OK, here are the logs:
1. the ComboFix.txt report
2. the Kaspersky report and
3. a new HijackThis log
ComboFix 08-04-20.5 - Tony G 2008-04-23 16:41:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.94 [GMT -7:00]
Running from: C:\Documents and Settings\Tony G\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tony G\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\bcfbcea_g.dll
C:\WINDOWS\system32\ccpwrmup.ini
C:\WINDOWS\system32\inbjetco.ini
C:\WINDOWS\system32\nwuhmisl.dll
C:\WINDOWS\system32\tkdehene.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bcfbcea_g.dll
C:\WINDOWS\system32\ccpwrmup.ini
C:\WINDOWS\system32\inbjetco.ini
C:\WINDOWS\system32\nwuhmisl.dll
C:\WINDOWS\system32\tkdehene.ini
.
((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.
2008-04-22 14:10 . 2008-04-22 14:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-22 14:10 . 2008-04-22 14:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-21 08:42 . 2008-04-21 08:42 <DIR> d-------- C:\Documents and Settings\Tony G\Application Data\Malwarebytes
2008-04-21 08:40 . 2008-04-21 08:40 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 08:40 . 2008-04-21 08:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 07:54 . 2008-04-21 07:54 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-21 07:45 . 2008-04-21 08:35 <DIR> d-------- C:\SDFix
2008-04-20 22:50 . 2008-02-15 23:39 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-20 22:50 . 2008-02-15 23:39 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-04-20 22:50 . 2008-02-15 23:39 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-04-20 22:48 . 2008-04-20 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-20 22:41 . 2008-04-21 12:53 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-04-20 12:40 . 2008-04-20 22:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 10:04 . 2008-04-20 12:03 <DIR> d-------- C:\Documents and Settings\Tony G\.housecall6.6
2008-04-19 23:18 . 2008-04-19 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-04-19 21:13 . 2008-04-19 21:13 <DIR> d-------- C:\Documents and Settings\Tony G\Application Data\GlarySoft
2008-04-19 20:41 . 2008-04-19 20:41 <DIR> d-------- C:\WINDOWS\PC Check-up
2008-04-19 20:41 . 2008-04-19 20:57 <DIR> d-------- C:\Program Files\PC Check-up
2008-04-19 19:46 . 1998-12-24 20:23 40,960 --a------ C:\WINDOWS\system32\VBAME.DLL
2008-04-19 16:43 . 2004-08-04 03:00 146,432 --a------ C:\Documents and Settings\Tony G\REGEDIT.COM
2008-04-19 16:29 . 2008-04-19 23:05 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-19 12:28 . 2008-04-19 12:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-15 13:23 . 2008-04-15 13:23 <DIR> d-------- C:\Program Files\Common Files\Winferno
2008-04-15 13:23 . 2008-04-15 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winferno
2008-04-15 13:23 . 2006-10-09 14:06 495,616 --a------ C:\WINDOWS\system32\WINUTIL5.DLL
2008-03-28 20:22 . 2008-03-28 20:22 87 --a------ C:\WINDOWS\cdplayer.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 05:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-20 06:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-20 05:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-20 02:32 --------- d-----w C:\Program Files\RegScrubXP
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-17 03:14 4 ----a-w C:\results.bin
2008-03-16 17:24 --------- d-----w C:\Program Files\Keyword Elite
2008-03-07 01:13 --------- d-----w C:\Program Files\KeywordsAnalyzer7
2008-03-07 01:13 --------- d-----w C:\Program Files\InstantLinkPoster
2008-03-05 00:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 17:22 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-03-03 17:22 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-03-03 17:21 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-03 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-03-03 17:19 --------- d-----w C:\Documents and Settings\Tony G\Application Data\Intel
2008-03-02 02:58 --------- d-----w C:\Program Files\MSBuild
2008-03-02 02:54 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-02 02:53 --------- d-----w C:\Program Files\MSXML 6.0
2008-02-20 21:27 286,720 ------w C:\WINDOWS\Setup1.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 09:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2008-01-13 02:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2001-08-23 20:00 557,128 ----a-w C:\Program Files\Common Files\dao360.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-21_13.13.53.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-21 20:05:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-23 18:37:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ZipFile]
@=
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 14:33 155648]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 18:15 290816]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 05:33 122941]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-14 14:46 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2006-12-05 16:38 707360]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 14:19 53248]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 14:50 221184]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-15 20:42 185784]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [ ]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-16 00:56 1398024]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 00:11]
