Skip to main content

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 1st, 2009 05:00

Welcome. Thank you for using Dell Community Forums.

As requested in  Please Read This Before Posting For Malware Removal Help   it would have been helpful to us and to others doing research if you had included your symptoms of malware.

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.    

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

 

pmaag

36 Posts

March 1st, 2009 09:00

Restore in still enable and I not fix anything from HijackThis. This is my husband computer.

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 1st, 2009 10:00


We need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs

  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.

  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

pmaag

36 Posts

March 1st, 2009 10:00

I forgot the only this I did is run an Trend scan and it found something that was fixed. Should I run another log?

pmaag

36 Posts

March 1st, 2009 10:00

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/25/2005 1:47:25 PM
System Uptime: 3/1/2009 12:17:03 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0J5165
Processor:         Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 29.85 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP23: 12/2/2008 1:04:20 PM - System Checkpoint
RP24: 12/3/2008 9:12:04 PM - System Checkpoint
RP25: 12/6/2008 12:21:25 AM - System Checkpoint
RP26: 12/7/2008 11:32:28 AM - System Checkpoint
RP27: 12/8/2008 11:47:17 AM - System Checkpoint
RP28: 12/9/2008 10:03:11 PM - System Checkpoint
RP29: 12/11/2008 3:39:49 PM - Software Distribution Service 3.0
RP30: 12/12/2008 8:28:09 PM - Software Distribution Service 3.0
RP31: 12/14/2008 12:28:23 PM - System Checkpoint
RP32: 12/15/2008 8:34:33 PM - System Checkpoint
RP33: 12/17/2008 1:02:59 PM - System Checkpoint
RP34: 12/18/2008 2:54:49 PM - System Checkpoint
RP35: 12/19/2008 2:52:39 PM - Software Distribution Service 3.0
RP36: 12/20/2008 6:51:45 PM - System Checkpoint
RP37: 12/21/2008 8:19:03 PM - System Checkpoint
RP38: 12/23/2008 3:30:04 PM - System Checkpoint
RP39: 12/25/2008 7:15:41 PM - System Checkpoint
RP40: 12/27/2008 1:35:12 PM - System Checkpoint
RP41: 12/29/2008 1:42:59 AM - System Checkpoint
RP42: 12/30/2008 6:41:52 PM - System Checkpoint
RP43: 1/1/2009 10:44:50 PM - System Checkpoint
RP44: 1/2/2009 11:11:38 PM - System Checkpoint
RP45: 1/4/2009 12:00:25 PM - System Checkpoint
RP46: 1/6/2009 9:18:37 PM - System Checkpoint
RP47: 1/8/2009 6:44:00 PM - System Checkpoint
RP48: 1/9/2009 7:34:59 PM - System Checkpoint
RP49: 1/11/2009 12:20:55 PM - System Checkpoint
RP50: 1/13/2009 11:34:25 AM - System Checkpoint
RP51: 1/13/2009 11:34:35 PM - Software Distribution Service 3.0
RP52: 1/15/2009 2:11:46 AM - System Checkpoint
RP53: 1/15/2009 3:27:58 PM - Software Distribution Service 3.0
RP54: 1/16/2009 8:00:22 PM - System Checkpoint
RP55: 1/18/2009 1:12:55 PM - System Checkpoint
RP56: 1/19/2009 7:58:36 PM - System Checkpoint
RP57: 1/22/2009 6:03:28 PM - System Checkpoint
RP58: 1/23/2009 6:47:18 PM - System Checkpoint
RP59: 1/25/2009 12:19:15 PM - System Checkpoint
RP60: 1/27/2009 7:54:15 PM - System Checkpoint
RP61: 1/28/2009 8:53:32 PM - System Checkpoint
RP62: 1/31/2009 1:30:27 AM - System Checkpoint
RP63: 2/1/2009 11:52:07 AM - System Checkpoint
RP64: 2/2/2009 1:56:18 PM - System Checkpoint
RP65: 2/6/2009 2:02:53 AM - System Checkpoint
RP66: 2/7/2009 2:52:59 AM - System Checkpoint
RP67: 2/8/2009 4:18:03 PM - System Checkpoint
RP68: 2/9/2009 9:25:34 PM - System Checkpoint
RP69: 2/11/2009 3:51:36 PM - System Checkpoint
RP70: 2/12/2009 12:14:06 AM - Software Distribution Service 3.0
RP71: 2/17/2009 9:06:36 PM - System Checkpoint
RP72: 2/19/2009 1:57:48 PM - System Checkpoint
RP73: 2/21/2009 3:59:50 PM - System Checkpoint
RP74: 2/22/2009 5:30:11 PM - System Checkpoint
RP75: 2/24/2009 9:43:08 PM - System Checkpoint
RP76: 2/24/2009 11:39:07 PM - Software Distribution Service 3.0
RP77: 2/28/2009 1:27:02 PM - Removed TMASOEDL
RP78: 2/28/2009 1:27:28 PM - Removed TMASOLDL
RP79: 2/28/2009 1:28:26 PM - Removed Trend Micro PC-cillin Internet Security 14
RP80: 2/28/2009 1:34:39 PM - Installed Trend Micro Internet Security

