# Going Crazy! Google Redirect cliccker.cn



## jmy889 (Aug 14, 2009)

I've been working around the redirecting by cutting and pasting for several weeks. I'm now seeing cliccker.cn - I was seeing overclick.cn before. I'm running Trend Micro Internet Security. I've tried Malwarebytes' Anti-Malware, Spybot, Super Anti-Spyware. Read lots of threads, but afraid to do anything more without tech advice. Don't know if it's related, but I can't run chkdsk or defrag and sometime get "the system has recovered from a serious error' message. Thanks in advance for your help. Here's my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:45 PM, on 8/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 9216 bytes


----------



## jmw3 (Jul 23, 2007)

Hello & Welcome to TechSupportGuy

Please *Subscribe to this Thread* to get immediate notification of replies as soon as they are posted. To do this click *Thread Tools*, then click *Subscribe to this Thread*. Make sure it is set to *Instant notification by email*, then click *Add Subscription*.

*In the meantime please note the following:*

Any recommendations made are for your computer problems only and should *NOT* be used on any other computer.
Please *DO NOT* run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them: 
1. The tools that we use are very powerful and can cause *>>irreparable damage<<* to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
*Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.*
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

*Because of this, I advise you to backup any personal files and folders before you start.*

Thanks

*Disable Spybot's TeaTimer 1.5 & 1.6* 

If you have version 1.5, right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol)
Click once on *Resident Protection*, then right click the Spybot icon again and make sure *Resident Protection* is now *Unchecked*. The Spybot icon in the System tray should now be now colorless
Go to *Start* > *All Programs* > *Spybot - Search & Destroy* > *Spybot Search & Destroy*
Click on *Mode* > *Advanced Mode*. When it prompts you, click *Yes*
On the left hand side, click on *Tools*
Check this box if it is not yet ticked: *Resident*
You will notice that *Resident* is now added under *Tools*. Click on *Resident*
Uncheck this box: *Resident "TeaTimer" (Protection of over-all system settings) active*
Exit Spybot Search & Destroy
Restart your computer for the changes to take effect
Leave TeaTimer disabled until we're done here.

*DDS*
Download *DDS.scr* by sUBs from one of the following links & save it to your desktop.
*Link 1*
*Link 2*

Double-Click on *dds.scr* and a command window will appear. This is normal
Shortly after two logs will appear, *DDS.txt* & *Attach.txt*
A window will open instructing you save & post the logs 
Save the logs to a convenient place such as your desktop
Copy the contents of *both* logs & post in your next reply
*Gmer*
Download *GMER Rootkit Scanner* from *here*.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*

 
_Click the image to enlarge it_

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\) 
Show All (don't miss this one)

Then click the Scan button & wait for it to finish
Once done click on the *[Save..]* button, and in the File name area, type in *"Gmer.txt"* or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply
_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_
*Note:* Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log


----------



## jmy889 (Aug 14, 2009)

Here are the DDS logs. Will follow with the GMER log.

