temp files accumulating and windows error messages

Hello again ,

I am surprised that MBAM did not take care of some of that malware, or were you unable to run it?

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you are using any cracked software, please remove it. Definition of cracked software: http://en.wikipedia.org/wiki/Software_cracking

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. There is a list here:    http://en.community.dell.com/forums/p/19241146/19367569.aspx#19367569

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.

* During the course of our cleanup please do not do any online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HijackThis log at the top of this board to start a new forum topic.

Hello again , I am surprised that MBAM did not take care of some of that malware, or were you unable to run it? I was unable to run MBAM so that is why I didn't get rid of the malware I am reviewing your log. In the meantime, you can help me by addressing the following:   * Have you have posted this issue on another forum? If so, please provide a link to the topic. I have only posted to the dell community. Here is the first thread that I started http://en.community.dell.com/forums/p/19241345/19369030.aspx#19369030 and then I started the one that you picked up * If you are using any cracked software, please remove it. Definition of cracked software: http://en.wikipedia.org/wiki/Software_cracking I don't think I have any of this * If you are using any P2P (file sharing) programs, please remove them before we clean your computer.  The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. There is a list here:    http://en.community.dell.com/forums/p/19241146/19367569.aspx#19367569 I don't think I have any of this * If this computer belongs to someone else, do you have authority to apply the fixes we will use? My computer so no problem here * Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log. I had some other issues last February that I had help on fixing using HijackThis, but I haven't use it since until tonight. * After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using.   * During the course of our cleanup please do not do any online work or surfing until we have verified that your system is clean.   * We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.   * If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.   I look forward to your reply so we can begin cleaning. Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a HijackThis log at the top of this board to start a new forum topic.

Rightclick on an empty space on your desktop and choose New > Folder Name it HijackThis (HJT, or something similar)

Rightclick HijackThis.exe, choose Cut.

Doubleclick (to open) the folder you created.

Rightclick inside and choose Paste.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
• (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  
• Finally paste the contents of the Report.txt back here with any other logs requested

* Please see if you can update MBAM (or whatever you renamed it) and try to run that scan again, so you can post that log along with your report from SDFix and a fresh HijackThis log.

Note: The above instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system. You should NOT use SDFix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert, not for private use.

SDFix doesn't seem to want to run. I also keep getting this pop-up that asks if I want to block emails.

Duplicate post deleted.

Delete SDFix. You will need to try the same  procedure that you did with MBAM: Use a clean computer to download SDFix to a USB stick or burn it to a CD..

1.Download from here:

http://sdfix.net/SDFix.exe

2.  While still using the clean computer, BEFORE you transfer it to the infected computer rename SDFix.exe to hippo.exe.

3. Transfer hippo.exe to the infected computer and see if it will run per instructions provided above. Remember to use Safemode to run it.

Let me know if that works, and please post the updated logs.

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:38:56 PM, on 11/18/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe c:\PROGRA~1\mcafee\msc\mcuimgr.exe C:\Documents and Settings\Phil\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE / "C:\WINDOWS\TEMP\E_S57D.tmp" /EF "HKCU" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25L/webex/ieatgpc.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://asalgebra.platoweb.com/Reserved.ReportViewerWebControl.axd?ReportSession=hvozgcvdokez1p554wdw0j45&ControlID=937e48ec-7ed9-4360-a1e0-7f880f681ba3&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -- End of file - 7626 bytes

Here is the SDFix report

SDFix: Version 1.240
Run by Administrator on Tue 11/18/2008 at 07:18 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\jsne87fidgf.dll - Deleted
C:\141136~1 - Deleted
C:\Program Files\GetPack\dictame.gz - Deleted
C:\Program Files\GetPack\trgtame.gz - Deleted
C:\Program Files\iCheck\Uninstall.exe - Deleted
C:\Program Files\Mjcore\Mjcore.dll - Deleted
C:\Program Files\Webtools\webtools.dll - Deleted
C:\WINDOWS\system32\crypts.dll - Deleted
C:\WINDOWS\system32\rs32net.exe - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\sxmg4.dll - Deleted
C:\WINDOWS\system32\TDSSriqp.dll - Deleted
C:\WINDOWS\system32\TDSSpaxt.dat - Deleted
C:\WINDOWS\system32\TDSSsbhc.log - Deleted