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7500_7600_7700_Help
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs 2
BufferChm
C6 Corvette
Conexant D110 MDC V.9x Modem
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Line Detect
DirectVideo
DocProc
DocProcQFolder
EarthLink setup files
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP Memories Disc
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 10
L7600
Learn2 Player (Uninstall Only)
Macromedia Flash Player
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2000
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
MLS Passport
mMHouse
Modem Helper
mPfMgr
mPfWiz
MPM
mProSafe
MS AntiSpyware 2009
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
My Way Search Assistant
mZConfig
OLYMPUS CAMEDIA Master 4.2
palmOne
PDF-XChange 3
PowerDVD 5.3
ProductContext
QuickSet
QuickTime
RAW FILE CONVERTER LE
RealPlayer Basic
RON Tool Offersfortoday
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Status
Toolbox
TrayApp
Trend Micro Internet Security
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip 11.2
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

2/25/2009 6:34:43 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
2/25/2009 6:34:20 PM, error: RemoteAccess [20106]  - Unable to add the interface {03FB2A40-6EBF-466C-8C9B-ABF85C8E7892} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
2/25/2009 3:40:03 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 0012F00CCAC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/24/2009 10:59:44 PM, error: PSched [14103]  - QoS [Adapter {999A4F20-ED74-45E4-B25F-72B627EF3E58}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/24/2009 8:56:04 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/25/2009 11:09:17 PM, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F00CCAC0.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/26/2009 12:13:01 AM, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
2/26/2009 12:13:34 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/28/2009 1:38:04 PM, error: Service Control Manager [7000]  - The tmevtmgr service failed to start due to the following error:  The specified procedure could not be found.
2/28/2009 1:38:04 PM, error: Service Control Manager [7001]  - The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:  The specified procedure could not be found.
2/28/2009 1:38:04 PM, error: Service Control Manager [7001]  - The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2009 10:50:53 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.6 for the Network Card with network address 0012F00CCAC0 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

pmaag

36 Posts

March 1st, 2009 10:00

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/25/2005 1:47:25 PM
System Uptime: 3/1/2009 12:17:03 PM (0 hours ago)