DDS (Ver_09-07-30.01) - NTFSx86 
Run by skoch at 22:57:29.64 on Fri 08/14/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.103 [GMT -5:00]
AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\skoch\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe 
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\skoch\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
IE: &AIM Search
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://moneycentral.msn.com/cabs/pmupd806.exe
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://www.taxsimple.com/tsweb/msrdp.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4051/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
============= SERVICES / DRIVERS ===============
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2004-7-6 17792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 74480]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2004-7-8 23200]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-14 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-7-14 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-14 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-7-14 677128]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-14 335376]
S2 MtxVideo;Matrox WDM capture/crossbar driver;c:\windows\system32\drivers\mtxvideo.sys [2004-7-5 103296]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys [2006-6-24 7552]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
=============== Created Last 30 ================
2009-08-12 06:53 359 a---h--- C:\IPH.PH
2009-08-11 22:18 --d----- c:\program files\Wise Registry Cleaner
2009-08-11 21:11 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-11 21:11 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll
2009-08-11 19:44 --d----- c:\program files\Secunia
2009-08-05 04:11 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 13:55 58,880 -c------ c:\windows\system32\dllcache\atl.dll
==================== Find3M ====================
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 21:29 335,376 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-07-14 21:29 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-06-29 11:12 827,392 a------- c:\windows\system32\wininet.dll
2009-06-29 11:12 78,336 a------- c:\windows\system32\ieencode.dll
2009-06-29 11:12 17,408 a------- c:\windows\system32\corpol.dll
2009-06-25 13:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 13:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 13:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 13:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 13:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 13:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 13:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 13:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 13:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 13:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 13:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 13:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-22 06:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 06:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 06:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 06:48 91,776 a------- c:\windows\system32\drivers\mqac.sys
2009-06-17 07:20 12,648 a------- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-12 06:50 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2001-09-10 09:00 139,264 a------- c:\windows\inf\i386\Rtscan.dll
2001-09-10 08:10 61,440 a------- c:\windows\inf\i386\onetUSD.dll
2001-08-17 18:43 32,768 a------- c:\windows\inf\i386\Wiamicro.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\usbscan.sys
2001-06-29 08:10 163,840 a------- c:\windows\inf\i386\viceo.dll
============= FINISH: 23:00:59.29 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/20/2004 9:32:50 PM
System Uptime: 8/14/2009 10:50:19 PM (1 hours ago)
Motherboard: Intel Corporation | | D845PT 
Processor: Intel(R) Pentium(R) 4 CPU 2.26GHz | J1D1 | 1694/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 10.615 GiB free.
D: is CDROM ()
E: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&1351887D&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_2449&SUBSYS_30138086&REV_03\4&1351887D&0&40F0
Service: E100B
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Logitech-compatible Mouse PS/2
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Logitech
Name: Logitech-compatible Mouse PS/2
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt
==== System Restore Points ===================
RP1: 7/4/2009 8:30:47 AM - System Checkpoint
RP2: 7/5/2009 9:19:06 AM - System Checkpoint
RP3: 7/6/2009 10:19:12 AM - System Checkpoint
RP4: 7/14/2009 9:39:30 PM - Installed Trend Micro Internet Security
RP5: 7/14/2009 10:23:57 PM - Software Distribution Service 3.0
RP6: 7/29/2009 1:42:31 AM - System Checkpoint
RP7: 8/12/2009 7:02:59 AM - Software Distribution Service 3.0
RP8: 8/14/2009 6:22:34 PM - System Checkpoint
==== Installed Programs ======================
Acrobat.com
Active Disk
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.1
Apple Software Update
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon ZoomBrowser EX (E)
Citrix Presentation Server Client
Drive Manager
Family Tree Maker
Family Tree Maker 2005
Google Toolbar for Internet Explorer
Gradekeeper
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
IomegaWare 4.0.2
Logitech MouseWare 9.79 
Logitech Print Service
Logitech QuickCam Software
Logitech Resource Center
Logitech® Camera Driver
Malwarebytes' Anti-Malware
MECA
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Professional Edition 2003
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MovieEdit Task
MSN Music Assistant
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MUSICMATCH Jukebox
My Sirius Studio
Nero 6 Ultra Edition
NVIDIA Drivers
OLYMPUS Master 2
OneTouch Version 3.0
PaperPort 7.02
Picasa 2
Picture Package Music Transfer
PowerDVD
QuickTime
RAW Image Task
Savings Bond Wizard
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
ServiceProvider
Sony Picture Utility
Sony USB Driver
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Trend Micro Internet Security
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Wise Disk Cleaner 4.61
Wise Registry Cleaner 4 Free 4.66
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
8/9/2009 3:10:51 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
8/9/2009 3:09:38 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1907000, parameter2 00000002, parameter3 00000000, parameter4 f63d0e85.
8/9/2009 3:08:39 PM, error: System Error [1003] - Error code 100000d1, parameter1 e18e1000, parameter2 00000002, parameter3 00000000, parameter4 f64c1e85.
8/8/2009 7:59:04 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/8/2009 7:58:59 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
8/13/2009 7:41:35 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1d62000, parameter2 00000002, parameter3 00000000, parameter4 f5c6de85.
8/12/2009 8:44:07 PM, error: System Error [1003] - Error code 100000d1, parameter1 e1d22000, parameter2 00000002, parameter3 00000000, parameter4 f5c45e85.
8/12/2009 8:42:20 PM, error: System Error [1003] - Error code 100000d1, parameter1 e191c000, parameter2 00000002, parameter3 00000000, parameter4 f6650e85.
8/12/2009 6:53:44 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
8/12/2009 6:53:44 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\skoch\LOCALS~1\Temp\AIM_69~1.2\imappver.dll. Reference error message: The operation completed successfully. .
8/12/2009 6:53:44 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
8/11/2009 7:30:15 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office 2003 Service Pack 3 (SP3).
8/11/2009 7:16:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/11/2009 7:14:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/11/2009 7:12:38 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/11/2009 6:59:24 PM, error: Service Control Manager [7000] - The Matrox WDM capture/crossbar driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/11/2009 6:59:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/10/2009 6:42:41 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL tmtdi
8/10/2009 6:42:41 PM, error: Service Control Manager [7001] - The Trend Micro Proxy Service service depends on the Trend Micro TDI Driver service which failed to start because of the following error: A device attached to the system is not functioning.
==== End Of File ===========================


----------



## jmy889 (Aug 14, 2009)

Just downloaded winzip. Hope I did it right.


----------



## jmw3 (Jul 23, 2007)

Hi

*ComboFix*
Download *ComboFix* from one of these locations (*DO NOT* download ComboFix from anywhere else but one of the provided links):
*Link 1*
*Link 2*

***IMPORTANT !!! Save ComboFix.exe to your Desktop***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
*A guide to do this can be found here*
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console









**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of *C:\ComboFix.txt* in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

Could you also run *Gmer* again & post the log. Just copy/paste the contents into your reply. No need to attach 

To post in next reply:
ComboFix log
New Gmer log
New HijackThis log
Update on how the computer is running


----------



## jmy889 (Aug 14, 2009)

Thank you so much for taking the time to help me. My Google searches are fine, chkdsk has run and I can even defrag. Here are the latest logs. Thanks again.

