Options
CH - help pls
Hi.. My laptop has slower to a crawl...
Thanks in advance !!!
ran thru the sticky and here we go:
Hijack log:
VIRUS logs
Logfile of HijackThis v1.99.1
Scan saved at 4:36:04 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Funk Software\Proxy Host\phsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\windows\system32\fxssvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\RAFC24.EXE
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BatteryBar\batterybar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BatteryBar] C:\Program Files\BatteryBar\batterybar.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148000087599
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultraclear.local
O17 - HKLM\Software\..\Telephony: DomainName = ultraclear.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ultraclear.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ultraclear.local
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\phsvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
Incident Status Location
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Spyware:Spyware/Redhotnetworks Not disinfected C:\Program Files\hijackthis\backups\backup-20050626-210300-336.inf
Dialer:Dialer.HOI Not disinfected C:\Program Files\hijackthis\backups\backup-20050626-210300-443.inf
Adware:Adware/Lop Not disinfected C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-729773959-131056040-4081488229-500\Dc34\clive@atwola[1].txt
Spyware:Cookie/Kount Not disinfected C:\RECYCLER\S-1-5-21-729773959-131056040-4081488229-500\Dc34\clive@kount[1].txt
BitDefender Online Scanner
Scan report generated at: Mon, Nov 27, 2006 - 01:46:00
Scan path: C:\;D:\;
Statistics
Time
03:52:23
Files
661416
Folders
6893
Boot Sectors
2
Archives
9108
Packed Files
68968
Results
Identified Viruses
8
Infected Files
18
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
18
Engines Info
Virus Definitions
319132
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Deleted
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Deleted
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.CO
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Deleted
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Deleted
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Disinfection failed
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Detected with: Application.Adware.NewDotNet.A
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Disinfection failed
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Detected with: Application.Adware.NewDotNet.C
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Disinfection failed
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Infected with: Trojan.Clicker.VB.EG
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Infected with: Dropped:Trojan.Clicker.Vb.LA
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Infected with: Trojan.Clicker.VB.EG
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2
Update failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.CO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Deleted
Thanks in advance !!!
ran thru the sticky and here we go:
Hijack log:
VIRUS logs
Logfile of HijackThis v1.99.1
Scan saved at 4:36:04 PM, on 11/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\System32\ACS.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Funk Software\Proxy Host\phsvc.exe
C:\windows\system32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\windows\system32\fxssvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\RAFC24.EXE
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Funk Software\Proxy Host\phtray.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BatteryBar\batterybar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\cidaemon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\hijackthis\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [ProxyHostTrayIcon] "C:\Program Files\Funk Software\Proxy Host\phtray.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BatteryBar] C:\Program Files\BatteryBar\batterybar.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/setup.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://ultraclear-dc:4343/officescan/console/ClientInstall/RemoveCtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148000087599
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ultraclear.local
O17 - HKLM\Software\..\Telephony: DomainName = ultraclear.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ultraclear.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ultraclear.local
O20 - Winlogon Notify: WgaLogon - C:\windows\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: Proxy Host Service (ProxyHostService) - Funk Software, Inc. - C:\Program Files\Funk Software\Proxy Host\phsvc.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
Incident Status Location
Adware:Adware/Lop Not disinfected C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Spyware:Spyware/Redhotnetworks Not disinfected C:\Program Files\hijackthis\backups\backup-20050626-210300-336.inf
Dialer:Dialer.HOI Not disinfected C:\Program Files\hijackthis\backups\backup-20050626-210300-443.inf
Adware:Adware/Lop Not disinfected C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-729773959-131056040-4081488229-500\Dc34\clive@atwola[1].txt
Spyware:Cookie/Kount Not disinfected C:\RECYCLER\S-1-5-21-729773959-131056040-4081488229-500\Dc34\clive@kount[1].txt
BitDefender Online Scanner
Scan report generated at: Mon, Nov 27, 2006 - 01:46:00
Scan path: C:\;D:\;