Motherboard: Dell Inc. |  | 0J5165
Processor:         Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1596/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 29.85 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP23: 12/2/2008 1:04:20 PM - System Checkpoint
RP24: 12/3/2008 9:12:04 PM - System Checkpoint
RP25: 12/6/2008 12:21:25 AM - System Checkpoint
RP26: 12/7/2008 11:32:28 AM - System Checkpoint
RP27: 12/8/2008 11:47:17 AM - System Checkpoint
RP28: 12/9/2008 10:03:11 PM - System Checkpoint
RP29: 12/11/2008 3:39:49 PM - Software Distribution Service 3.0
RP30: 12/12/2008 8:28:09 PM - Software Distribution Service 3.0
RP31: 12/14/2008 12:28:23 PM - System Checkpoint
RP32: 12/15/2008 8:34:33 PM - System Checkpoint
RP33: 12/17/2008 1:02:59 PM - System Checkpoint
RP34: 12/18/2008 2:54:49 PM - System Checkpoint
RP35: 12/19/2008 2:52:39 PM - Software Distribution Service 3.0
RP36: 12/20/2008 6:51:45 PM - System Checkpoint
RP37: 12/21/2008 8:19:03 PM - System Checkpoint
RP38: 12/23/2008 3:30:04 PM - System Checkpoint
RP39: 12/25/2008 7:15:41 PM - System Checkpoint
RP40: 12/27/2008 1:35:12 PM - System Checkpoint
RP41: 12/29/2008 1:42:59 AM - System Checkpoint
RP42: 12/30/2008 6:41:52 PM - System Checkpoint
RP43: 1/1/2009 10:44:50 PM - System Checkpoint
RP44: 1/2/2009 11:11:38 PM - System Checkpoint
RP45: 1/4/2009 12:00:25 PM - System Checkpoint
RP46: 1/6/2009 9:18:37 PM - System Checkpoint
RP47: 1/8/2009 6:44:00 PM - System Checkpoint
RP48: 1/9/2009 7:34:59 PM - System Checkpoint
RP49: 1/11/2009 12:20:55 PM - System Checkpoint
RP50: 1/13/2009 11:34:25 AM - System Checkpoint
RP51: 1/13/2009 11:34:35 PM - Software Distribution Service 3.0
RP52: 1/15/2009 2:11:46 AM - System Checkpoint
RP53: 1/15/2009 3:27:58 PM - Software Distribution Service 3.0
RP54: 1/16/2009 8:00:22 PM - System Checkpoint
RP55: 1/18/2009 1:12:55 PM - System Checkpoint
RP56: 1/19/2009 7:58:36 PM - System Checkpoint
RP57: 1/22/2009 6:03:28 PM - System Checkpoint
RP58: 1/23/2009 6:47:18 PM - System Checkpoint
RP59: 1/25/2009 12:19:15 PM - System Checkpoint
RP60: 1/27/2009 7:54:15 PM - System Checkpoint
RP61: 1/28/2009 8:53:32 PM - System Checkpoint
RP62: 1/31/2009 1:30:27 AM - System Checkpoint
RP63: 2/1/2009 11:52:07 AM - System Checkpoint
RP64: 2/2/2009 1:56:18 PM - System Checkpoint
RP65: 2/6/2009 2:02:53 AM - System Checkpoint
RP66: 2/7/2009 2:52:59 AM - System Checkpoint
RP67: 2/8/2009 4:18:03 PM - System Checkpoint
RP68: 2/9/2009 9:25:34 PM - System Checkpoint
RP69: 2/11/2009 3:51:36 PM - System Checkpoint
RP70: 2/12/2009 12:14:06 AM - Software Distribution Service 3.0
RP71: 2/17/2009 9:06:36 PM - System Checkpoint
RP72: 2/19/2009 1:57:48 PM - System Checkpoint
RP73: 2/21/2009 3:59:50 PM - System Checkpoint
RP74: 2/22/2009 5:30:11 PM - System Checkpoint
RP75: 2/24/2009 9:43:08 PM - System Checkpoint
RP76: 2/24/2009 11:39:07 PM - Software Distribution Service 3.0
RP77: 2/28/2009 1:27:02 PM - Removed TMASOEDL
RP78: 2/28/2009 1:27:28 PM - Removed TMASOLDL
RP79: 2/28/2009 1:28:26 PM - Removed Trend Micro PC-cillin Internet Security 14
RP80: 2/28/2009 1:34:39 PM - Installed Trend Micro Internet Security

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7500_7600_7700_Help
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player ActiveX
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
BPD_HPSU
BPD_Scan
BPDSoftware
BPDSoftware_Ini
Broadcom Management Programs 2
BufferChm
C6 Corvette
Conexant D110 MDC V.9x Modem
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Line Detect
DirectVideo
DocProc
DocProcQFolder
EarthLink setup files
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP Memories Disc
HP OCR Software 8.0
HP Officejet Pro All-In-One Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterActual Player
Internal Network Card Power Management
Internet Explorer Default Page
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
Java(TM) 6 Update 10
L7600
Learn2 Player (Uninstall Only)
Macromedia Flash Player
MarketResearch
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (ALAMODE)
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works 2000
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mIWA
mIWCA
mLogView
MLS Passport
mMHouse
Modem Helper
mPfMgr
mPfWiz
MPM
mProSafe
MS AntiSpyware 2009
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
Musicmatch for Windows Media Player
mWlsSafe
mXML
My Way Search Assistant
mZConfig
OLYMPUS CAMEDIA Master 4.2
palmOne
PDF-XChange 3
PowerDVD 5.3
ProductContext
QuickSet
QuickTime
RAW FILE CONVERTER LE
RealPlayer Basic
RON Tool Offersfortoday
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Status
Toolbox
TrayApp
Trend Micro Internet Security
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip 11.2
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