Could Not Remove C:\WINDOWS\system32\TDSSktkl.dll
Could Not Remove C:\WINDOWS\system32\TDSSoeqh.dll
Could Not Remove C:\WINDOWS\system32\TDSSosvn.dll
Could Not Remove C:\WINDOWS\system32\TDSSnrsr.dll

Folder C:\Documents and Settings\Phil\Application Data\gadcom - Removed
Folder C:\Documents and Settings\Phil\Application Data\Gool - Removed
Folder C:\Documents and Settings\Phil\Application Data\SpeedRunner - Removed
Folder C:\Program Files\GetPack - Removed
Folder C:\Program Files\iCheck - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Mjcore - Removed
Folder C:\Program Files\Webtools - Removed

Removing Temp Files

ADS Check :
 

                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-18 16:07:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

disk error: C:\WINDOWS\system32\config\system, 0
scanning hidden registry entries ...

disk error: C:\WINDOWS\system32\config\software, 0
disk error: C:\Documents and Settings\Phil\ntuser.dat, 0
scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

C:\WINDOWS\system32\TDSSktkl.dll Found
C:\WINDOWS\system32\TDSSoeqh.dll Found
C:\WINDOWS\system32\TDSSosvn.dll Found
C:\WINDOWS\system32\TDSSnrsr.dll Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun  6 Aug 2006       146,432 ..SHR --- "C:\Program Files\Kids Cam Show and Share Creativity Center\Setup.exe"
Mon 18 Apr 2005        39,936 A.SHR --- "C:\Program Files\Kids Cam Show and Share Creativity Center\_Setupx.dll"
Sat  2 Jun 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Sep 2008        20,487 A.SHR --- "C:\Program Files\McAfee\MQC\MRU.bak"
Mon 22 Sep 2008           265 A.SHR --- "C:\Program Files\McAfee\MQC\qcconf.bak"
Mon 10 Nov 2008        20,993 ...H. --- "C:\Documents and Settings\Julie\Local Settings\Temp\csrssc.exe"
Tue 18 Nov 2008        22,017 ...H. --- "C:\Documents and Settings\Phil\Local Settings\Temp\csrssc.exe"
Tue 24 Jun 2003        41,472 A..H. --- "C:\Documents and Settings\Phil\My Documents\bus calc\~WRL1509.tmp"
Tue 24 Jun 2003        30,720 A..H. --- "C:\Documents and Settings\Phil\My Documents\bus calc\~WRL1946.tmp"
Tue 12 Jul 2005        24,576 A..H. --- "C:\Documents and Settings\Phil\My Documents\Calculus\~WRL0022.tmp"
Wed 13 Jul 2005        39,424 A..H. --- "C:\Documents and Settings\Phil\My Documents\Calculus\~WRL3510.tmp"
Sat  2 Apr 2005       102,912 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0160.tmp"
Sat 23 Apr 2005        52,736 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0219.tmp"
Sat 23 Apr 2005        18,944 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0405.tmp"
Sat 12 Feb 2005       154,112 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0423.tmp"
Sat  2 Apr 2005        98,304 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0534.tmp"
Sat 12 Feb 2005       152,064 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0731.tmp"
Fri  1 Apr 2005        19,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0915.tmp"
Sat  5 Mar 2005        52,224 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0916.tmp"
Fri  1 Apr 2005        28,672 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL0937.tmp"
Sat 12 Feb 2005       100,352 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1005.tmp"
Thu  3 Mar 2005       144,384 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1056.tmp"
Sat 12 Feb 2005       180,736 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1156.tmp"
Sat  2 Apr 2005        63,488 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1283.tmp"
Sat 23 Apr 2005        74,240 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1293.tmp"
Sat 23 Apr 2005        71,680 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1392.tmp"
Sat  5 Mar 2005        74,752 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1411.tmp"
Sat 23 Apr 2005        76,800 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1461.tmp"
Sat  2 Apr 2005       105,472 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1498.tmp"
Sat  5 Mar 2005       160,768 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1640.tmp"
Fri  4 Mar 2005       258,560 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1710.tmp"
Sat 23 Apr 2005       111,616 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1805.tmp"
Sat 23 Apr 2005       119,296 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1840.tmp"
Sat 12 Feb 2005       134,656 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL1963.tmp"
Sat  2 Apr 2005       129,024 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2045.tmp"
Fri  4 Mar 2005       233,984 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2110.tmp"