ComboFix 09-08-10.06 - skoch 08/16/2009 13:03.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.171 [GMT -5:00]
Running from: c:\documents and settings\skoch\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-16 02:52 . 2009-08-16 02:52 0 ----a-w- c:\windows\nsreg.dat
2009-08-16 02:52 . 2009-08-16 02:52 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\Mozilla
2009-08-15 04:44 . 2009-08-15 04:44 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\WinZip
2009-08-15 04:43 . 2009-08-15 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-12 12:01 . 2009-08-12 12:01 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\AOL
2009-08-12 11:58 . 2009-08-12 11:59 -------- d-----w- c:\program files\QuickTime
2009-08-12 03:18 . 2009-08-12 03:29 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-12 02:11 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-12 00:44 . 2009-08-12 00:44 -------- d-----w- c:\program files\Secunia
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-17 18:55 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 01:22 . 2004-06-21 03:12 -------- d-----w- c:\program files\Trend Micro
2009-08-13 03:31 . 2009-06-19 14:12 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-13 02:58 . 2004-06-21 03:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 12:03 . 2004-06-21 03:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 12:02 . 2004-06-21 03:53 -------- d-----w- c:\program files\AIM
2009-08-12 12:02 . 2004-10-08 01:37 -------- d-----w- c:\documents and settings\skoch\Application Data\Aim
2009-08-12 11:58 . 2004-10-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-12 11:55 . 2004-06-21 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-12 00:13 . 2004-06-21 03:06 -------- d-----w- c:\program files\Google
2009-08-10 23:56 . 2009-06-19 13:09 117760 ----a-w- c:\documents and settings\skoch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 23:54 . 2009-06-19 13:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 23:34 . 2009-06-17 04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 23:34 . 2009-06-25 03:44 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 09:11 . 2004-06-21 02:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-06-17 04:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-06-17 04:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 21:40 . 2005-09-19 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 21:19 . 2009-06-18 04:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-23 04:10 . 2007-01-02 18:45 -------- d-----w- c:\documents and settings\skoch\Application Data\U3
2009-07-17 18:55 . 2004-06-21 02:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 03:00 . 2008-07-26 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-07-15 02:29 . 2009-07-15 02:29 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-07-15 02:29 . 2009-07-15 02:29 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-07-13 15:08 . 2004-08-04 07:56 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-02-18 21:19 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-06-21 02:45 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-06-21 02:45 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-06-21 02:45 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-06-21 02:45 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-06-21 02:45 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-06-21 02:45 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-06-21 02:45 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-06-21 02:45 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2001-08-23 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2001-08-23 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-06-21 02:45 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-19 13:09 . 2009-06-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-19 13:09 . 2009-06-19 13:09 -------- d-----w- c:\documents and settings\skoch\Application Data\SUPERAntiSpyware.com
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-06-21 02:45 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-06-21 02:48 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-06-21 02:44 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-06-21 02:47 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-06-21 02:48 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 08:02 . 2009-07-15 02:29 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2009-07-15 02:29 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2009-07-15 02:29 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-04-23 3756032]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 0]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
c:\documents and settings\skoch\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^skoch^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [7/6/2004 10:12 PM 17792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [7/8/2004 10:10 PM 23200]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/14/2009 9:52 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [7/14/2009 9:53 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/14/2009 9:29 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/14/2009 9:53 PM 677128]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/14/2009 9:29 PM 335376]
S2 MtxVideo;Matrox WDM capture/crossbar driver;c:\windows\system32\drivers\mtxvideo.sys [7/5/2004 4:15 PM 103296]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys [6/24/2006 7:29 PM 7552]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-06-19 18:40]
.
- - - - ORPHANS REMOVED - - - -
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-16 13:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-08-16 13:33
ComboFix-quarantined-files.txt 2009-08-16 18:33
ComboFix2.txt 2009-08-16 17:23
ComboFix3.txt 2009-08-16 15:47
Pre-Run: 11,359,457,280 bytes free
Post-Run: 11,340,021,760 bytes free
206 --- E O F --- 2009-08-12 03:36

GMER 1.0.15.15020 [ikmstktc.exe] - http://www.gmer.net
Rootkit scan 2009-08-17 06:52:08
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----
SSDT 827E2C40 ZwCreateKey
SSDT 827E2140 ZwCreateProcess
SSDT 827E2400 ZwCreateProcessEx
SSDT 827E3AA0 ZwCreateThread
SSDT 827E31C0 ZwDeleteKey
SSDT 827E3480 ZwDeleteValueKey
SSDT 827E3C40 ZwLoadDriver
SSDT 827E26C0 ZwOpenProcess
SSDT 827E2F00 ZwSetValueKey
SSDT 827E2980 ZwTerminateProcess
SSDT 827E3900 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:39 AM, on 8/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://www.taxsimple.com/tsweb/msrdp.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - 
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
--
End of file - 8874 bytes


----------



## jmw3 (Jul 23, 2007)

Hi

*Any reason why you ran ComboFix three times???*

*Fix HiJackThis Entries*

Open HiJackThis 
Click on *Do a system scan only* 
Place a checkmark next to these lines(if still present):
*R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -*


Close all windows except Hijackthis and click *Fix Checked*
Click *Yes* when prompted
Close HijackThis.

*CFScript*
Delete the copy of ComboFix you have & download it again:
*Link 1*
*Link 2*
Close any open browsers.
Open *notepad* and copy/paste the text in the code box below into it:


```
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000000
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
```
Save this as *CFScript.txt*, in the same location as ComboFix.exe










Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at *"C:\ComboFix.txt"*
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix *SHOULD NOT* be used unless requested by a forum helper

I would also like to see the ComboFix Quarantined Files Log, so please do this:
Click *Start > Run* then copy/paste the following single-line command into the Run box and click *OK*:

*C:\Qoobox\ComboFix-quarantined-files.txt*

A text file should open. Post the contents of that file in your next reply.

*Kaspersky Online Scan*
*Please make sure that all programs are closed when installing Java.*


Click *here* to visit Java's website
Scroll down to *Java Runtime Environment (JRE) 6 Update 16*. Click on *Download*
Select *Windows* from the drop-down list for *Platform*
Select *Multi-language* from the drop-down list for *Language*
Check (tick) *I agree to the Java SE Runtime Environment 6 License Agreement* box and click on *Continue*
Click on *jre-6u16-windows-i586-p.exe* link to download it and save this to a convenient location
Double click on *jre-6u16-windows-i586-p.exe* to install Java
After the Java installation has finished, go to *Kaspersky website* and perform an online antivirus scan
Read through the requirements and privacy statement and click on *Accept* button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*
When the downloads have finished, click on *Settings*
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*
Once the scan is complete, it will display the results. Click on *View Scan Report*
You will see a list of infected items there. Click on *Save Report As...*
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button
Please post this log in your next reply
To post in next reply:
ComboFix log
Contents of ComboFix-quarantined-files.txt
Kaspersky Scan log
New HijackThis log


----------



## jmy889 (Aug 14, 2009)

I ran combo-fix multiple times due to operator error and my virus/spyware kept activating.