2/25/2009 6:34:43 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
2/25/2009 6:34:20 PM, error: RemoteAccess [20106]  - Unable to add the interface {03FB2A40-6EBF-466C-8C9B-ABF85C8E7892} with the Router Manager for the IP protocol. The following error occurred: Cannot complete this function.
2/25/2009 3:40:03 PM, error: Dhcp [1002]  - The IP address lease 192.168.2.6 for the Network Card with network address 0012F00CCAC0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/24/2009 10:59:44 PM, error: PSched [14103]  - QoS [Adapter {999A4F20-ED74-45E4-B25F-72B627EF3E58}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
2/24/2009 8:56:04 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
2/25/2009 11:09:17 PM, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0012F00CCAC0.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
2/26/2009 12:13:01 AM, error: atapi [5]  - A parity error was detected on \Device\Ide\IdePort0.
2/26/2009 12:13:34 AM, error: atapi [9]  - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/28/2009 1:38:04 PM, error: Service Control Manager [7000]  - The tmevtmgr service failed to start due to the following error:  The specified procedure could not be found.
2/28/2009 1:38:04 PM, error: Service Control Manager [7001]  - The tmactmon service depends on the tmevtmgr service which failed to start because of the following error:  The specified procedure could not be found.
2/28/2009 1:38:04 PM, error: Service Control Manager [7001]  - The Trend Micro Unauthorized Change Prevention Service service depends on the tmactmon service which failed to start because of the following error:  The dependency service or group failed to start.
3/1/2009 10:50:53 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.6 for the Network Card with network address 0012F00CCAC0 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

pmaag

36 Posts

March 1st, 2009 10:00

DDS (Ver_09-02-01.01) - NTFSx86 
Run by tommy maag at 12:28:43.79 on Sun 03/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.503.83 [GMT -6:00]

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated)
FW: Trend Micro Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\DOCUME~1\TOMMYM~1\LOCALS~1\Temp\2201.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://bellsouth.net/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: XML Class: {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Cognac] c:\docume~1\tommym~1\locals~1\temp\2201.exe
uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
uRun: [MS AntiSpyware 2009] "c:\documents and settings\all users\application data\crucialsoft ltd\ms antispyware 2009\msas2009.exe" /autorun
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [The Assistant] c:\program files\a la mode\sched\eSched.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [Cognac] c:\windows\temp\3.tmp.exe
dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
StartupFolder: c:\docume~1\tommym~1\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.att.net/sdccommon/download/tgctlcm.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://nom.mlxchange.com/4.2.10.33/Control/FileCruiser.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://nom.mlxchange.com/4.2.10.33/Control/Specfile.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://nom.mlxchange.com/4.2.10.33/Control/MLSClientUtils.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://nom.mlxchange.com/4.2.10.33/Control/LiteGrid.cab
DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} - hxxp://nom.mlxchange.com/4.2.10.33/Control/IRCWebPrint.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://nom.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} - hxxp://nom.mlxchange.com/4.2.10.33/Control/WebDog.cab
DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://nom.mlxchange.com/4.2.10.33/Control/AspCustomCtrls.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

============= SERVICES / DRIVERS ===============

R2 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlservr.exe [2005-5-4 9150464]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-8-10 17408]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-2-28 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-2-28 492888]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-2-28 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-2-28 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-2-28 334352]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\microsoft sql server\mssql$alamode\binn\sqlagent.EXE [2005-5-3 323584]