Statistics
Time
03:52:23
Files
661416
Folders
6893
Boot Sectors
2
Archives
9108
Packed Files
68968
Results
Identified Viruses
8
Infected Files
18
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
18
Engines Info
Virus Definitions
319132
Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Idol Sect Bags Beep\Vc each.exe
Deleted
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\Else clock\test tons.exe
Deleted
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.CO
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\xxxOpendefy\Rdr Trans Body.exe
Deleted
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Disinfection failed
C:\Documents and Settings\clive\Application Data\xxxOpendefy\rvkcackf.exe
Deleted
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Disinfection failed
C:\Program Files\hijackthis\backups\backup-20060126-202128-156.dll
Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Detected with: Application.Adware.NewDotNet.A
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Disinfection failed
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\4BDCDE3F-55BD-4012-8921-7E18BB
Deleted
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Detected with: Application.Adware.NewDotNet.C
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Disinfection failed
C:\Program Files\Microsoft AntiSpyware\Quarantine\FCE7633D-7503-4498-8287-FE5274\6C33639E-E468-440D-B840-24108A
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Infected with: Trojan.Clicker.VB.EG
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Chatter.Email.v1.0.for.Treo600-650.PalmOS.Cracked-TBEPDA.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Infected with: Dropped:Trojan.Clicker.Vb.LA
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)=>crack-inf.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Dc22.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Infected with: Trojan.Clicker.VB.EG
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Disinfection failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)=>installer.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\Initiate.v2.01.for.Treo.600.650.PalmOS.Cracked-TBEPDA.RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB0
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB1
Update failed
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)=>Setup.exe
Infected with: Win32.Worm.VB.DW
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)=>Setup.exe
Deleted
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2=>(Quarantine-4)
Updated
C:\Program Files\Trend Micro\Client Server Security Agent\Backup\T-202477-DateBk5 5.4a (3).RB2
Update failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307101.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307102.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Infected with: GenPack:Trojan.Downloader.Swizzor.CO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307103.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Infected with: GenPack:Trojan.Swizzor.HJ
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307104.exe
Deleted
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Infected with: GenPack:Trojan.Downloader.Swizzor.BO
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Disinfection failed
C:\System Volume Information\_restore{2B0240B6-C603-4D0D-A4EC-23F994D18860}\RP770\A0307105.dll
Deleted
0
Comments
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
Ace DivX Player
ACT!
ACT! ® 2005
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
ALPS Touch Pad Driver
Atheros Client Utility
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Battery Bar
Camfrog IE Toolbar 1.0
CD/DVD Drive Acoustic Silencer
CleanUp!
Color Network ScanGear Ver.1.3
CoreVorbis Audio Decoder (remove only)
Digital Camera
DivX Codec 3.1alpha release
Documents To Go
Documents To Go
DVD-RAM Driver
Easy Button
Filzip 3.02
Flickr Uploadr 2.3
FreshFTP
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp LaserJet 3300 Uninstaller
Icatch(IV) Camera Driver
Image Resizer Powertoy for Windows XP
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD for Toshiba
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_04
JMeeting.com
Kaspersky Online Scanner
LimeWire 4.9.30
LV-10
Macromedia Flash Player 8
Messenger Beta
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Location Finder
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2005
Microsoft Office Standard Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Outlook Personal Folders Backup
Microsoft Streets & Trips 2006
mIRC
Pacific Poker
Palm Desktop
palmOne
PalmSource Package Installer 1.5
Panda ActiveScan
PaperlessPrinter version 3.0
PartyPoker
PC Backup Free Trial
Pervasive System Analyzer
Pervasive.SQL Workgroup v8.70
Post-it® Software Notes Lite
PrintDeskTop
Proxy Host
QuickTax 2004
QuickTax 2005
QuickTime
QV-AutoCam v1.8
RealPlayer
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Registry Mechanic 5.2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.1
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
Touch and Launch
TouchPad On/Off Utility
Trend Micro Client/Server Security Agent
Tri-Peaks Solitaire To Go
TweakNow RegCleaner
TwistedBrush
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
V.M.C. 2.20
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinZip
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v6
Yahoo! Toolbar for Internet Explorer
PC Backup Free Trial
Uniblue Registry Booster
V.M.C. 2.20
multiple entries of DOCS to GO looks strange as well..