Here are the ComboFix and Combo Fix-quarantined Logs. Balance to follow..

ComboFix 09-08-10.06 - skoch 08/17/2009 19:54.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.186 [GMT -5:00]
Running from: c:\documents and settings\skoch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\skoch\Desktop\CFScript.txt
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\parport32.sys
.
((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.
2009-08-16 02:52 . 2009-08-16 02:52 0 ----a-w- c:\windows\nsreg.dat
2009-08-16 02:52 . 2009-08-16 02:52 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\Mozilla
2009-08-15 04:44 . 2009-08-15 04:44 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\WinZip
2009-08-15 04:43 . 2009-08-15 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-08-12 12:01 . 2009-08-12 12:01 -------- d-----w- c:\documents and settings\skoch\Local Settings\Application Data\AOL
2009-08-12 11:58 . 2009-08-12 11:59 -------- d-----w- c:\program files\QuickTime
2009-08-12 03:18 . 2009-08-12 03:29 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-12 02:11 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-08-12 00:44 . 2009-08-12 00:44 -------- d-----w- c:\program files\Secunia
2009-08-05 09:11 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 01:22 . 2004-06-21 03:12 -------- d-----w- c:\program files\Trend Micro
2009-08-13 03:31 . 2009-06-19 14:12 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-13 02:58 . 2004-06-21 03:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-12 12:03 . 2004-06-21 03:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-12 12:02 . 2004-06-21 03:53 -------- d-----w- c:\program files\AIM
2009-08-12 12:02 . 2004-10-08 01:37 -------- d-----w- c:\documents and settings\skoch\Application Data\Aim
2009-08-12 11:58 . 2004-10-31 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-12 11:55 . 2004-06-21 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-12 00:13 . 2004-06-21 03:06 -------- d-----w- c:\program files\Google
2009-08-10 23:56 . 2009-06-19 13:09 117760 ----a-w- c:\documents and settings\skoch\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-10 23:54 . 2009-06-19 13:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-10 23:34 . 2009-06-17 04:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-10 23:34 . 2009-06-25 03:44 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-05 09:11 . 2004-06-21 02:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-06-17 04:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-06-17 04:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-01 21:40 . 2005-09-19 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 21:19 . 2009-06-18 04:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-23 04:10 . 2007-01-02 18:45 -------- d-----w- c:\documents and settings\skoch\Application Data\U3
2009-07-17 18:55 . 2004-06-21 02:44 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 03:00 . 2008-07-26 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2009-07-15 02:29 . 2009-07-15 02:29 80400 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2009-07-15 02:29 . 2009-07-15 02:29 335376 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2009-07-13 15:08 . 2004-08-04 07:56 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2005-02-18 21:19 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-25 18:36 . 2004-06-21 02:45 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-06-21 02:45 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-06-21 02:45 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-06-21 02:45 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-06-21 02:45 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-06-21 02:45 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-06-21 02:45 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-06-21 02:45 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2001-08-23 12:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2001-08-23 12:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2001-08-23 12:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2001-08-23 12:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-22 11:49 . 2001-08-23 12:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2001-08-23 12:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2001-08-23 12:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-06-21 02:45 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-19 13:09 . 2009-06-19 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-19 13:09 . 2009-06-19 13:09 -------- d-----w- c:\documents and settings\skoch\Application Data\SUPERAntiSpyware.com
2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2009-06-16 14:55 . 2001-08-23 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 11:50 . 2004-06-21 02:45 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 11:50 . 2004-06-21 02:48 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:21 . 2004-06-21 02:44 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:32 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2004-06-21 02:47 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-06-21 02:48 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 08:02 . 2009-07-15 02:29 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2009-07-15 02:29 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2009-07-15 02:29 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-18 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2004-04-23 3756032]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2004-04-23 46080]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 0]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-11-07 19968]
c:\documents and settings\skoch\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-6-24 803176]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\startupfolder\C:^Documents and Settings^skoch^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
backup=c:\windows\pss\reminder-ScanSoft Product Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [7/6/2004 10:12 PM 17792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 74480]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [7/8/2004 10:10 PM 23200]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [7/14/2009 9:52 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [7/14/2009 9:53 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [7/14/2009 9:29 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [7/14/2009 9:53 PM 677128]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 7:20 AM 12648]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [7/14/2009 9:29 PM 335376]
S2 MtxVideo;Matrox WDM capture/crossbar driver;c:\windows\system32\drivers\mtxvideo.sys [7/5/2004 4:15 PM 103296]
S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\SiriusUSB.sys [6/24/2006 7:29 PM 7552]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-06-19 18:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-17 20:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(464)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSVC01A.EXE
c:\windows\system32\BRSS01A.EXE
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Logitech\Video\FxSvr2.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-18 20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 01:25
ComboFix2.txt 2009-08-16 17:23
ComboFix3.txt 2009-08-16 15:47
Pre-Run: 11,202,490,368 bytes free
Post-Run: 11,307,638,784 bytes free
205 --- E O F --- 2009-08-12 03:36