Sun 27 Feb 2005        19,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2156.tmp"
Thu  3 Mar 2005        74,240 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2269.tmp"
Thu  3 Mar 2005       139,776 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2285.tmp"
Sat 12 Feb 2005       301,056 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2311.tmp"
Wed 23 Mar 2005        17,920 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2313.tmp"
Fri  4 Mar 2005       219,648 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2316.tmp"
Fri 11 Feb 2005        49,152 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2333.tmp"
Fri 11 Feb 2005        53,760 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2408.tmp"
Sat  5 Mar 2005       109,056 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2445.tmp"
Sat 12 Feb 2005       199,680 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2555.tmp"
Sat  2 Apr 2005       121,344 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2607.tmp"
Sat  2 Apr 2005       114,176 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2732.tmp"
Sat  5 Mar 2005       101,888 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2771.tmp"
Sat 23 Apr 2005       121,344 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2787.tmp"
Mon 14 Feb 2005       321,536 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2795.tmp"
Thu  3 Mar 2005        53,760 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2810.tmp"
Wed  9 Feb 2005        40,448 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2836.tmp"
Sat  5 Mar 2005       127,488 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2915.tmp"
Sun  6 Mar 2005       161,280 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2978.tmp"
Thu  3 Mar 2005       136,192 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL2986.tmp"
Fri 11 Feb 2005        96,768 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3002.tmp"
Sat  5 Mar 2005        58,880 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3121.tmp"
Sat  5 Mar 2005        73,728 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3264.tmp"
Sat 12 Feb 2005       175,104 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3330.tmp"
Sat  5 Mar 2005        64,000 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3478.tmp"
Sat 23 Apr 2005       106,496 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3491.tmp"
Fri  4 Mar 2005       206,848 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3507.tmp"
Fri 11 Feb 2005        94,208 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3513.tmp"
Sat  5 Mar 2005       142,848 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3556.tmp"
Sat 23 Apr 2005        73,728 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3558.tmp"
Sat  5 Mar 2005        99,328 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3575.tmp"
Sat  5 Mar 2005       150,016 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3595.tmp"
Fri 11 Feb 2005        75,776 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3703.tmp"
Sat  2 Apr 2005        99,840 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3709.tmp"
Thu  3 Mar 2005        53,760 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3753.tmp"
Fri  4 Mar 2005       219,648 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3809.tmp"
Fri  4 Mar 2005       157,184 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3810.tmp"
Sat  5 Mar 2005        89,600 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3821.tmp"
Wed 23 Mar 2005        27,648 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3903.tmp"
Fri  4 Mar 2005       165,888 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL3990.tmp"
Fri  4 Mar 2005       248,320 A..H. --- "C:\Documents and Settings\Phil\My Documents\Fourier Series\~WRL4084.tmp"
Fri  9 Jun 2000        31,232 A..H. --- "C:\Documents and Settings\Phil\My Documents\fundamentals\~WRL0005.tmp"
Fri  1 Aug 2008        22,016 A..H. --- "C:\Documents and Settings\Phil\My Documents\JCCC\~WRL0028.tmp"
Wed 17 Sep 2003        20,480 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL0570.tmp"
Sat  6 Dec 2003       141,824 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL1369.tmp"
Sat 11 Oct 2003        65,024 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL1888.tmp"
Thu 11 Sep 2003       123,392 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL2143.tmp"
Fri 14 Nov 2003       141,824 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL2863.tmp"
Fri 14 Nov 2003        53,760 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 591\~WRL3598.tmp"