S3 Winferno Subscription Service;Winferno Subscription Service;"C:\Program Files\Common Files\Winferno\WSS\WSS.exe" [2007-07-30 10:29]
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 02:52:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 18:38:07 C:\WINDOWS\Tasks\PCConfidential.job"
- C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
"2008-04-19 16:00:00 C:\WINDOWS\Tasks\rpc.job"
- C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
"2008-04-20 18:05:01 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-20 19:19:43 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-04-23 18:38:10 C:\WINDOWS\Tasks\WSSHelper.job"
- C:\Program Files\Common Files\Winferno\WSS\WSSHelper.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-23 16:50:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-23 16:54:40
ComboFix-quarantined-files.txt 2008-04-23 23:54:21
ComboFix2.txt 2008-04-23 14:42:28
ComboFix3.txt 2008-04-21 20:15:01
Pre-Run: 20,110,528,512 bytes free
Post-Run: 20,088,942,592 bytes free
156 --- E O F --- 2008-04-10 14:19:22
************************************************************************************
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-04-23 19:13
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/04/2008
Kaspersky Anti-Virus database records: 723770
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 55440
Number of viruses found: 10
Number of infected objects: 11
Number of suspicious objects: 5
Duration of the scan process: 01:23:27
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp Object is locked skipped
C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\A0166249.exe.bac_a00516 Infected: not-a-virus:FraudTool.Win32.SpywareIsolator.f skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\A0166551.dll.bac_a00516 Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\A0166552.dll.bac_a00516 Infected: not-a-virus:AdWare.Win32.Virtumonde.plw skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\A0169350.exe.bac_a00516 Infected: not-a-virus:FraudTool.Win32.SpywareIsolator.h skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\octejbni.dll.bac_a00516 Infected: not-a-virus:AdWare.Win32.Virtumonde.pmw skipped
C:\Documents and Settings\Tony G\.housecall6.6\Quarantine\wvUkhGAP.dll.bac_a00516 Infected: not-a-virus:AdWare.Win32.Virtumonde.qol skipped
C:\Documents and Settings\Tony G\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tony Gagliardi" <tgag@cox.net>][Date Wed, 16 Apr 2008 21:15:19 -0700]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tony Gagliardi" <tgag@cox.net>][Date Wed, 16 Apr 2008 21:15:19 -0700]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tony Gagliardi" <tgag@cox.net>][Date Wed, 16 Apr 2008 21:15:19 -0700]/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx/[From "Tony Gagliardi" <tgag@cox.net>][Date Wed, 16 Apr 2008 21:15:19 -0700]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Identities\{DFF16927-88E6-4EAA-A097-460B7E65289B}\Microsoft\Outlook Express\Sent Items.dbx MailMSOutlook5: suspicious - 4 skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tony G\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tony G\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony G\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tony G\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tony G\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security\Trusted.dat Object is locked skipped
C:\SDFix\backups\backups.zip/backups/npqtsrak.exe Infected: Trojan.Win32.Vapsup.eeg skipped
C:\SDFix\backups\backups.zip/backups/pmsoarbf.dll Infected: Trojan.Win32.Vapsup.eef skipped
C:\SDFix\backups\backups.zip/backups/qtvglped.dll Infected: Trojan.Win32.Vapsup.eei skipped
C:\SDFix\backups\backups.zip/backups/rtqmekwg.exe Infected: Trojan.Win32.Vapsup.eee skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP5\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\fb_392.lck Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
********************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:15, on 2008-04-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Turnabout Options... - {1C1CB5F8-D5A3-4FD9-876C-ECD2BDA32716} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -
http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 8283837176O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 207.68.160.190 194.25.2.129 208.67.222.222 207.68.160.190 194.25.2.129 208.67.222.222
O18 - Protocol: data - {038664DA-5BA5-47FC-88D9-15ADE940ED55} - (no file)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Winferno Subscription Service - Capital Intellect Inc - C:\Program Files\Common Files\Winferno\WSS\WSS.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 8302 bytes