2009-08-18 00:29:09 . 2009-08-18 00:29:09 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\parport32.sys.vir
2009-08-18 00:12:27 . 2009-08-18 00:54:16 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2009-08-16 15:45:24 . 2009-08-16 18:30:12 157 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed}.reg.dat
2009-08-16 15:27:28 . 2009-08-18 01:04:00 10,607 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-08-16 14:27:31 . 2009-08-16 14:27:31 1,305 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SKYNEThfwosvlg.reg.dat
2009-08-16 14:19:51 . 2009-08-18 01:06:27 410 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-08-16 13:41:46 . 2009-08-16 13:41:46 91 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETtqcfqrmp.dat.vir
2009-06-13 01:07:00 . 2009-06-13 01:07:00 20,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETavbrnvme.dll.vir
2009-06-13 01:05:35 . 2009-08-16 13:41:46 586,804 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETexrlxsmb.dat.vir
2009-06-13 01:05:32 . 2009-06-13 01:05:32 44,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETvbqerxlt.dll.vir
2009-06-13 01:05:32 . 2009-06-13 01:05:32 69,632 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNETdcfxjlkd.sys.vir
2008-10-29 23:38:38 . 2008-10-29 23:38:38 532,992 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\6ea7a3.msi.vir
2008-07-26 13:57:14 . 2008-07-26 13:57:14 2,191,360 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\3dbae.msi.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\11df7f2.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\1a7d6e.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\31662d.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\359c952.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\3bc92.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\3d771b.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\5c12d3d.msp.vir
2007-07-27 14:03:06 . 2007-07-27 14:03:06 119,977,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\6af3e.msp.vir
2006-07-26 02:52:18 . 2006-07-26 02:52:18 19,210,240 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\6434f4.msp.vir
2006-07-25 02:04:13 . 2006-07-25 02:04:13 1,185,792 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\386d9.msi.vir
2006-05-17 04:24:54 . 2006-05-17 04:24:54 9,299,456 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\84c5ce.msp.vir
2005-08-08 20:25:44 . 2005-08-08 20:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\490495c.msp.vir
2005-08-08 20:25:44 . 2005-08-08 20:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\80316.msp.vir
2005-08-08 20:25:44 . 2005-08-08 20:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\9e6ca.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\10c277.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\184fb1.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\1feb1f.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\3a405.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\4cc9f5.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\6f03ceb.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\c33c58.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\d5069.msp.vir
2005-08-08 19:25:44 . 2005-08-08 19:25:44 97,385,984 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\e1d57.msp.vir
2004-07-08 05:23:02 . 2004-07-08 05:23:02 18,643,968 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\4c5bd.msp.vir
2004-07-07 23:27:12 . 2004-07-07 23:27:12 68,711,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\332c529.msp.vir
2004-07-07 23:27:12 . 2004-07-07 23:27:12 68,711,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\35647dc.msp.vir
2004-07-07 23:27:12 . 2004-07-07 23:27:12 68,711,424 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Installer\4e75f.msp.vir


----------



## jmy889 (Aug 14, 2009)

Here's Kaspersky Scan Log & HijackThis Log.

KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, August 17, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, August 18, 2009 03:27:21
Records in database: 2647152
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Objects scanned: 59023
Threats found: 3
Infected objects found: 151
Suspicious objects found: 0
Scan duration: 01:52:53

File name / Threat / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadfmbbweoj.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadmdrbcvsw.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETainhsaghrm.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme.dll Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_2f0.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_6d8.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_760.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_ab8.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_b60.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_c44.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_d4c.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbmrikllqqq.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbsqsnktpfy.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbwqqpxepoj.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_2f0.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_6d8.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciqdcdxvnx.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciwgxrvqpc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETclscydeklq.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcosgjfkbnt.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcrppvtyloa.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcshyxxkuck.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqbvspmtv.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqxsbypbf.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcyuocvxgjs.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETdekcecusfd.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETecxtbvorqv.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeeahkwatvi.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETentibcrecx.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeqvnmdeobv.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETessmccbhfc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETevjqqoilpi.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfniwwxvncb.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqmbpxxtlp.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqrnbvcxej.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgerduepryp.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETggsvgvlwdn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgpimbkcise.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgxlkgoyiei.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETheeliodwti.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThemqxtadny.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThmpaknxxst.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThsrxcnwifn.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETiacyrsijde.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETieviwtsiwt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETifpdmoprmc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETinxlxffokx.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETitueqdcxnm.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjdhwjglfqc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjgblwyjkox.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjhqxlfvuab.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjibccpbtxe.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjkiqombjyr.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjwkrjhmbcj.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjxngntxwoe.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkhuqchstip.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu_2f0.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuapmadjtm.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuuybvdtbu.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlexudghhrc.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlopqyfsigq.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETluvjwibcio.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlwibfpmklp.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmhcxjucriu.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmiqrnsetet.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmpuyitcwbd.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETndsibtbpgl.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnwosspqjix.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyusirrwt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyuwpsspt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETobfbfxhoid.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETontuidxvdg.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEToonkoaorru.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETosuewcfryd.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpqqoknskbo.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETprtrustcgn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptqfbqmqac.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptuecvksmn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpudxetycri.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpujcgmexvm.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpwixgqfuxt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpyadnfapei.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqftkofbwlx.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqhfvkoinds.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqkbjgcrvkb.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqvtiexflip.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqyecbkorns.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETracipvpdmx.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrbagnmiwqt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrievbqhxrr.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrprpfutijw.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrvirtypfhf.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxlidtxqhp.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtnsqhgoi.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtqbwuxdc.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsixxuhuiun.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsojnmybqrd.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsrhavlpmar.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsyqbewmvms.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtbdwqbuxym.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcgbfatyev.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcvixpwdxe.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtfpeoicxre.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtnvvsqvbyn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsgbciorpd.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsieeihtyl.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtthxfvfvbv.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvporienbv.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvxevbgfdl.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETuiifsmerys.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETupcyciqhxr.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutronmgchc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutuxpqfxbi.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvbqerxlt.dll Infected: Trojan.Win32.Small.bzt 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvccixgqdri.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvmpdriemui.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvobtpexiti.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvoufjwiwwb.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpofteixry.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvprportqix.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpwidroaco.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvqitvpyxui.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt_c44.VIR Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvsoomjkmvu.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvspphpmvbf.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvxvbvrppbd.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwarbtqbcbh.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwefrrlkblh.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheayotpoi.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheexnkicq.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwixrprxynt.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwmiquqfaof.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwxrrdcdgbx.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxbdrbqynvn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxcvkjaqkpb.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxerorirbqh.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxidwqjenbv.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETximuwuhqqs.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxkcuujsiqw.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxnqvnxxkwn.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxrxtaixvyk.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxtbvrprpor.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxwevxylbbl.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxyuaduvsjr.tmp Infected: Trojan.Win32.Small.bzc 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETylqppegewi.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETyxmbcrppbw.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETavbrnvme.dll.vir Infected: Trojan.Win32.Small.bzc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETvbqerxlt.dll.vir Infected: Trojan.Win32.Small.bzt 1
Selected area has been scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:34 PM, on 8/17/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe


----------



## jmw3 (Jul 23, 2007)

Hi
Looks good, though your last HijackThis log was cut off.

*Registry Cleaners + "Tweak" Tools*

Re. *Wise Registry Cleaner*

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... _Some will actually achieve this_ .... *IF you know how to use them correctly.*
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies _can_ speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

Discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

*Clean Up* 
*Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.*
*Remove ComboFix*
The following will implement some cleanup procedures as well as reset System Restore points:
Click *Start > Run* then copy/paste the following bolded text into the Run box and click OK:
*ComboFix /u*
*OTC*
Download *OTC* by Old Timer *here* & save it to your desktop.
Double click on *OTC.exe*. Click on *CleanUp!*.
You will receive a prompt that it needs to restart the computer to remove the files. Click *Yes*.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
*DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop*
Remove/delete all items from your Trend Internet Security.
You should also remove *HijackThis*. You can do this by going to *C:\Program Files\Trend Micro\HijackThis*

Double click *HijackThis.exe*
From the Main menu click *Open the Misc Tools section*
Using the scroll bar, scroll down to *Uninstall HijackThis*
Click *Uninstall HijackThis & exit* then click *Yes* at the prompt
Once this is done you can re-enable Spybot's TeaTimer if you like.

How's everything running? Any problems?


----------



## jmy889 (Aug 14, 2009)

jmw3 I will heed your advice about registry cleaners. I removed Wise Registry Cleaner from my computer.

You said to remove/delete all items from my Trend Micro Internet Security. I assume you meant the quarantined items. I deleted the Trojans that were quarantined, but was unable to delete the Viruses in quarantine - per message: "Unable to delete the file. Computer may have locked or you may lack sufficient privileges..." ?

The computer's running great. No problems. Google googles. No Windows error messages. My sanity has been restored! (IMO)

To say that I couldn't do it without you would be such a huge understatement. I truly appreciate you lending your expertise.


----------



## jmw3 (Jul 23, 2007)

Hi

Sorry about that... yes I did mean Trend's Quarantine. Try this:
*OTM*
Download *OTM* by OldTimer *Here* & save it to your desktop.

Double click on *OTM.exe* to run it
Copy & paste the contents of the Code box below into *Paste Instructions for Items to be Moved*
*Note:* Do not type it out to minimize the risk of typo error

```
:Files
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadfmbbweoj.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadmdrbcvsw.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETainhsaghrm.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme.dll
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_2f0.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_6d8.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_760.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_ab8.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_b60.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_c44.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_d4c.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbmrikllqqq.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbsqsnktpfy.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbwqqpxepoj.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_2f0.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_6d8.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciqdcdxvnx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciwgxrvqpc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETclscydeklq.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcosgjfkbnt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcrppvtyloa.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcshyxxkuck.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqbvspmtv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqxsbypbf.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcyuocvxgjs.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETdekcecusfd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETecxtbvorqv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeeahkwatvi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETentibcrecx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeqvnmdeobv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETessmccbhfc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETevjqqoilpi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfniwwxvncb.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqmbpxxtlp.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqrnbvcxej.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgerduepryp.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETggsvgvlwdn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgpimbkcise.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgxlkgoyiei.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETheeliodwti.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThemqxtadny.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThmpaknxxst.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThsrxcnwifn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETiacyrsijde.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETieviwtsiwt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETifpdmoprmc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETinxlxffokx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETitueqdcxnm.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjdhwjglfqc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjgblwyjkox.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjhqxlfvuab.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjibccpbtxe.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjkiqombjyr.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjwkrjhmbcj.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjxngntxwoe.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkhuqchstip.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu_2f0.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuapmadjtm.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuuybvdtbu.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlexudghhrc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlopqyfsigq.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETluvjwibcio.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlwibfpmklp.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmhcxjucriu.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmiqrnsetet.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmpuyitcwbd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETndsibtbpgl.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnwosspqjix.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyusirrwt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyuwpsspt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETobfbfxhoid.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETontuidxvdg.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEToonkoaorru.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETosuewcfryd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpqqoknskbo.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETprtrustcgn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptqfbqmqac.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptuecvksmn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpudxetycri.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpujcgmexvm.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpwixgqfuxt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpyadnfapei.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqftkofbwlx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqhfvkoinds.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqkbjgcrvkb.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqvtiexflip.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqyecbkorns.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETracipvpdmx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrbagnmiwqt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrievbqhxrr.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrprpfutijw.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrvirtypfhf.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxlidtxqhp.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtnsqhgoi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtqbwuxdc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsixxuhuiun.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsojnmybqrd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsrhavlpmar.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsyqbewmvms.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtbdwqbuxym.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcgbfatyev.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcvixpwdxe.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtfpeoicxre.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtnvvsqvbyn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsgbciorpd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsieeihtyl.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtthxfvfvbv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvporienbv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvxevbgfdl.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETuiifsmerys.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETupcyciqhxr.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutronmgchc.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutuxpqfxbi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvbqerxlt.dll
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvccixgqdri.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvmpdriemui.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvobtpexiti.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvoufjwiwwb.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpofteixry.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvprportqix.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpwidroaco.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvqitvpyxui.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt_c44.VIR
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvsoomjkmvu.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvspphpmvbf.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvxvbvrppbd.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwarbtqbcbh.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwefrrlkblh.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheayotpoi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheexnkicq.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwixrprxynt.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwmiquqfaof.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwxrrdcdgbx.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxbdrbqynvn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxcvkjaqkpb.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxerorirbqh.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxidwqjenbv.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETximuwuhqqs.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxkcuujsiqw.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxnqvnxxkwn.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxrxtaixvyk.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxtbvrprpor.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxwevxylbbl.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxyuaduvsjr.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETylqppegewi.tmp
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETyxmbcrppbw.tmp
:Commands
[Purity]
[EmptyTemp]
[Reboot]
```

