. Here is the log from Combo Fix

     

    ComboFix 07-11-19.4C - TEA 2007-12-01 10:03:39.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.286 [GMT -6:00]

    Running from: C:\Documents and Settings\TEA\Desktop\ComboFix.exe

    * Created a new restore point

    .

     

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

     

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk

    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk

    C:\Documents and Settings\TEA\Favorites\Online Security Guide.lnk

    C:\Program Files\QdrPack

    C:\Program Files\QdrPack\dicts.gz

    C:\Program Files\QdrPack\QdrPack9.exe

    C:\Program Files\QdrPack\trgts.gz

    C:\WINDOWS\cookies.ini

    C:\WINDOWS\system32\vjjgvwln.dllbox

     

    .

    ((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))

    .

     

    2007-12-01 09:59 6,701 --ahs---- C:\WINDOWS\system32\ppqss.ini

    2007-12-01 09:59 6,599 --ahs---- C:\WINDOWS\system32\ppqss.ini2

    2007-11-29 22:02 1,822 --a------ C:\WINDOWS\system32\tmp.reg

    2007-11-26 19:12 6,766 --ahs---- C:\WINDOWS\system32\efhkj.ini2

    2007-11-19 21:10 <DIR> d-------- C:\Program Files\Adware Away

    2007-11-19 20:34 686,792 ---hs---- C:\WINDOWS\system32\cwbcjtko.ini

    2007-11-19 20:34 85,056 --a------ C:\WINDOWS\system32\oktjcbwc.dll

    2007-11-19 20:34 83,008 --a------ C:\WINDOWS\system32\aqqgqxvp.dll

    2007-11-19 20:29 145,984 --a------ C:\WINDOWS\system32\vlvmdkeg.dll

    2007-11-19 20:29 145,984 --a------ C:\WINDOWS\system32\vjjgvwln.dll

    2007-11-19 20:29 71,232 --a------ C:\WINDOWS\system32\ivdpkbub.exe

    2007-11-18 22:38 435,978 --ahs---- C:\WINDOWS\system32\qttss.ini2

    2007-11-18 22:26 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

    2007-11-18 18:00 <DIR> d-------- C:\Program Files\Spyware Doctor

    2007-11-18 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\PC Tools

    2007-11-18 18:00 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll

    2007-11-18 18:00 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys

    2007-11-18 18:00 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys

    2007-11-18 18:00 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys

    2007-11-18 18:00 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys

    2007-11-18 16:32 <DIR> d-------- C:\Program Files\QdrDrive

    2007-11-18 16:31 36,352 --a------ C:\WINDOWS\system32\cbxyxww.dll

    2007-11-18 16:14 <DIR> d-------- C:\WINDOWS\SendTo

    2007-11-18 16:14 69,632 --a------ C:\WINDOWS\system32\system.mdw

    2007-11-18 16:12 <DIR> d-------- C:\WINDOWS\forms

    2007-11-18 16:12 <DIR> d-------- C:\Program Files\Windows Messaging

    2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\HP

    2007-11-17 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP

    2007-11-17 17:59 <DIR> d-------- C:\Program Files\Common Files\HP

    2007-11-17 17:57 <DIR> d-------- C:\Program Files\Hewlett-Packard

    2007-11-17 17:57 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard

    2007-11-17 17:52 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys

    2007-11-17 17:52 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys

    2007-11-17 17:51 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll

    2007-11-17 17:51 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll

    2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys

    2007-11-17 17:51 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys

    2007-11-17 17:47 <DIR> d-------- C:\Program Files\HP

    2007-11-17 17:47 306,688 --a------ C:\WINDOWS\IsUninst.exe

    2007-11-17 17:47 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll

    2007-11-17 17:47 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll

    2007-11-17 17:47 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll

    2007-11-17 17:47 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe

    2007-11-17 17:47 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe

    2007-11-17 17:47 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll

    2007-11-17 17:46 <DIR> d-------- C:\WINDOWS\system32\LogFiles

    2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    2007-11-17 17:46 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys

    2007-11-17 17:46 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys

    2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys

    2007-11-17 17:46 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys

    2007-11-17 17:45 118,642 --a------ C:\WINDOWS\hpoins09.dat

    2007-11-17 17:40 <DIR> d--hs---- C:\WINDOWS\ftpcache

    2007-11-17 00:29 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys

    2007-11-17 00:29 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe

    2007-11-17 00:29 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll

    2007-11-17 00:27 <DIR> d-------- C:\Program Files\MSXML 4.0

    2007-11-17 00:19 23,040 --------- C:\WINDOWS\kb913800.exe

    2007-11-17 00:18 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll

    2007-11-17 00:16 72,704 --------- C:\WINDOWS\system32\dllcache\hlink.dll

    2007-11-17 00:01 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

    2007-11-17 00:01 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

    2007-11-17 00:01 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

    2007-11-17 00:01 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

    2007-11-17 00:01 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

    2007-11-17 00:01 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

    2007-11-17 00:01 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

    2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\InstallShield

    2007-11-16 23:44 <DIR> d--h----- C:\WINDOWS\system32\config\systemprofile\Application Data\Gtek

    2007-11-16 23:44 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\ATI

    2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\InstallShield

    2007-11-16 23:44 <DIR> d--h----- C:\Documents and Settings\TEA\Application Data\Gtek