=============== Created Last 30 ================

2009-02-28 17:48 

 --d----- c:\windows\system32\Service
2009-02-28 13:37 50,192 a------- c:\windows\system32\drivers\tmactmon.sys
2009-02-28 13:37 49,680 a------- c:\windows\system32\drivers\tmevtmgr.sys
2009-02-28 13:35   --d----- c:\docume~1\alluse~1\applic~1\Trend Micro
2009-02-28 13:24 661,808 a------- c:\windows\system32\UfWSC.cpl
2009-02-28 13:23 1,195,384 a------- c:\windows\system32\drivers\vsapint.sys
2009-02-28 13:23 334,352 a------- c:\windows\system32\drivers\TM_CFW.sys
2009-02-28 13:23 205,328 a------- c:\windows\system32\drivers\tmxpflt.sys
2009-02-28 13:23 80,400 a------- c:\windows\system32\drivers\tmtdi.sys
2009-02-28 13:23 36,368 a------- c:\windows\system32\drivers\tmpreflt.sys
2009-02-28 01:54 37,832 a------- c:\windows\alaredun.ini
2009-02-27 21:56 1,409 a------- c:\windows\QTFont.for
2009-02-27 21:56 54,156 a---h--- c:\windows\QTFont.qfn
2009-02-25 18:13   --d----- c:\docume~1\alluse~1\applic~1\CrucialSoft Ltd
2009-02-25 18:12 77,824 a------- c:\windows\system32\BTwR0WN6.exe
2009-02-25 18:12 0 a------- c:\windows\system32\BTwR0WN6.exe.a_a
2009-02-25 18:12 114,180 a------- c:\windows\system32\msxml71.dll

==================== Find3M  ====================

2009-02-25 18:12 54,272 a------- c:\windows\system32\userinit.exe
2009-02-19 22:51 56,062 a------- c:\docume~1\tommym~1\applic~1\wklnhst.dat
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-22 11:17 2,274,552 a------- c:\windows\system32\xsitenet.dll
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 a------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 05:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-12-08 14:52 328,952 a------- c:\windows\system32\alaxml.dll
2008-11-23 17:03 60,808 a------- c:\docume~1\tommym~1\applic~1\GDIPFONTCACHEV1.DAT

============= FINISH: 12:30:04.10 ===============

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 1st, 2009 11:00

  Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report along with any other requested logs into your next reply and exit MBAM.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

 

pmaag

36 Posts

March 1st, 2009 11:00

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

3/1/2009 1:29:48 PM
mbam-log-2009-03-01 (13-29-48).txt

Scan type: Quick Scan
Objects scanned: 83761
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\BTwR0WN6.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\BTwR0WN6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225181350718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225183534859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225205304937.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226163558546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226201313265.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226233159312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227202749203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227210237921.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228122636640.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228133252546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228170632343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228174857562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090301105131484.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090301121835406.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BTwR0WN6.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\tommy maag\Local Settings\Temp\2201.exe (Trojan.FakeAlert) -> Delete on reboot.

pmaag

36 Posts

March 1st, 2009 11:00

Malwarebytes' Anti-Malware 1.34
Database version: 1813
Windows 5.1.2600 Service Pack 2

3/1/2009 1:29:48 PM
mbam-log-2009-03-01 (13-29-48).txt

Scan type: Quick Scan
Objects scanned: 83761
Time elapsed: 12 minute(s), 11 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 6
Files Infected: 19

Memory Processes Infected:
C:\WINDOWS\system32\BTwR0WN6.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CrucialSoft Ltd (Rogue.MSantispyware2009) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ms antispyware 2009 5.7 (Rogue.MSAntiSpyware) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ms antispyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\BTwR0WN6.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225181350718.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225183534859.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090225205304937.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226163558546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226201313265.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090226233159312.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227202749203.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090227210237921.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228122636640.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228133252546.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228170632343.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090228174857562.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090301105131484.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090301121835406.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BTwR0WN6.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\tommy maag\Local Settings\Temp\2201.exe (Trojan.FakeAlert) -> Delete on reboot.

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 1st, 2009 11:00

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:

  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
  • Please include a fresh HijackThis log as well. Let me know if the issue has been resolved  
  • If everything looks good, we'll update Java and flush System Restore.

Bugbatter

3 Apprentice

 • 

20.5K Posts

March 1st, 2009 16:00

Please launch HijackThis, I suggest that you fix this.

It is optional and open to debate, so it is your choice to fix or not:
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
 Info HERE

Close all other windows and click "Fix Checked". Close HijackThis.

Run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup"

Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

Click "OK" and Disk Cleanup will delete those files for you.

REBOOT

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 12 .
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each of the Java versions.
    Close Add/Remove.

  • * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
    * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u12-windows-i586-p.exe to install the newest version.
  • Let me know how things are running after that.
  • If all is running smoothly, we'll flush System Restore, and you'll be in good shape.


pmaag

36 Posts

March 1st, 2009 16:00

I included both logs. I am not sould if it cleaned everything but I will let you know.

thanks for your help

pmaag

36 Posts

March 1st, 2009 16:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:09 PM, on 3/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [The Assistant] C:\Program Files\a la mode\Sched\eSched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKUS\S-1-5-19\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.att.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://nom.mlxchange.com/4.2.10.33/Control/FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://nom.mlxchange.com/4.2.10.33/Control/Specfile.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLS Client Utils) - http://nom.mlxchange.com/4.2.10.33/Control/MLSClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://nom.mlxchange.com/4.2.10.33/Control/LiteGrid.cab
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} (IRCWwwPrint Class) - http://nom.mlxchange.com/4.2.10.33/Control/IRCWebPrint.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://nom.mlxchange.com/4.2.07.27/Control/IRCSharc.cab
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} (Cerebus Class) - http://nom.mlxchange.com/4.2.10.33/Control/WebDog.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://nom.mlxchange.com/4.2.10.33/Control/AspCustomCtrls.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10569 bytes

pmaag

36 Posts

March 1st, 2009 16:00

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/01/2009 at 06:07 PM

Application Version : 4.25.1014

Core Rules Database Version : 3779
Trace Rules Database Version: 1738

Scan type       : Complete Scan
Total Scan Time : 03:15:08

Memory items scanned      : 210
Memory threats detected   : 0
Registry items scanned    : 7468
Registry threats detected : 4
File items scanned        : 92055
File threats detected     : 289

Trojan.Agent/Gen
 [Cognac] C:\WINDOWS\TEMP\3.TMP.EXE
 C:\WINDOWS\TEMP\3.TMP.EXE
 [Cognac] C:\WINDOWS\TEMP\3.TMP.EXE

Adware.Tracking Cookie
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@adtrafficsolution[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@burstnet[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@2o7[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@atlas.entrepreneur[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.entrepreneur[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@admarketplace[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ads.bleepingcomputer[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@stats.adbrite[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@mediaplex[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ad.m5prod[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.burstnet[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@bizrate[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@hitbox[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@bridge2.admarketplace[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@statse.webtrendslive[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@stopzilla[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@dc.tremormedia[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.shopica[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@insightexpressai[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@media.mtvnservices[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@trafficmp[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@adopt.euroclick[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@bestvirusremover2009[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@get-tube-porn[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@specificmedia[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@doubleclick[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@pro-market[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@entrepreneur.122.2o7[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ad.yieldmanager[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@bs.serving-sys[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@***-tube-videoz[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@at.atwola[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@data.coremetrics[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@collective-media[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.kchuentracking[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@overture[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@3151.88035.clickshield[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@d3.zedo[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@clickarrows[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@adserver.adtechus[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@imrworldwide[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@enhance[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.burstbeacon[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@dynamic.media.adrevolver[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@a1.interclick[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@clickthrough.kanoodle[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@searchfeed[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ehg-acxiomcorporation.hitbox[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ads.vidsense[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@ehg-players.hitbox[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@tribalfusion[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@casalemedia[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@247realmedia[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@3151.88037.clickshield[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@shopica[2].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@dr.findlinks[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@adbrite[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@interclick[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.stopzilla[1].txt
 C:\Documents and Settings\tommy maag\Cookies\tommy_maag@www.findstuff[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@a1.interclick[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@azjmp[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@bluestreak[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@cache.trafficmp[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@edge.ru4[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@exittracking[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@fastclick[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@imediablast[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@interclick[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[3].txt
 C:\Documents and Settings\NetworkService\Cookies\system@mediaplex[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@rm.yieldmanager[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@statcounter[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
 C:\Documents and Settings\NetworkService\Cookies\system@www.burstnet[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@www.tltrack[1].txt
 C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@advertising[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@apmebf[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@atdmt[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@bluestreak[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@citi.bridgetrack[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjkoeld5aho.stats.esomniture[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjkyglcpido.stats.esomniture[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjlioidpcko.stats.esomniture[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjliuhcjkgo.stats.esomniture[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjnyogczshp.stats.esomniture[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@e-2dj6wjnyuodzckp.stats.esomniture[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@edge.ru4[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@mediaplex[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@qksrv[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@questionmarket[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@servedby.advertising[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@stat.dealtime[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam maag@statse.webtrendslive[2].txt
 C:\Documents and Settings\pam maag\Cookies\pam_maag@adserver.adtechus[1].txt
 C:\Documents and Settings\pam maag\Cookies\pam_maag@doubleclick[1].txt