Click on *MoveIt!*
When done, click on *Exit*
*Note:* If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose *Yes*.
A log will be produced at *C:\_OTM\MovedFiles\date_time.log*, where *date_time* are numbers. Post this log in your next reply.

Then if the files were successfully moved & the log posted, do this:
Double-click *OTM* 
Click the *CleanUp!* button 
Select *Yes* when the *Begin cleanup Process?* prompt appears 
If you are prompted to Reboot during the cleanup, select *Yes* 
The tool will delete itself once it finishes, if not delete it yourself



> The computer's running great. No problems. Google googles. No Windows error messages. My sanity has been restored! (IMO)
> 
> To say that I couldn't do it without you would be such a huge understatement. I truly appreciate you lending your expertise


No problem at all


----------



## jmy889 (Aug 14, 2009)

Hi jmw3

Here is the OTM Log. *There were 2 error messages *"SKYNET......dll is not a valid Windows image. Check against your installation diskette"

All processes killed
Error: Unable to interpret <Code:> in the current context!
========== FILES ==========
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadfmbbweoj.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETadmdrbcvsw.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETainhsaghrm.tmp moved successfully.
*LoadLibrary failed for C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme.dll*
*C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme.dll NOT unregistered.*
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme.dll moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_2f0.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_6d8.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_760.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_ab8.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_b60.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_c44.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETavbrnvme_d4c.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbmrikllqqq.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbsqsnktpfy.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETbwqqpxepoj.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_2f0.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETccjpwibadh_6d8.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciqdcdxvnx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETciwgxrvqpc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETclscydeklq.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcosgjfkbnt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcrppvtyloa.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcshyxxkuck.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqbvspmtv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETctqxsbypbf.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETcyuocvxgjs.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETdekcecusfd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETecxtbvorqv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeeahkwatvi.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETentibcrecx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETeqvnmdeobv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETessmccbhfc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETevjqqoilpi.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfniwwxvncb.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqmbpxxtlp.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETfqrnbvcxej.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgerduepryp.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETggsvgvlwdn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgpimbkcise.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETgxlkgoyiei.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETheeliodwti.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThemqxtadny.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThmpaknxxst.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEThsrxcnwifn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETiacyrsijde.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETieviwtsiwt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETifpdmoprmc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETinxlxffokx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETitueqdcxnm.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjdhwjglfqc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjgblwyjkox.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjhqxlfvuab.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjibccpbtxe.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjkiqombjyr.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjwkrjhmbcj.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETjxngntxwoe.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkhuqchstip.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkpmnsvjuyu_2f0.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuapmadjtm.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETkuuybvdtbu.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlexudghhrc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlopqyfsigq.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETluvjwibcio.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETlwibfpmklp.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmhcxjucriu.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmiqrnsetet.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETmpuyitcwbd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETndsibtbpgl.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnwosspqjix.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyusirrwt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETnyyuwpsspt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETobfbfxhoid.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETontuidxvdg.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNEToonkoaorru.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETosuewcfryd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpqqoknskbo.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETprtrustcgn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptqfbqmqac.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETptuecvksmn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpudxetycri.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpujcgmexvm.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpwixgqfuxt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETpyadnfapei.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqftkofbwlx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqhfvkoinds.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqkbjgcrvkb.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqvtiexflip.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETqyecbkorns.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETracipvpdmx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrbagnmiwqt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrievbqhxrr.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrprpfutijw.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrvirtypfhf.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxlidtxqhp.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtnsqhgoi.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETrxtqbwuxdc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsixxuhuiun.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsojnmybqrd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsrhavlpmar.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETsyqbewmvms.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtbdwqbuxym.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcgbfatyev.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtcvixpwdxe.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtfpeoicxre.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtnvvsqvbyn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsgbciorpd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtsieeihtyl.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtthxfvfvbv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvporienbv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETtvxevbgfdl.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETuiifsmerys.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETupcyciqhxr.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutronmgchc.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETutuxpqfxbi.tmp moved successfully.
*LoadLibrary failed for C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvbqerxlt.dll*
*C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvbqerxlt.dll NOT unregistered.*
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvbqerxlt.dll moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvccixgqdri.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvmpdriemui.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvobtpexiti.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvoufjwiwwb.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpofteixry.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvprportqix.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvpwidroaco.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvqitvpyxui.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvrcioufnnt_c44.VIR moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvsoomjkmvu.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvspphpmvbf.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETvxvbvrppbd.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwarbtqbcbh.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwefrrlkblh.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheayotpoi.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwheexnkicq.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwixrprxynt.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwmiquqfaof.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETwxrrdcdgbx.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxbdrbqynvn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxcvkjaqkpb.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxerorirbqh.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxidwqjenbv.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETximuwuhqqs.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxkcuujsiqw.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxnqvnxxkwn.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxrxtaixvyk.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxtbvrprpor.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxwevxylbbl.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETxyuaduvsjr.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETylqppegewi.tmp moved successfully.
C:\Program Files\Trend Micro\Internet Security\Quarantine\SKYNETyxmbcrppbw.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: skoch
->Temp folder emptied: 76752567 bytes
->Temporary Internet Files folder emptied: 20746258 bytes
->Java cache emptied: 25625183 bytes
->FireFox cache emptied: 85619515 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1203859 bytes
%systemroot%\System32 .tmp files removed: 3368 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 200.26 mb

OTM by OldTimer - Version 3.0.0.6 log created on 08192009_185852

Files moved on Reboot...