Thu 19 Feb 2004       268,288 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 727\~WRL1219.tmp"
Mon 28 Jun 2004       124,416 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 728\~WRL0004.tmp"
Wed 16 Jun 2004        30,208 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 728\~WRL2531.tmp"
Wed 30 Jun 2004        74,240 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 728\~WRL3096.tmp"
Sat 20 Nov 2004        83,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0001.tmp"
Sat  4 Sep 2004        78,848 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0153.tmp"
Sat 13 Nov 2004        83,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0406.tmp"
Sat  4 Sep 2004        83,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0455.tmp"
Sat 13 Nov 2004        25,600 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0604.tmp"
Sat 13 Nov 2004        47,104 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL0958.tmp"
Sat 13 Nov 2004        58,880 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1131.tmp"
Sun 28 Nov 2004       100,352 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1500.tmp"
Sat  4 Sep 2004       143,360 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1770.tmp"
Sun 28 Nov 2004       109,056 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1822.tmp"
Sat  4 Sep 2004       141,312 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1895.tmp"
Sun  3 Oct 2004        36,352 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL1980.tmp"
Sat  4 Sep 2004       143,360 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL2515.tmp"
Sat  4 Sep 2004       167,936 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL2591.tmp"
Sat 13 Nov 2004        76,288 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL2763.tmp"
Sat 13 Nov 2004        33,280 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL2926.tmp"
Sun  3 Oct 2004        51,712 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL3261.tmp"
Sat  4 Sep 2004       109,568 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL3496.tmp"
Sat 13 Nov 2004        84,480 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 735\~WRL3831.tmp"
Thu 16 Jun 2005        35,840 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 764\~WRL0310.tmp"
Tue 14 Jun 2005        19,456 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 764\~WRL0722.tmp"
Tue 14 Jun 2005        20,992 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 764\~WRL2872.tmp"
Thu 16 Jun 2005        30,208 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 764\~WRL2961.tmp"
Thu 16 Jun 2005        25,088 A..H. --- "C:\Documents and Settings\Phil\My Documents\MA 764\~WRL4030.tmp"
Tue 14 Jun 2005        19,456 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0003.tmp"
Fri  1 Apr 2005        19,968 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0167.tmp"
Sat  5 Mar 2005        18,432 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0225.tmp"
Sun  3 Oct 2004        64,000 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0282.tmp"
Sat  4 Sep 2004       161,280 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0354.tmp"
Sat  4 Sep 2004       157,184 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0404.tmp"
Sat 12 Feb 2005       158,208 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0466.tmp"
Mon 14 Feb 2005       313,344 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0476.tmp"
Thu  3 Mar 2005        67,072 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0504.tmp"
Fri  4 Mar 2005       171,008 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0595.tmp"
Mon 14 Feb 2005       317,440 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0654.tmp"
Thu 17 Jun 2004        42,496 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0684.tmp"
Fri  4 Mar 2005       238,080 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0740.tmp"
Sat 12 Feb 2005       117,760 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0768.tmp"
Wed 23 Mar 2005        34,816 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0817.tmp"
Sat  5 Mar 2005        35,840 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL0935.tmp"
Sat  5 Mar 2005        65,024 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1047.tmp"
Sat  4 Sep 2004       128,512 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1052.tmp"
Sat  4 Sep 2004       149,504 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1226.tmp"
Fri  4 Mar 2005       236,032 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1332.tmp"
Thu 15 Jun 2006        56,320 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1511.tmp"