Trojan.Unclassified/Cognac
 HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#Cognac [ C:\WINDOWS\TEMP\3.tmp.exe ]
 HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#Cognac [ C:\WINDOWS\TEMP\3.tmp.exe ]

Trojan.Agent/Gen-83931
 C:\DOCUMENTS AND SETTINGS\TOMMY MAAG\LOCAL SETTINGS\TEMP\16434.EXE

Trace.Known Threat Sources
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\i35_icon4[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\i35_btn5[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\i35_bg-btn3[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_line2[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\params[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\spacer[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\settings[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[5].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_bg-btn1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_no_flash[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\setcookies[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[9].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\14[1].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[9].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\i35_icon1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAV736SQ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[2].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_btn1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\rght[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\i35_bg1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers:emotion-29:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_icon2[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA42DQVA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAI6J26Z.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCARE2LSW.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA5JXVVN.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[3].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\index_new[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\i35_icon3[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers:emotion-29:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\14[2].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAW7TZ50.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\crypt[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[3].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[4].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[4].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\managers[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA17Z3GO.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[7].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAVUNY1N.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAH35FF5.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA41ML5A.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[3].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\i35_spacer[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\i35_t1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[2].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[5].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAN8185F.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[11].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAKKP5FA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\i35_btn3[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\i35_line1[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\i35_bg-btn2[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\5[1].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAIQR4PA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAZLGULR.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAI3W1MA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[11].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA1D641W.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA2U674G.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCANWCS3M.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA4R7BXP.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAT1UTLN.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAEM0DDB.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[7].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAN2PDQY.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAPCFG0Z.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAW05VMT.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[7].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[9].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAKZJ48B.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[10].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAG94IZ9.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCASOGIRS.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAN0YRDB.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAOBNUMD.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAITGZPQ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers:emotion-29:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAECP6DW.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAOHL9UH.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCABU5D0S.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAA3JBBP.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[1].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAMNO0R0.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA1ZQGJ9.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAJTBCNB.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAFE3GVU.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA4B8K4C.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA8U6VD1.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA39J0KN.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAX4DQ6W.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAVRCW69.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA0ONF7Z.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAPSZ8RZ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA9GVYTF.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAIUNAGA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCASAGC88.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA0EA3JN.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[5].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA0MYL43.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA1VFKLZ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers:emotion-14:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[10].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAIXUX4E.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAZKI1BU.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCADSD0BW.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAFJX745.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAGQG4WM.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAAXWPMM.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers:emotion-29:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAG8SZDL.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCANRJ73T.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAP08XO9.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[2].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA959X78.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCALKI66J.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAUU6GMF.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCABC33B6.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA101NAD.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers:emotion-14:.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCARDWFAC.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAI38CUE.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAUEZG4V.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAG5KFWL.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installers[11].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAG1DM35.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAO7DRTA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCACSRE6D.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA7H71AE.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA3WC1X1.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCATDX33T.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA9P9B9P.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAO3SLWJ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA73FEFH.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA5Q933U.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA1MVMJH.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCA3JWW6S.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAWSATT9.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[4].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAAXPENF.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAF2PW1S.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAVDFSRG.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA1HHH2P.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAO8J5SL.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAYTYGT5.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installers[10].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCAGE3EWG.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCARVYHU1.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA21NVP5.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAI5DFXR.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAWU8ZA1.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installers[10].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAMPFSBB.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installers[5].js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAGXCORL.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAHXC0VY.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA46UHKU.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\14[2].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAODZ3QU.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCAVCHU2E.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAQSB8FQ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\secure_installersCA7AHJPR.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA84TMRU.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA5DP15S.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAOQQ03W.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAUTUAQR.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA8QPZJO.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCA0R4SAS.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCATW1TKD.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAGYJRCA.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\down[1].gif
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\BEBUHECF\secure_installersCARKVXP6.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCAGTR4JJ.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA51E8T6.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\14[4].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\14[5].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\D0GR7QC4\14[4].htm
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\FYHIGTCQ\secure_installersCA235FXS.js
 C:\Documents and Settings\tommy maag\Local Settings\Temporary Internet Files\Content.IE5\R9NH53IL\secure_installersCAJX5UJN.js

Was this post helpful?

View All

No Events found!

Top