Registry entries deleted on Reboot...

Computer running fine. Thanks!


----------



## jmw3 (Jul 23, 2007)

Hi
That looks good.

*All Clean*
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

*Create a Clean System Restore Point *
Create a new, clean System Restore point which you can use in case of future system problems:
Press *Start->All Programs->Accessories->System Tools->System Restore*
Select *Create a restore point*, then *Next*, type a name like *All Clean* then press the *Create* button and once it's done press *Close*
Now remove old, infected System Restore points:
Next click *Start->Run* and type *cleanmgr* in the box and click *OK*
Ensure the boxes for *Temporary Files* & *Temporary Internet Files* are checked. You can choose to check other boxes if you wish but they are not required.
Select the *More Options* tab, under *System Restore* click *Clean up...* and click *Yes* to the prompt
Click *OK* and *Yes* to confirm.

*Update your Windows XP to Service Pack 3*
It is *CRITICAL* that you keep your Windows updated. Otherwise you're open to dozens of security holes which *WILL* cause you to get reinfected.
Visit *Windows Update NOW* & download *Service Pack 3* + *ALL critical updates*! (Click *Start >> All Programs >> Windows Update* to launch Windows Update)

*Microsoft Windows Update*
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
*To update Windows*
Go to *Start* > *All Programs* > *Windows Update*
*To update Office*
Open up any Office program.
Go to *Help* > *Check for Updates*

*Malwarebytes' Anti-Malware*
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial *here*. I would recommend keeping this updated & running it regularly.

*SpywareBlaster*
Download and install Javacools SpywareBlaster from *here* 
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

*Download and Install a HOSTS File*
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just *HOSTS* with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

*Download BlueTack's HOSTS Manager* *here*, using Internet Explorer (Firefox won't work):

A short distance down the page in the centre, click on the *Download* button
Agree to the license
On the next page, to the right side of where it says *Download Estimates*, right click on the underlined word *Hosts Manager* choose *Save Target As* and download the installer *Hosts20setup.exe* to your desktop
Double click the Installer on your desktop and let it *Install the Hosts Manager*
After the installation is complete, click on the *Hosts Manager* icon on your desktop. (You can delete the other *Hosts Switch* icon from your desktop)
When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled *Options and Tools*,
Click *Disable DNS Service*. *This is important*
In the Left Pane, click *Download*
It will load 80,000 lines or more. When it finishes, also in the left pane, click *Replace*, and then click *Save*
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

*Web of Trust*
*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

*Install WinPatrol*
Download it *here*
You can find information about how WinPatrol works *here*

*Read some information* *here* on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

*Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!*
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


----------



## jmy889 (Aug 14, 2009)

Hi jmw3,

Forgot to mention in my last post that Trend Micro still shows the 92 items in quarantine. When I tried to delete them I got a message "Unable to delete the file. Your computer may have locked the file or you may lack sufficient privileges to access the file" ?

I am unable to update Microsoft Office because I don't have the original disk. (A friend of a friend gave me this computer several years ago - without the CD.) I knew about this issue previously, but I didn't realize that I wasn't up to date with Windows XP. I had automatic updates set and thought all was ok.

I was unable to download the HOSTS File following your instructions. I never saw a "Download" button. Do I need to register first - or have they maybe made some changes to their website?

I was able to follow the rest of your instructions/suggestions and the computer is running fine. Thanks again.


----------



## jmw3 (Jul 23, 2007)

Hi


> Forgot to mention in my last post that Trend Micro still shows the 92 items in quarantine. When I tried to delete them I got a message "Unable to delete the file. Your computer may have locked the file or you may lack sufficient privileges to access the file" ?


As you can see from the OTM log you posted they have clearly been moved from there. And when you clicked the Clean Up button of OTM, that would ahve removed OTM's quarantined folder.
Only thing I can suggest is an uninstall & reinstall of Trend to see if that clears the problem.



> I was unable to download the HOSTS File following your instructions. I never saw a "Download" button. Do I need to register first - or have they maybe made some changes to their website?


Sorry about that. Yes, looks like they have changed their site around. Try the following link. It should take you directly to the setup file, hosts20setup.exe:
http://blocklistpro.com/download-ce...hk=a2626a4cb42303b4d6999bdc5349282d&no_html=1


----------



## jmy889 (Aug 14, 2009)

Hi jmw3,

I wasn't able to download the Hosts Manager via the link, ("illegal download attempt"), but I did figure out how to do it. (Just realized I forgot to use IE and instead used Firefox. Operator error again! But I did install and run it.)

My computer is running great - and no more Google re-directs. I will keep on top of updating Windows and updating and running Malwarebytes' Anti-Malware, SpywareBlaster and Spybot. 

Thank you for volunteering your time and sending me directions that even I could follow. (Most of the time!) 


Thanks again. I really appreciate it.


----------



## jmw3 (Jul 23, 2007)

No problem at all jmy889... Glad I could help

I'll mark this one solved 

Good Luck & Safe Surfing


----------