Sat  4 Sep 2004       140,800 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1587.tmp"
Sat  5 Mar 2005        34,304 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1640.tmp"
Thu 16 Jun 2005        37,888 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1652.tmp"
Sat  4 Sep 2004       155,648 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1656.tmp"
Sun 24 Apr 2005       158,720 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1685.tmp"
Sat  5 Mar 2005       139,264 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1691.tmp"
Thu  3 Mar 2005       117,760 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1919.tmp"
Thu  3 Mar 2005        57,344 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1935.tmp"
Mon 14 Feb 2005       307,712 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL1989.tmp"
Thu 17 Jun 2004        81,408 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2181.tmp"
Sat  4 Sep 2004       155,136 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2285.tmp"
Sat  4 Sep 2004       172,544 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2308.tmp"
Fri  4 Mar 2005       233,984 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2341.tmp"
Thu 15 Jun 2006        51,712 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2389.tmp"
Thu 17 Jun 2004        76,800 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2499.tmp"
Sat 12 Feb 2005       111,616 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2557.tmp"
Sat 23 Apr 2005       157,184 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2928.tmp"
Thu 17 Jun 2004        82,944 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2946.tmp"
Fri 11 Feb 2005        97,792 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL2947.tmp"
Sat 23 Apr 2005        58,368 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3054.tmp"
Fri  4 Mar 2005       189,952 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3061.tmp"
Sat  4 Sep 2004       145,408 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3087.tmp"
Sat  5 Mar 2005       139,776 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3105.tmp"
Thu  1 Jul 2004        87,552 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3156.tmp"
Thu  3 Mar 2005        36,864 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3296.tmp"
Thu  3 Mar 2005       102,400 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3417.tmp"
Wed 23 Mar 2005        43,008 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3458.tmp"
Thu 16 Jun 2005        26,624 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3487.tmp"
Thu 17 Jun 2004        73,728 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3508.tmp"
Sat  4 Sep 2004        32,256 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3549.tmp"
Wed 13 Jul 2005        49,152 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3550.tmp"
Sat 23 Apr 2005        33,280 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3560.tmp"
Thu  3 Mar 2005        45,568 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3565.tmp"
Thu  3 Mar 2005        24,064 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3681.tmp"
Sat 12 Feb 2005       123,904 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3706.tmp"
Sat  2 Apr 2005        92,672 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3770.tmp"
Thu 17 Jun 2004        35,840 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3801.tmp"
Wed 23 Mar 2005        33,280 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3931.tmp"
Thu 16 Jun 2005        22,016 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL3978.tmp"
Thu  1 Jul 2004        91,136 ...H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Word\~WRL4097.tmp"
Thu 15 Jun 2006        35,328 A..H. --- "C:\Documents and Settings\Phil\My Documents\Calculus\241 06\~WRL1193.tmp"
Sun 11 Apr 2004         7,318 A..H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Office\Shortcut Bar\Off10.tmp"
Mon  2 Feb 2004        16,918 A..H. --- "C:\Documents and Settings\Phil\Application Data\Microsoft\Office\Shortcut Bar\Pro12.tmp"
Tue 10 Apr 2007             8 A..H. --- "C:\Documents and Settings\Phil\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Tue 10 Apr 2007             8 A..H. --- "C:\Documents and Settings\Phil\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Tue 10 Apr 2007             8 A..H. --- "C:\Documents and Settings\Phil\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"
Tue 10 Apr 2007             8 A..H. --- "C:\Documents and Settings\Phil\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u4\lock.tmp"