    2007-11-16 23:44 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\ATI

    2007-11-16 23:22 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Template

    2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Sonic

    2007-11-16 23:07 <DIR> d-------- C:\Documents and Settings\TEA\Application Data\Leadertech

    2007-11-16 23:03 140 --a------ C:\Documents and Settings\TEA\Application Data\wklnhst.dat

    2007-11-02 09:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI

    2007-11-02 09:12 <DIR> d-------- C:\Program Files\CyberLink

    2007-11-02 09:12 <DIR> d-------- C:\MDT

    2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

    2007-11-02 09:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink

    2007-11-02 09:12 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll

    2007-11-02 09:12 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll

    2007-11-02 09:11 <DIR> d-------- C:\Program Files\Dell Support

    2007-11-02 09:11 <DIR> d-------- C:\Program Files\Common Files\Adobe

    2007-11-02 09:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GTek

    2007-11-02 09:11 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek

    2007-11-02 09:11 217,185 --a------ C:\WINDOWS\system32\GTDownDE_130.ocx

    2007-11-02 09:11 3,380 --a------ C:\WINDOWS\system32\OEMINFO.PNF

    2007-11-02 09:09 <DIR> d-------- C:\Program Files\Microsoft Works

    2007-11-02 09:09 <DIR> d-------- C:\Program Files\illiminable

    2007-11-02 09:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\YAHOO

    2007-11-02 09:09 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe

    2007-11-02 09:09 114,856 --------- C:\WINDOWS\system32\pxcpyi64.exe

    2007-11-02 09:08 <DIR> d-------- C:\Program Files\Google

    2007-11-02 09:08 <DIR> d-------- C:\Program Files\BAE

    2007-11-02 09:08 0 --ah----- C:\Documents and Settings\All Users\Application Data\gwseh.dat

    2007-11-02 09:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield

    2007-11-02 09:06 <DIR> d-------- C:\WINDOWS\system32\QuickTime

     

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-12-01 15:59 324,192 ----a-w C:\WINDOWS\system32\ssqpp.dll

    2007-11-24 03:23 6,879 --sha-w C:\WINDOWS\system32\rrqss.ini2

    2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll

    .

     

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F50443C-4B05-49AB-B911-C7E52542D94B}]

    2007-12-01 09:59 324192 --a------ C:\WINDOWS\system32\ssqpp.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

    2007-11-19 20:29 145984 --a------ C:\WINDOWS\system32\vjjgvwln.dll

     

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}]

    2007-11-18 16:31 36352 --a------ C:\WINDOWS\system32\cbxyxww.dll

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\vjjgvwln.dll [2007-11-19 20:29 145984]

     

    [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

     

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "OE_OEM"="C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe" [2006-08-04 16:15]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00]

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]

    "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2006-11-22 17:35]

    "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 16:30 C:\WINDOWS\stsystra.exe]

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 11:48]

    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]

    "pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 14:02]

    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]

    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]

    "PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2006-08-22 15:32]

    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]

    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-02 09:06]

     

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

    Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-11-02 08:59:42]

    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]

    Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-07-11]

    Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-07-11]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

     

    [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

    "{827D3881-317C-442A-B4ED-F576CBA700BB}"= C:\WINDOWS\SYSTEM32\GWSEH.dll [2004-09-23 07:21 155648]

    "{BBB05D9E-0297-404D-A6BF-D8F2876B84A6}"= C:\WINDOWS\system32\cbxyxww.dll [2007-11-18 16:31 36352]

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxyxww]

    cbxyxww.dll 2007-11-18 16:31 36352 C:\WINDOWS\system32\cbxyxww.dll

     

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vjjgvwln]

    vjjgvwln.dll 2007-11-19 20:29 145984 C:\WINDOWS\system32\vjjgvwln.dll

     

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpp.dll

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

    @=""

     

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

    @=""

     

     

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]

    \Shell\AutoRun\command - E:\setup.exe

     

    .

    **************************************************************************

     

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-12-01 10:10:29

    Windows 5.1.2600 Service Pack 2 NTFS

     

    scanning hidden processes ...

     

    scanning hidden autostart entries ...

     

    scanning hidden files ...

     

    scan completed successfully

    hidden files: 0

     

    **************************************************************************

    .

    Completion time: 2007-12-01 10:12:33 - machine was rebooted

    C:\ComboFix2.txt ... 2007-11-28 21:27

    .

    --- E O F ---

     

     

     

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 10:18:17 AM, on 12/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

     

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\System32\WLTRYSVC.EXE

    C:\WINDOWS\System32\bcmwltry.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\eHome\ehRecvr.exe

    C:\WINDOWS\eHome\ehSched.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    C:\WINDOWS\system32\svchost.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    C:\WINDOWS\system32\Ati2evxx.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\dllhost.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

    C:\WINDOWS\ehome\ehtray.exe

    C:\WINDOWS\system32\WLTRAY.exe

    C:\WINDOWS\stsystra.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\WINDOWS\eHome\ehmsas.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

    C:\Program Files\Dell\MediaDirect\PCMService.exe

    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Digital Line Detect\DLG.exe

    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    C:\Program Files\Microsoft Office\Office\OSA.EXE

    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\wuauclt.exe

    C:\Documents and Settings\TEA\Desktop\HijackThis.exe

     

    O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\vjjgvwln.dll

    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

    O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

    O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"

    O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    O4 - Global Startup: Digital Line Detect.lnk = ?

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

     

    --

    End of file - 4735 bytes