Finished!

I was able to get SDFix to work and then also MBAM. Here are the reports. I will try to run HijackThis again and post that as well.

Malwarebytes' Anti-Malware 1.30
Database version: 1410
Windows 5.1.2600 Service Pack 3

11/18/2008 4:25:45 PM
mbam-log-2008-11-18 (16-25-45).txt

Scan type: Quick Scan
Objects scanned: 57326
Time elapsed: 10 minute(s), 43 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 17
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 4
Files Infected: 188

Memory Processes Infected:
C:\Documents and Settings\Phil\Local Settings\Temp\winlogin.exe (Trojan.Clicker) -> Unloaded process successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e0f01490-dcf3-4357-95aa-169a8c2b2190} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c897d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98663e21-9cce-4cf6-863c-911a9523a66f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xsjfn83jkemfofght (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jnskdfmf9eldfd (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\c:\program files\adwarealert\ (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\Log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\Settings (Rogue.AdwareAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Phil\Local Settings\Temp\winlogin.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\csrssc.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSktkl.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSnrsr.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSoeqh.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\TDSSosvn.dll (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\DRIVERS\TDSSpcuu.sys (Trojan.TDSS) -> Delete on reboot.
C:\oxii.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\qnurnd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ulakr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS1696.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS4b9.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSS824.tmp (Trojan.TDSS) -> Delete on reboot.
C:\WINDOWS\Temp\TDSSd2d6.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1006586194.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1049852662.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1071124934.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1071745782.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\107872522.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1093018054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1093475910.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1157501686.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1191349842.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1194268054.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1200667078.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\123355570.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1234990132.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\loader.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3518871652.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\35408630.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3549253536.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3553123062.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3553410502.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3575016182.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3614685914.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3661059526.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3661680374.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3670598002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3682952646.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3730005398.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\331240616.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3770765146.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4053860758.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\899903486.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\__1B5.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\__1B6.tmp (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1925808282.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2036117070.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2107462086.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2148827834.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2165118336.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2180219874.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\220546100.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2215731958.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2224514838.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\639620550.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\657014750.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\703744394.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\704104182.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\716274465.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\724431200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\725997302.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\755993744.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\760390950.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\78574022.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\82385366.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\833933766.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\855539446.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\866204288.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\877643352.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\899638494.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1372599952.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1416585974.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1421240616.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1429842164.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\143057654.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1455568702.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1463926166.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1524234998.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1524522438.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1550030502.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1565936531.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1584071478.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1588864162.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\251451754.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2519932654.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2554736408.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2559780028.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\263878834.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\272599798.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\272887238.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2940022836.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\294492918.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2993388208.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\926277098.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\942203638.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\956538708.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\963188470.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\963475910.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\979154852.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\997371266.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\D6D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2997665360.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3050561102.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3100633846.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3122062368.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3158631852.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3195521370.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\319939990.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3230175990.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3268740792.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4114169590.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4136062710.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4140558623.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4243999174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\446335632.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\448504924.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\449482134.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\460626510.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\510078406.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\510699254.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\522580974.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\57301750.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\579024278.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\619623118.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1593312060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1631542838.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\164950774.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1673959310.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1683060618.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1699500562.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\170695916.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1729991232.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1761055374.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1766960236.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1811033630.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1815953638.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\186223046.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\187312644.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1925578804.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3313439186.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3315931894.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3343010432.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3359097286.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3403283288.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3445474038.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3449242686.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3466746310.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\347887238.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\350088244.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1245401558.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\125438128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1272574254.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1287331270.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1318268770.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1318325896.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1334384022.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1345528398.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1350706832.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\1353206546.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3790601670.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\381157110.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3846883846.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3859547542.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3920143814.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3962534544.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3963940794.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\3980615132.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\4006520566.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\402429382.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2249434164.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\226386522.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2268344786.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2270044646.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2337534742.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2413653398.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\243123216.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2479642404.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Local Settings\Temp\2509708880.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Julie\Local Settings\Temp\csrssc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\Microsoft\Windows\shnxxl.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\rs.dat (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\Log\2008 Feb 04 - 11_18_35 PM_843.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\Log\2008 Feb 04 - 11_18_47 PM_703.log (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Phil\Application Data\AdwareAlert\Settings\ScanResults.pie (Rogue.AdwareAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\atmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Desktop\Help and Support Center.lnk (Rogue.Link) -> Quarantined and deleted successfully.

Your HijackThis log did not format correctly when you posted.  Did you do anything differently when posting that? Make sure Wordwrap is not checked on the File menu in Notepad.

We are dealing with a very nasty rootkit here. We will need to  run a more powerful tool in order to be sure we remove all components.

Please download Combofix from HERE

** Take note that the link is case sensitive
Save ComboFix to the desktop. **Note: It is important that it is saved directly to, and run from your desktop**

In the event you already have Combofix, please delete it as this is a new version. Please ensure you read this guide below carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Please go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System



Download the file & save it as it's originally named, next to ComboFix.exe.

Now close all open windows and programs, including all anti virus and anti malware programs so they do not interfere with the running of ComboFix. . Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

• Drag the setup package onto ComboFix.exe and drop it.
• 
  
• Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
• 
  
• At the next prompt, click 'Yes' to run the full ComboFix scan.
• 
  
• When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

Note: The above instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert. It is intended by its creator to be used under the guidance and supervision of an expert trained in its use. It is not for private use and is to be run only when requested by an analyst on a forum.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:45 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Phil\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE / "C:\WINDOWS\TEMP\E_S57D.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://asalgebra.platoweb.com/Reserved.ReportViewerWebControl.axd?ReportSession=hvozgcvdokez1p554wdw0j45&ControlID=937e48ec-7ed9-4360-a1e0-7f880f681ba3&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

--
End of file - 7246 bytes

ComboFix 08-11-18.02 - Phil 2008-11-18 17:50:47.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.236 [GMT -6:00]
Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Phil\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Julie\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
c:\documents and settings\Phil\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Phil\Local Settings\Temporary Internet Files\fbk.sts
C:\kmd.exe
c:\windows\IE4 Error Log.txt

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

(((((((((((((((((((((((((   Files Created from 2008-10-18 to 2008-11-18  )))))))))))))))))))))))))))))))
.

2008-11-18 16:11 . 2008-11-18 16:11 

I wish you could disable McAfee while we are working. That file is needed by the tools we are working with.

ComboFix was meant to be run with anti-virus and other security DISABLED.

-----------------------------------------

Please run Hijackthis and place a checkmark next to the following:

O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)

Close all other windows and click "Fix Checked". Close Hijackthis.

Reboot.

Run Disk Cleanup in each user's profile: Click "Start > Programs > Accessories > System Tools > Disk Cleanup" Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

Click "OK" and Disk Cleanup will delete those files for you.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.

Please follow these steps to remove older version Java components and update.

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications. .
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• NOTE: As always during installations, beware of any pre-checked option to install the Microsoft's Live Search Toolbar.
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each of the Java versions.
  Close Add/Remove.
• 
  * In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
  * Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
  
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.

Official JAVA Installation Instructions if needed.

Following that, please post a fresh HijackThis log and let me know how things are running.

My McAfee keeps wanting to remove a "potentially unwanted program" Tool-NirCmd.

Thus far, I have been keeping it rather than removing it.

Sorry, I couldn't figure out how to turn off the McAfee. It said that it wasn't protecting my computer so I was hoping that it wouldn't mess anything up.

My Internet seems to be back to normal. The pics show up and I can get to places that I used to not be able to. A couple of issues still exist. When I click on properties of my Phil folder in documents and settings, the number of files and folders just start to increase like my folder is being filled up. Another thing is that several days ago when this first started happening, I tried to update my Ad-Aware. It wouldn't update, so I tried to delete it. Well my lavasoft folder is empty but when I go to control panel add/remove it still shows up and when I try to remove, I get this strange message. I tried to download a new copy, but of course it says that I have to remove the existing one first which I cannot do. :( Thank you for all of your help. Here is my new HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:24 PM, on 11/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Phil\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE / "C:\WINDOWS\TEMP\E_S57D.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T25L/webex/ieatgpc.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {FA91DF8D-53AB-455D-AB20-F2F023E498D3} (RSClientPrint Class) - http://asalgebra.platoweb.com/Reserved.ReportViewerWebControl.axd?ReportSession=hvozgcvdokez1p554wdw0j45&ControlID=937e48ec-7ed9-4360-a1e0-7f880f681ba3&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

--
End of file - 7213 bytes